[texhax] Umasks, Permissions, and All That

Thomas Schneider schneidt at mail.nih.gov
Fri Jul 12 19:34:22 CEST 2013


Dick:

> One final message and I promise to shut up for at least a week.

Ok!!

> First, thanks for raising this issue, and then a thousand thanks for
> sticking with us until we understood what happened!
> 
> In another message, you report that your shell startup script sets
> umask to 077. Thus my "Aha" message from last night at 3 AM explains
> what happened to you.
> 
> The message you responded to below is obsolete, and I've kept
> only a couple of sentences. You demolish some of my assertions, but last night
> at 3 I demolished the entire theory!
> 
> >> But for the first time
> >> this year, I added a final twist with the internet version. The new
> >> Apple software to make install packages has a button labeled "Use
> >> Apple's Recommended Permissions" and I pushed that button.
> > 
> > But what are those "Recommended Permissions"?
> 
> Most Unix experts I know have very strong theories on Unix permissions.
> Sadly, they don't always agree. When I discovered that Apple's recommendations
> didn't quite agree with the behavior of the TeX Live script, I ran the differences
> by Karl Berry, who knows a lot. He told me the differences were not
> significant. So for the internet version I'll continue to use Apple's
> recommended permissions. It may be that the only difference is that
> symbolic links get full permissions (but the programs they link to have
> standard permissions).

I don't know from your messages what Apple recommends, but my bet is
that it is drwxr-xr-x for directories in /usr/local.

> ---------------------------
> 
> The key remaining question is whether our install package should
> reach in an fix permissions.

I am pretty clear at this point that it should make sure that the
permissions are drwxr-xr-x in /usr/local/texlive.

> I'm going to let that simmer for several weeks.
> There are several subquestions:
> 
> a) Since we just installed the 2013 directory and its contents, we could
> fix those permissions quite easily. One or two users might notice and
> be unhappy, but since TeX wouldn't work without the change …

Why would a user install a publically available package in /usr/local
and NOT want anyone but root to be able to access it?  That doesn't
make any sense.

> b) On new installs, the tree texmf-local is also created in /usr/local/texlive.
> But this tree is empty, with just folders. If the tree already exists, it isn't
> touched because it exists for user additions to TeX. Should we change
> permissions on this tree. That's trickier because those permissions
> may have been deliberate user actions.

If you create the directory, set it to drwxr-xr-x.  If it is there
already, leave it alone.

> c) Should we fix /usr/local permissions for users who set this to
> 
> 	drwx------
> 
> That's VERY controversial.

Only change /usr/local/texlive to be drwxr-xr-x.

> If I had to guess now, I'd guess that we would decide NOT to fix any
> permissions, but to tell users how to fix them if they run into trouble.

I haven't seen any good arguments to allow /usr/local/texlive to be
anything other than drwxr-xr-x.

Again, this happened because sudo inherited MY PERSONAL SETTINGS and
passed those to the texlive install script.  Those settings are NOT
appropriate for a package availabe to the entire system.

Tom

  Thomas D. Schneider, Ph.D.
  Senior Investigator
  National Institutes of Health
  National Cancer Institute
  Center for Cancer Research
  Gene Regulation and Chromosome Biology Laboratory
  Molecular Information Theory Group
  Frederick, Maryland  21702-1201
  schneidt at mail.nih.gov
  http://schneider.ncifcrf.gov/(current link)
  http://alum.mit.edu/www/toms (permanent link)


More information about the texhax mailing list