Permissions on installed files too restrictive. umask issue? #7430

Closed
martinburger opened this Issue Sep 5, 2011 · 29 comments

Projects

None yet

10 participants

@martinburger

As regular (as in not an Administrator) user, I cannot run commands installed via Homebrew, as file permissions are too restrictive. For instance:

drwxr-x---  3 admin  admin   102 Sep  2 11:12 Cellar
drwxr-x---  7 admin  admin   238 Sep  2 11:12 Library

A full description of the issue can be found at http://apple.stackexchange.com/questions/23961/homebrew-permission-issues.

It seems this is caused by my umask settings:

admin$ umask
0027

After running umask 0000 and reinstalling Homebrew, regular users can run all commands.

Note: that issue in MacPorts could be related: http://trac.macports.org/ticket/21389

@jacknagel

I don't know if there is a bug here. 0027 is a pretty restrictive umask (0022 is pretty standard, no?). Even stuff in /bin and /usr/bin is o+rx.

Though if we find that the change to using the admin group is causing problems for a lot of users, then we might have to go back to staff.

@mxcl
Member
mxcl commented Sep 5, 2011

We don't support /usr/local installs for non-admin users. Can you describe your install more? Do you brew install with the admin user or the non-admin user?

We can force everything to be installed o+rx too, however it seems to me we should respect the user’s umask, which suggests that this isn't a bug.

@martinburger

In my humble opinion, it is Homebrew's responsibility to set proper permissions on the installed files. The guys at MacPorts solved this issue by setting a reasonable umask at startup, see http://trac.macports.org/changeset/59585 for details. At least, Homebrew should issue a warning if the user's umask is too restrictive.

I use that restrictive umask for security reasons on all of my machines, as new files and dirs should not be readable by all users by default. However, when installing files and programs in /usr/local, I think the intention is pretty clear: to make new programs and libraries available to all users. Thus, in this case it would be okay to "disobey" the user's umask, as it is done by MacPorts.

Regarding my install: I executed /usr/bin/ruby -e "$(curl -fsSL https://raw.github.com/gist/323731)" after doing a su - admin (I am a Standard user, while user admin is an Administrator). Thus, I installed Homebrew as Administrator.

@mxcl
Member
mxcl commented Sep 5, 2011

Do you brew install with the admin user or the non-admin user? What is the umask of both?

@martinburger

Oh, sorry, I did brew install as user admin who is an Administrator - after doing su - admin as regular user. The admin's umask is

admin:~$ umask
0027
@mxcl
Member
mxcl commented Sep 5, 2011

Homebrew isn't really an all user PM. Macports is. But I'll think on it. Maybe other people have opinions?

@ingmar
ingmar commented Sep 5, 2011

Seems it's an easy fix (umask 022 before installing) for a pretty reasonable and perhaps not uncommon scenario (admin user installing software for non-admin users).

It also stands to reason that since homebrew by default installs software into a system wide place (/usr/local), it should install things that are usable by all users on the system. Or if it's really aimed at individuals, go live in ~/.brew ;-)

@mxcl
Member
mxcl commented Sep 5, 2011

Yes I agree that if it's installed to /usr/local we could assume o+xr, the thing is, we don't install sudo, so it's not really safe, or is it ok?

@ingmar
ingmar commented Sep 5, 2011

Since the files would be owned by the admin user who installed them, umask 022 would mean only that user can write them, so it should be just fine. In fact forcing the umask to 022 on installation would fix a security flaw in cases where someone has set theirs to 002 or 000 during brew install.

There are some minor issues with this, such as having to remember to always use the same admin user to install things and making any of the profile changes brew suggests on either a global level or for all involved users.

@ukrutt
ukrutt commented Oct 30, 2011

I don't think I understand what is the "best practice" for installing homebrew in my case. My "normal" user does not have admin / sudo rights; for that I have created a separate user. My thinking was that I'd install homebrew itself with the admin user, but that I'd be able to install packages with brew under /usr/local/ with my normal user. Is this thinking wrong? I would actually be happy with install ing individual packages also with my admin user, as long as I can use them with the normal user, of course.

@edwardsmit

Did a clean install of Lion today. Also using an admin and a regular user. The umask of the admin is 022 without any modification by me.

