Posted: Mon Jun 19, 2006 4:36 pm Post subject: Small request for Neo 2.0.x build
I think this is for Patrick or Ed:
I was wondering if it was possible to change the permissions for the: NeoOffice.app/Contents/share/config directory?
At the moment, NeoOffice has it set for 555, while OOo for Mac has it at 755. The sad result for me is I have to ship a rather complicated fix for Office Themer (a.k.a NeoIconer) to let the program get at the toolbar icons.
The reason that OOo is 755 is that OOo is a single-user install. In contrast, NeoOffice is a multi-user install. Consequently, I set the own to root and the permissions to read-only so that one user's NeoOffice process doesn't overwrite shared settings that causes NeoOffice to crash or get messed when another user on the same machine runs NeoOffice.
I very reluctant to make this folder writable by all. I assume that your installation already is running as admin since you are overwriting other read-only image files. So, I would suggest that you look my how my installer does in the same situation in the neojava/etc/postflight script (the script is also buried in the Contents/Resources/postflight file with the NeoOffice.pkg installer that I ship). In that script, a temporarily chmod a directory to be writable, do my copying, and then chmod the directory to read only again.
Sadly, that technique wouldn't be trivial for me, as Office Themer needs access that directory every time it runs. That means I either need to password people every time (annoying) or add code to safely encrypt/store the password (which gets me into the security business, and that I don't want to be in.)
I guess for the moment, I'll just leave the fix in place, that way the only people putting themselves at risk are the people using Office Themer.
Sadly, that technique wouldn't be trivial for me, as Office Themer needs access that directory every time it runs. That means I either need to password people every time (annoying) or add code to safely encrypt/store the password (which gets me into the security business, and that I don't want to be in.)
If you are worried about annoyance, the NeoOffice patch installer asks for the password as well every time so you always can blame me.
Serious though, I forgot that you don't even need to do the chmod'ing if you use the pax command to unzip your contents. When run as root, pax while automatically handle the read-only directory issue.
Yeah, it's really not going to do it. The first thing I do is make a local copy of the original image.zip file in that folder (which keeps it safe as long as the program is intact.) Then, whenever the program is run, it replaces the existing images.zip file.
But, as I said, I already have the fix, so I'll just keep telling people to use it (it just opens up the permissions on that directory without people having to know how to chmod or even where the Terminal is...)
Also, don't rely on the permissions set by TeamOOo to be authoritative (or even correct). A couple of years ago there was a big to-do about locking down the permissions for one hierarchy in the app folder as a security measure on Unix-like platforms, and Ed's and Terry's and Kevin's OOo builds dutifully included these restrictive permissions. Once Team OOo took over building, the permissions were back to the old ones (world-writeable, IIRC) and even though I reported the bug, they never did fix it AFAIK....
Smokey _________________ "[...] whether the duck drinks hot chocolate or coffee is irrelevant." -- ovvldc and sardisson in the NeoWiki
personally, as a user, ask me for my password. i feel better when i get asked for my password, because it means that there is a level of security there, and i am making the choice to do something.
annoying? how many times is someone going to change their icons?
annoying? how many times is someone going to change their icons?
This is a development tool. If you were creating a bunch of icons, it might be something you would do several times an hour.
Also, there's no security risk in opening this directory up to Administrative Write privileges, none at all. The risk, apparently, is in crashing the program.
Joined: Apr 21, 2006 Posts: 95 Location: Utah, USA
Posted: Tue Jun 20, 2006 8:01 am Post subject:
Why can't you just prompt for the admin password? As an end user, that is what I'm expecting to happen - not just for stuff to be changed under the scenes.
For example, you can do this:
Code:
osascript -e "do shell script \"./Wish\" with administrator privileges"
From within your application's MacOS directory - integrating that into your application itself is left as an exercise to the reader (basically, just replace "./Wish" with whatever script you need to run as administrator)
You cannot post new topics in this forum You cannot reply to topics in this forum You cannot edit your posts in this forum You cannot delete your posts in this forum You cannot vote in polls in this forum You cannot attach files in this forum You cannot download files in this forum
