Spirion Forum
Forum Home Forum Home > Feature Requests > EndPoint for Mac
  New Posts New Posts RSS Feed - Postinstall/upgrade permissions
  FAQ FAQ  Forum Search   Register Register  Login Login

Postinstall/upgrade permissions

 Post Reply Post Reply
RITJeremy View Drop Down

Joined: 21 Dec 2010
Location: Rochester, NY
Status: Offline
Points: 34
Post Options Post Options   Thanks (0) Thanks(0)   Quote RITJeremy Quote  Post ReplyReply Direct Link To This Post Topic: Postinstall/upgrade permissions
    Posted: 14 Jun 2011 at 2:01pm
The most recent (April 2 timestamps) version of postinstall and postupgrade in the IDF packaging scripts are explicitly setting ownership and permission for the entire app bundle. You are currently setting folders within the app bundle to 775 (which is different from the typical 755), files to 644 (which is normal), and executables to 775 (again, different from the typical 755).

I ask about this because you are setting up these permissions to be less restrictive than normal. Any account with administrator privileges could modify the files set to 775, where they would have less privilege were the same directories/files set to 755.

I am curious what problem is being solved or worked around by the new section of these scripts, so that I may better understand whether we want to carry through the same permissions in our environment. If there is no specific problem you are attempting to address, I'd like to request that the application directories and files be left with the typical default permissions of 755/644, which are more restrictive than what the script sets.

The changed permissions also differ from the 755/644 permissions set for the application on your downloadable disk image. The permissions on the disk image are generally more restrictive and more in line with what I'd expect for an application bundle.


The new section I'm referring to is:

    # Set the app to 775
echo "Setting permissions 775 for $appPath.";
    chmod 775 "$appPath";
    # Set all directories contained in app to 775.
echo "Setting permissions 775 for all directories contained in $appPath.";
    find "$appPath" -type d -exec chmod 775 {} \;
    # Set all files contained in app to 664.
echo "Setting permissions 664 for all files contained in $appPath.";
    find "$appPath/Contents/Resources" -type f -exec chmod 664 {} \;
    # Set all executables to 775.
    chmod 775 "$appPath/Contents/MacOS/Identity Finder";
    chmod 775 "$appPath/Contents/Resources/English.lproj/EndpointService";
    chmod 775 "$appPath/Contents/Resources/English.lproj/fileperms.sh";
    chmod 775 "$appPath/Contents/Resources/English.lproj/IDFLogFix";
    chmod 775 "$appPath/Contents/Resources/English.lproj/idflogconv.sh";
echo "Error $appPath does not exist.";

Back to Top
 Post Reply Post Reply
  Share Topic   

Forum Jump Forum Permissions View Drop Down