@mxcl
Member
mxcl commented Jan 14, 2012

The choice of /usr/local is so that things work, because c-based build systems only look in /usr and /usr/local by default. Other choices are a lot more work, and things will just not work for weird reasons.

This is not to say that we shouldn't have a different umask for the install, just explaining why ~/brew is not the default.

@mxcl
Member
mxcl commented Feb 28, 2012

What I don't understand about this report is that we already change the permissions of all installed executables to 0555. So how are you not able to run stuff?

Possibly it's only specific to things that skip_clean in the formula DSL.

@mxcl mxcl was assigned Apr 18, 2012
@MikeMcQuaid
Member

This seems to not really be actionable. Close?

@tsuna
tsuna commented Aug 20, 2012

I just installed Home Brew on a fresh Mountain Lion install. My umask is also more restrictive than default (066), and it causes Home Brew to install everything in such a way that other users can't use installed files. I understand Home Brew is mostly geared towards single users, but being able to at least use packages installed by Home Brew with other users seem to be only one "umask 022" change away.

Can we change Home Brew to execute umask(022) before doing anything?

@adamv
adamv commented Aug 21, 2012

@tsuna Is this a work computer under management?

@tsuna
tsuna commented Aug 21, 2012

It's not "under management".

@MikeMcQuaid
Member

I'm closing this; it's a user setup issue that we don't seem to be interested in working around and we behave like any other Unix command here. Other contributors: feel free to reopen.

@MikeMcQuaid MikeMcQuaid closed this Sep 4, 2012
@mxcl
Member
mxcl commented Sep 4, 2012

We should so this, I'm just waiting for someone to explain why it doesn't already happen as per my comment above.

@mxcl mxcl reopened this Sep 4, 2012
@MikeMcQuaid
Member

I'm guessing because our permission setting isn't global whereas umask affects everything forked from that process.

@mxcl
Member
mxcl commented Sep 13, 2012

Here's the code:

def clean_file_permissions path
  perms = if path.mach_o_executable? || path.text_executable?
    0555
  else
    0444
  end
  path.chmod perms
end

This runs over everything in prefix/bin.

@jacknagel

The OP has a umask of 0027, so we end up with executables that are 0550 and non-executables that are 0440.

(right?)

@jacknagel

Or is it just intermediate directories that the brew tool creates?

@jacknagel

Ahh...

$ umask 0027
$ mkdir /tmp/foo
$ ls -ld /tmp/foo
drwxr-x---  2 jacknagel  wheel  68 Sep 13 17:12 /tmp/foo
$ umask 0022
$ mkdir /tmp/bar
$ ls -ld /tmp/bar
drwxr-xr-x  2 jacknagel  wheel  68 Sep 13 17:14 /tmp/bar
@mxcl
Member
mxcl commented Sep 13, 2012

Okay, so the problem is that the Cellar and keg directories don't have o+rx, even though the bin files we create do? Should be easy to fix then without having to set a umask for the whole process.

Update: and we'd have to make sure directories created by Keg.link have go+ permissions too.

@elmimmo
elmimmo commented Dec 14, 2012

In my computer, running Mac OS X 10.7.5, all users have a custom default umask 077 set in /etc/launchd-user.conf.

I just installed Homebrew with my user, an admin, and all it created under /usr/local/ (that did not exist before) is seemingly honoring those permissions (700, or 600 for non-executable).

After that I installed brew install git. git's symlinks at /usr/local/bin/ is still 700, even if the linked file from /usr/local/bin/Cellar/git/1.8.0.2/bin/ (and all other stuff there) is 555.

I am not certain what the ideal scenario is. I do not know if non-admins should be able to run brew (I still have to find what one can use it for besides installing), but I do think all users should be able to run programs installed by it if it is on a shared path such as /usr/local/.

@MikeMcQuaid
Member

I do think all users should be able to run programs installed by it if it is on a shared path such as /usr/local/.

Then change the umask you use when you install things using Homebrew.

@MikeMcQuaid
Member

If this is easy to fix can someone either a) do it or b) tell me how to do so? Want to get this closed.

@adamv
adamv commented Mar 13, 2013

Closing, but will review a pull request with a proposed change that references this issue.

@adamv adamv closed this Mar 13, 2013
@xu-cheng xu-cheng locked and limited conversation to collaborators Feb 16, 2016
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.