Permissions on installed files too restrictive. umask issue? #7430

Closed
martinburger opened this Issue Sep 5, 2011 · 29 comments

Comments

Projects
None yet
10 participants
Contributor

martinburger commented Sep 5, 2011

As regular (as in not an Administrator) user, I cannot run commands installed via Homebrew, as file permissions are too restrictive. For instance:

drwxr-x---  3 admin  admin   102 Sep  2 11:12 Cellar
drwxr-x---  7 admin  admin   238 Sep  2 11:12 Library

A full description of the issue can be found at http://apple.stackexchange.com/questions/23961/homebrew-permission-issues.

It seems this is caused by my umask settings:

admin$ umask
0027

After running umask 0000 and reinstalling Homebrew, regular users can run all commands.

Note: that issue in MacPorts could be related: http://trac.macports.org/ticket/21389

Contributor

jacknagel commented Sep 5, 2011

I don't know if there is a bug here. 0027 is a pretty restrictive umask (0022 is pretty standard, no?). Even stuff in /bin and /usr/bin is o+rx.

Though if we find that the change to using the admin group is causing problems for a lot of users, then we might have to go back to staff.

Member

mxcl commented Sep 5, 2011

We don't support /usr/local installs for non-admin users. Can you describe your install more? Do you brew install with the admin user or the non-admin user?

We can force everything to be installed o+rx too, however it seems to me we should respect the user’s umask, which suggests that this isn't a bug.

Contributor

martinburger commented Sep 5, 2011

In my humble opinion, it is Homebrew's responsibility to set proper permissions on the installed files. The guys at MacPorts solved this issue by setting a reasonable umask at startup, see http://trac.macports.org/changeset/59585 for details. At least, Homebrew should issue a warning if the user's umask is too restrictive.

I use that restrictive umask for security reasons on all of my machines, as new files and dirs should not be readable by all users by default. However, when installing files and programs in /usr/local, I think the intention is pretty clear: to make new programs and libraries available to all users. Thus, in this case it would be okay to "disobey" the user's umask, as it is done by MacPorts.

Regarding my install: I executed /usr/bin/ruby -e "$(curl -fsSL https://raw.github.com/gist/323731)" after doing a su - admin (I am a Standard user, while user admin is an Administrator). Thus, I installed Homebrew as Administrator.

Member

mxcl commented Sep 5, 2011

Do you brew install with the admin user or the non-admin user? What is the umask of both?

Contributor

martinburger commented Sep 5, 2011

Oh, sorry, I did brew install as user admin who is an Administrator - after doing su - admin as regular user. The admin's umask is

admin:~$ umask
0027
Member

mxcl commented Sep 5, 2011

Homebrew isn't really an all user PM. Macports is. But I'll think on it. Maybe other people have opinions?

ingmar commented Sep 5, 2011

Seems it's an easy fix (umask 022 before installing) for a pretty reasonable and perhaps not uncommon scenario (admin user installing software for non-admin users).

It also stands to reason that since homebrew by default installs software into a system wide place (/usr/local), it should install things that are usable by all users on the system. Or if it's really aimed at individuals, go live in ~/.brew ;-)

Member

mxcl commented Sep 5, 2011

Yes I agree that if it's installed to /usr/local we could assume o+xr, the thing is, we don't install sudo, so it's not really safe, or is it ok?

ingmar commented Sep 5, 2011

Since the files would be owned by the admin user who installed them, umask 022 would mean only that user can write them, so it should be just fine. In fact forcing the umask to 022 on installation would fix a security flaw in cases where someone has set theirs to 002 or 000 during brew install.

There are some minor issues with this, such as having to remember to always use the same admin user to install things and making any of the profile changes brew suggests on either a global level or for all involved users.

ukrutt commented Oct 30, 2011

I don't think I understand what is the "best practice" for installing homebrew in my case. My "normal" user does not have admin / sudo rights; for that I have created a separate user. My thinking was that I'd install homebrew itself with the admin user, but that I'd be able to install packages with brew under /usr/local/ with my normal user. Is this thinking wrong? I would actually be happy with install ing individual packages also with my admin user, as long as I can use them with the normal user, of course.

Did a clean install of Lion today. Also using an admin and a regular user. The umask of the admin is 022 without any modification by me.

Member

mxcl commented Jan 14, 2012

The choice of /usr/local is so that things work, because c-based build systems only look in /usr and /usr/local by default. Other choices are a lot more work, and things will just not work for weird reasons.

This is not to say that we shouldn't have a different umask for the install, just explaining why ~/brew is not the default.

Member

mxcl commented Feb 28, 2012

What I don't understand about this report is that we already change the permissions of all installed executables to 0555. So how are you not able to run stuff?

Possibly it's only specific to things that skip_clean in the formula DSL.

mxcl was assigned Apr 18, 2012

Owner

MikeMcQuaid commented Jul 23, 2012

This seems to not really be actionable. Close?

tsuna commented Aug 20, 2012

I just installed Home Brew on a fresh Mountain Lion install. My umask is also more restrictive than default (066), and it causes Home Brew to install everything in such a way that other users can't use installed files. I understand Home Brew is mostly geared towards single users, but being able to at least use packages installed by Home Brew with other users seem to be only one "umask 022" change away.

Can we change Home Brew to execute umask(022) before doing anything?

Contributor

adamv commented Aug 21, 2012

@tsuna Is this a work computer under management?

tsuna commented Aug 21, 2012

It's not "under management".

Owner

MikeMcQuaid commented Sep 4, 2012

I'm closing this; it's a user setup issue that we don't seem to be interested in working around and we behave like any other Unix command here. Other contributors: feel free to reopen.

MikeMcQuaid closed this Sep 4, 2012

Member

mxcl commented Sep 4, 2012

We should so this, I'm just waiting for someone to explain why it doesn't already happen as per my comment above.

mxcl reopened this Sep 4, 2012

Owner

MikeMcQuaid commented Sep 4, 2012

I'm guessing because our permission setting isn't global whereas umask affects everything forked from that process.

Member

mxcl commented Sep 13, 2012

Here's the code:

def clean_file_permissions path
  perms = if path.mach_o_executable? || path.text_executable?
    0555
  else
    0444
  end
  path.chmod perms
end

This runs over everything in prefix/bin.

Contributor

jacknagel commented Sep 13, 2012

The OP has a umask of 0027, so we end up with executables that are 0550 and non-executables that are 0440.

(right?)

Contributor

jacknagel commented Sep 13, 2012

Or is it just intermediate directories that the brew tool creates?

Contributor

jacknagel commented Sep 13, 2012

Ahh...

$ umask 0027
$ mkdir /tmp/foo
$ ls -ld /tmp/foo
drwxr-x---  2 jacknagel  wheel  68 Sep 13 17:12 /tmp/foo
$ umask 0022
$ mkdir /tmp/bar
$ ls -ld /tmp/bar
drwxr-xr-x  2 jacknagel  wheel  68 Sep 13 17:14 /tmp/bar
Member

mxcl commented Sep 13, 2012

Okay, so the problem is that the Cellar and keg directories don't have o+rx, even though the bin files we create do? Should be easy to fix then without having to set a umask for the whole process.

Update: and we'd have to make sure directories created by Keg.link have go+ permissions too.

elmimmo commented Dec 14, 2012

In my computer, running Mac OS X 10.7.5, all users have a custom default umask 077 set in /etc/launchd-user.conf.

I just installed Homebrew with my user, an admin, and all it created under /usr/local/ (that did not exist before) is seemingly honoring those permissions (700, or 600 for non-executable).

After that I installed brew install git. git's symlinks at /usr/local/bin/ is still 700, even if the linked file from /usr/local/bin/Cellar/git/1.8.0.2/bin/ (and all other stuff there) is 555.

I am not certain what the ideal scenario is. I do not know if non-admins should be able to run brew (I still have to find what one can use it for besides installing), but I do think all users should be able to run programs installed by it if it is on a shared path such as /usr/local/.

Owner

MikeMcQuaid commented Dec 15, 2012

I do think all users should be able to run programs installed by it if it is on a shared path such as /usr/local/.

Then change the umask you use when you install things using Homebrew.

Owner

MikeMcQuaid commented Feb 1, 2013

If this is easy to fix can someone either a) do it or b) tell me how to do so? Want to get this closed.

Contributor

adamv commented Mar 13, 2013

Closing, but will review a pull request with a proposed change that references this issue.

adamv closed this Mar 13, 2013

xu-cheng locked and limited conversation to collaborators Feb 16, 2016

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.