WelcomeWelcome | FAQFAQ | DownloadsDownloads | WikiWiki

Author Topic: /usr/local/tce.* ownership and perms  (Read 10008 times)

Offline Kingdomcome

  • Sr. Member
  • ****
  • Posts: 281
/usr/local/tce.* ownership and perms
« on: October 15, 2009, 10:52:19 AM »
What are the proper Owner, Group, and Perms for the /usr/local/tce.* dirs and contents?  I was under the impression that the dirs should be 775 1001:50, menu and icon items should be 644 1001:50 and post-install scripts would be 755 1001:50.  But I see in TC booted base norestore that the dirs are 775 0:50.  Since these setting have become more critical in 2.4, I would like to have a difinitive answer on this.  TIA  ;D

Offline Jason W

  • Administrator
  • Hero Member
  • *****
  • Posts: 7321
Re: /usr/local/tce.* ownership and perms
« Reply #1 on: October 15, 2009, 01:57:31 PM »
I see in the unzipped tinycore.gz directories that are 755 and 775.  Both should be fine. 

As for /usr/local/tce.menu,tce.icons,tce.installed the ownership should be tc:staff with 775 or 755 perms.  The audit script checks for ownership of those dirs.  Tce.installed is naturally the most critical.

775 may be more ideal since TC is multiuser, correct me if I am wrong.

Offline Jason W

  • Administrator
  • Hero Member
  • *****
  • Posts: 7321
Re: /usr/local/tce.* ownership and perms
« Reply #2 on: October 15, 2009, 08:12:41 PM »
Confirmed.   Please make /usr/local/tce.installed with tc:staff ownership and 775 permissions.

Offline Jason W

  • Administrator
  • Hero Member
  • *****
  • Posts: 7321
Re: /usr/local/tce.* ownership and perms
« Reply #3 on: October 16, 2009, 03:01:25 AM »
Actually, the original permissions of those directories is root:staff ownership and 775 perms.

So I will update the extension audit script, and please make the /usr/local/tce.* directories root:staff, 775.

Offline Juanito

  • Administrator
  • Hero Member
  • *****
  • Posts: 6568
Re: /usr/local/tce.* ownership and perms
« Reply #4 on: October 16, 2009, 03:11:11 AM »
..but doesn't tce.installed need to be tc:staff, i.e.

tce.icons - root:staff
tce.installed - tc:staff
tce.menu - root:staff

Offline Jason W

  • Administrator
  • Hero Member
  • *****
  • Posts: 7321
Re: /usr/local/tce.* ownership and perms
« Reply #5 on: October 16, 2009, 04:12:55 AM »
As set up by tc-config, they all 3 are root:staff 775.   The staff group and the rwx perms for group make them accessible by all group staff. 

Offline mikshaw

  • Sr. Member
  • ****
  • Posts: 368
Re: /usr/local/tce.* ownership and perms
« Reply #6 on: October 16, 2009, 04:15:00 AM »
775 on a directory owned by 0:50 is essentially no different for user tc:staff than 755 on a dir owned by 1001:50.  The only different thing I can see is that user tc can't remove the directory if he doesn't own it, which shouldn't be an issue considering that particular directory shouldn't be removed.

Offline Jason W

  • Administrator
  • Hero Member
  • *****
  • Posts: 7321
Re: /usr/local/tce.* ownership and perms
« Reply #7 on: October 16, 2009, 04:45:09 AM »
In and of itself, "tc:staff 755" owner/perms of tce.installed would be fine.  But for our present extension loading to work properly, the tce.installed directory needs to be group staff with 775 perms.  Owner can be either root or tc.  Using 755 perms with ownership tc:staff in extensions for tce.installed will cause problems once extensions containing that directory are loaded.  

EDIT:  The plan is then to preserve the original owner/perms of the /usr/local/tce.* directories (root:staff with 775 perms).
« Last Edit: October 16, 2009, 05:31:18 AM by Jason W »

Offline Kingdomcome

  • Sr. Member
  • ****
  • Posts: 281
Re: /usr/local/tce.* ownership and perms
« Reply #8 on: October 16, 2009, 06:14:02 AM »
I understand that a different combination of permissions will achieve basically the same goal. The purpose of this question was to get a definitive answer that could be mentioned in the extension creating thread and wiki.
Although tc-config sets up the /usr/local/tce.* dirs as 775 0:50, looking in /usr/bin/tce-setup, it appears that IF tce-setup is used (which it is during boot time loading of extensions if the bootcode base is not used) that ownership of /usr/local/tce.installed is given to $USER:staff before extensions are loaded. If tce-load is called separately (as it is during run time) the ownership will not be changed. This appears to be a possible inconsistency in the base.
Some clarification on the ownership and permissions of the files that could be placed in each of the /usr/local/tce.* dirs would be welcome as well.
Thanks for your input so far and I hope we can get this figured out soon. :)

Offline Jason W

  • Administrator
  • Hero Member
  • *****
  • Posts: 7321
Re: /usr/local/tce.* ownership and perms
« Reply #9 on: October 16, 2009, 06:59:44 AM »
tc:staff is fine for /usr/local/tce.installed in extensions, as long as perms are set at 775.  I will audit extensions to either be tc:staff or root:staff with 775 perms on the /usr/local/tce.* directories.  Those ownership/perms will work across all TC versions all of the time. 

Mkdir by default sets perms to 755, so 775 has to be set after the /usr/local/tce.* directories are created.

Offline Jason W

  • Administrator
  • Hero Member
  • *****
  • Posts: 7321
Re: /usr/local/tce.* ownership and perms
« Reply #10 on: October 16, 2009, 08:26:20 AM »
I have been informed /usr/local/tce.* was set to root:staff with 775 perms in base for a reason, so that is the accepted permission for those directories.

I will update the audit script to reflect that.

Do not worry about extensions that already exist in the repo or have just been submitted.  I will deal with those.

Offline Kingdomcome

  • Sr. Member
  • ****
  • Posts: 281
Re: /usr/local/tce.* ownership and perms
« Reply #11 on: October 16, 2009, 10:45:12 AM »
And for the files inside those dirs? I assume:
755 root:staff /usr/local/tce.installed/appname
644 root:staff /usr/local/tce.icons/*
644 root:staff /usr/local/tce.menu/appname

Offline Jason W

  • Administrator
  • Hero Member
  • *****
  • Posts: 7321
Re: /usr/local/tce.* ownership and perms
« Reply #12 on: October 16, 2009, 10:56:42 AM »
Yeah, that should be good.  775 for the startup scripts preferably, and 644 for the other regular files, root:staff owned.
« Last Edit: October 16, 2009, 11:36:47 PM by Jason W »

Offline Kingdomcome

  • Sr. Member
  • ****
  • Posts: 281
Re: /usr/local/tce.* ownership and perms
« Reply #13 on: October 17, 2009, 04:48:10 AM »
775 for scripts, roger.  thanks for getting this sorted out, standardizing these setting will hopefully avoid any problems and possible changes to extension loading in the base.  I will take a look at updating the extension creation wiki in the next couple days.

Offline mikshaw

  • Sr. Member
  • ****
  • Posts: 368
Re: /usr/local/tce.* ownership and perms
« Reply #14 on: October 17, 2009, 06:02:38 AM »
Quote
Mkdir by default sets perms to 755, so 775 has to be set after the /usr/local/tce.* directories are created.
Unless you do mkdir -m 775