[texhax] Aha Moment; umask

Thomas Schneider schneidt at mail.nih.gov
Fri Jul 12 16:35:23 CEST 2013


Dick:

>  I'm sending this to the MacTeX group so they can answer support
> questions. Some people installing from the DVD got a TeX directory with permissions
> 
> 	drwx------
> 
> instead of the expected
> 
> 	drwxr-xr-x
> 
> Karl Berry immediately traced this to an unusual umask setting, but the question
> was where that setting might occur.
> 
> ---------------------------------------------------
> 
> I woke up at 3:00 AM with new insight on installing MacTeX from the
> DVD in 2013.
> 
> In 2012 and earlier, MacTeX on the DVD installed TeX Live by calling
> the TeX Live Install Script from the postflight script in the
> installer. This postflight script runs at the very end of
> installation. It is a shell script, but it is run as root by the
> install package. Thus it knows nothing about the user's choice of a
> default shell or user shell startup scripts.
>
> On the other hand, in 2013 we ask users to run Terminal and then
> copy a command to Terminal. The default shell used by Terminal in
> recent systems is bash, but users can easily change this default in
> Terminal Preferences.  Moreover, Terminal certainly runs shell
> startup scripts if present in the user's home directory. In new Macs
> there are no local startup scripts, but users can easily add them.
>
> This means that any user shell startup which alters umask will
> immediately affect the install.
>
> So yesterday's conjecture about HomeBrew is pretty irrelevant, and
> the Apple document about changing umask in system processes is also
> irrelevant. The place to look is in your shell startup settings.
>
> My only consolation is that anyone who directly installed using the
> TeX Live Install script in past years should have run into the same
> problem.  But I suppose those were fairly rare ducks.
>
> Let's let this rest for a couple of days. Then we can think about
> improving the process next year. And we might want to clarify the
> texhax discussion.

I found that in my shell start up script I have:

umask 077

That means that when I create files, I have rwx permissions and nobody
else can read, write or execute them.  That is, my files are private:
drwx------.  I think this is a reasonable security precaution.

When I installed TexLive 2013, sudo inherited the 077 mask from my
environment.  Subtracting this from 777 gives 700, which is the
drwx------ permissions observed.  I have confirmed this by creating
some directories and files using sudo with different umask settings
set while not being sudo.

As I've said, I think that /usr/local ought to stay owned by root for
security purposes.  The permissions should allow root to read, write
and execute and others should only be able to read and execute.  That
is, drwxr-xr-x or 755.  Subtracting this from 777 gives 022.

So I currently suggest that you add to the beginning of install
scripts:

  umask 022

Corrections to this are welcome!

Tom

  Thomas D. Schneider, Ph.D.
  Senior Investigator
  National Institutes of Health
  National Cancer Institute
  Center for Cancer Research
  Gene Regulation and Chromosome Biology Laboratory
  Molecular Information Theory Group
  Frederick, Maryland  21702-1201
  schneidt at mail.nih.gov
  http://schneider.ncifcrf.gov/(current link)
  http://alum.mit.edu/www/toms (permanent link)


More information about the texhax mailing list