Skip to content

Update Setup.pm for clarity about permissions #49

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
dhutty wants to merge 1 commit into
base: master
Choose a base branch
from
Open

Update Setup.pm for clarity about permissions #49

Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
7 changes: 4 additions & 3 deletions lib/Ubic/Admin/Setup.pm
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -291,9 +291,10 @@ sub setup {
my $enable_1777;
if ($is_root) {
print_tty "\nSystem-wide installations usually need to store service-related data\n";
print_tty "into data dir for different users. For non-root services to work\n";
print_tty "1777 grants for some data dir subdirectories is required.\n";
print_tty "(1777 grants means that everyone is able to write to the dir,\n";
print_tty "into various data directories for different users.\n";
Copy link
Owner

@berekuk berekuk Apr 6, 2013

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

(Note: English is not my native language. So I just want you to confirm that there's no ambiguity in your version.)

I'm reading "various data directories" as "one directory per user", which is not what happens. There's /var//lib/ubic/{status,lock,tmp,...}, each of these are 1777.
Am I wrong in my parsing of this sentence? Does saying "various" instead of, for example, "separate", clear things up enough in your opinion?

Copy link
Contributor Author

@dhutty dhutty Apr 6, 2013

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 4/6/13 5:52 AM, Vyacheslav Matyukhin wrote:

@@ -291,9 +291,10 @@ sub setup { my $enable_1777; if ($is_root)
{ print_tty "\nSystem-wide installations usually need to store
service-related data\n"; - print_tty "into data dir for
different users. For non-root services to work\n"; -
print_tty "1777 grants for some data dir subdirectories is
required.\n"; - print_tty "(1777 grants means that
everyone is able to write to the dir,\n"; + print_tty
"into various data directories for different users.\n";

(Note: English is not my native language. So I just want you to
confirm that there's no ambiguity in your version.)

Oh, I know. As a native English speaker who has just a smattering of a
few other languages, I'm always immensely impressed with how well
non-native speakers often learn English.

I'm reading "various data directories" as "one directory per user",
which is not what happens. There's
/var//lib/ubic/{status,lock,tmp,...}, each of these are 1777. Am
I wrong in my parsing of this sentence? Does saying "various"
instead of, for example, "separate", clear things up enough in your
opinion?

That was exactly why I wanted to eliminate "for different users".

Hm, it seems that github's 'edit in place' chewed up some of my
changes here. In order to be both correct and clear, I think it should
read something like:

System-wide installations usually need to store service-related data
in various data directories. In order for services that are not
running as root to work, those directories need to be accessible such
as with permissions mode 1777. (1777 means that everyone is able to
read and write to the directory but the 'sticky bit' is set so only
the file owner is able to modify or delete files)

Duncan Hutty
http://www.allgoodbits.org
-----BEGIN PGP SIGNATURE-----
Version: GnuPG/MacGPG2 v2.0.17 (Darwin)
Comment: GPGTools - http://gpgtools.org
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/

iEYEARECAAYFAlFgFdoACgkQCFuTFybf1wpPbACfev3hFtXm11GG5DxfOX8uCm8F
KCYAnjZv1w+unm8Ax8rk4SpLLAt23seC
=Wsho
-----END PGP SIGNATURE-----

print_tty "The only way for non-root services to be able to use a system-wide installation\n";
print_tty "is to set permissions for those data subdirectories to 1777.\n";
print_tty "(1777 grants permission so everyone is able to write to the dir,\n";
print_tty "but only file owners are able to modify and remove their files.)\n";
print_tty "There are no known security issues with this approach, but you have\n";
print_tty "to decide for yourself if that's ok for you.\n";
Expand Down