Welcome to NeoOffice developer notes and announcements
NeoOffice
Developer notes and announcements
 
 

This website is an archive and is no longer active
NeoOffice announcements have moved to the NeoOffice News website


Support
· Forums
· NeoOffice Support
· NeoWiki


Announcements
· Twitter @NeoOffice


Downloads
· Download NeoOffice


  
NeoOffice :: View topic - Program permissions
Program permissions
 
   NeoOffice Forum Index -> OpenOffice.org X11 Testing
View previous topic :: View next topic  
Author Message
Viktor
Blue Pill


Joined: Aug 04, 2003
Posts: 2
Location: Germany

PostPosted: Mon Aug 04, 2003 6:19 am    Post subject: Program permissions

Hello everybody,

I try to put OOo 1.0.3 on our public Macs at university, and I'm worried about the permissions. After installation, all program directories and even the programs themselves are o+x (other-writable), which doesn't seem to be appropriate for public machines. Everybody could save whatever he wants in the directories, and he could even replace the program with, say, a trojan.

I played a little bit around with the other-writable-flag, and I found out that the help immediately crashes when the "help/"-directory is not other-writable. Maybe the help should better use /tmp or the user's directory for writing files? The Linux version of OOo - which is running on our public Linux boxes - doesn't need any set other-writable flag at all.

Furthermore, I was surprised to see that the more I changed the directories' permissions, the longer it takes OOo to start. From five seconds to twenty minutes, everything is possible. And the next start (without any changes made) takes always about fifteen seconds later than the last one. I'm using a 400 MHz G4, MacOS 10.2.6 and Apple's X11. I also tried XDarwin and a faster Mac, with the same results.

I've already posted a very small note concerning this in the ooodocs.org forum, deep buried in a thread. As that forum now seems to be down, forgive me for opening a new thread here.

Thank you and have a nice day,
Viktor.
Back to top
OPENSTEP
The One
The One


Joined: May 25, 2003
Posts: 4752
Location: Santa Barbara, CA

PostPosted: Mon Aug 04, 2003 9:47 pm    Post subject:

On opening a new thread, no worries. I'm theoretically in charge of OOoDocs, so you should be blaming me Sad

As to install permissions on OS X, I'll be the first to admit that it can definitely be better then what it is. Several directories are given "other" write permission upon install. This is due somewhat towards our (well, since there are only two of us and I've been doing installs, my...) bias towards "single-user" environments. I hadn't received any multi-user feedback until our final beta release when I realized it was completely hosed for multiple user accounts Shocked

That said, if startup times are the only issue, I'd personally like to try to restrict the permissions more then they already are, especially for multi-user install environments in places where potentially "unprivileged" users may have write access.

The most immediate change you may wish to effect (esp. if you're a Unix sysadmin) is to adjust the permissions on the "./user" directory of an install. IIRC, right now this directory is chmodded 777 upon initial installation from an admin account. It is assumed it is user writable by any account when it is cp'd into ~/Library/Preferences, so I assume it's chmoded 777 by the install scripts.

The essential functionality of the ./user directory is to provide a foundation off of which each user can generate their own preferences. I believe the initial multi-user patch (e.g. making a "single-user" install compatible and self-correcting for multiple users) used 777 permissions. For security purposes, the ./user directory put on the system by the installer should really be a 644 style TAR file that is untarred from each individual user account.

The help directory permissions change causing help to futz up is disturbing. You're dead on that it should be using /tmp, or /var/tmp, or somewhere else. This is a new permissions bug for me. I shall investigate as time permits Smile Ideally nothing in the OOo install directory should require anything above 644 permissions.

ed
Back to top
Viktor
Blue Pill


Joined: Aug 04, 2003
Posts: 2
Location: Germany

PostPosted: Tue Aug 05, 2003 10:43 am    Post subject:

Thank you for your answer!

After a lot of testing, I think it's the English help module which causes the problems... I found out that only the local admin user suffered the long OOo starting time. Both our normal users (NFS-networked home directories) and a local test user without admin permissions could start OOo without problems.

BUT... I installed the German localization *and* I copied the German help system from a SuSE 8.2 (?) Linux box, deleting the help/en dir and creating a symlink help/en->help/de where I copied the help. The effect was amazing: Not only *everybody* is able to start OOo in an acceptable time, but also I was able to unset the other-writable flag in the whole help/ dir, and the help works!

If I can help in making OOo more multi-user-friendly, let me know... for a first idea, I think the user/config/registry/instance/org/openoffice/Office/Common.xml file should be modified instead of just copied... especially the paths should point to the user's user/ dir, not to the general (template) one in the program dir... or OOo should take the user's dir as default instead of the general one when not finding anything explicit in Common.xml. Anyway, when the general user/ dir is used, you'll run into problems taking its other-writable flag away...

Greetings, Viktor.
Back to top
OPENSTEP
The One
The One


Joined: May 25, 2003
Posts: 4752
Location: Santa Barbara, CA

PostPosted: Tue Aug 05, 2003 8:38 pm    Post subject:

Thanks for the info on the help dir. I had been unaware that permissions on the simple help directory would cause that much slowdown! I'll invetigate when I get downtime Smile This may be something compounding slow launch times experienced by other users as well.

As to the Common.xml file being tweaked instead of copied, yes, you're definitely on the right track. NeoOffice/J is really the one that got the multiuser install right with the XML configuration setting to proper directories. I'm hoping to incorporate some of the tremendous progress Patrick made with multiuser awareness into future releases.

Question for testers and others: should we do a "1.0.3.1" point release? What issues should we try to nail down?

ed
Back to top
pluby
The Architect
The Architect


Joined: Jun 16, 2003
Posts: 11949

PostPosted: Tue Aug 05, 2003 8:51 pm    Post subject:

If you want to tweak your installation to handle the multi-user install, Ed is correct: look at NeoOffice/J as all NeoOffice/J installations are multi-user. It look me quite some time to get the Help files to work correctly.

Unfortunately, I did not port OOo's pretty installer program and I used shell scripts to mimic OOo's user configuration so you may find looking at NeoOffice/J's installation a bit tricky.

However, what you might find interesting is to install NeoOffice/J and compare the following directories and files to your OOo installation to see if there are any obvious differences that you can copy into your OOo installation..

program/bootstraprc
program/setup
help
share/config

Patrick
Back to top
Display posts from previous:   
   NeoOffice Forum Index -> OpenOffice.org X11 Testing All times are GMT - 7 Hours
Page 1 of 1

 
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You cannot download files in this forum

Powered by phpBB © 2001, 2005 phpBB Group

All logos and trademarks in this site are property of their respective owner. The comments are property of their posters, all the rest © Planamesa Inc.
NeoOffice is a registered trademark of Planamesa Inc. and may not be used without permission.
PHP-Nuke Copyright © 2005 by Francisco Burzi. This is free software, and you may redistribute it under the GPL. PHP-Nuke comes with absolutely no warranty, for details, see the license.