[texhax] Aha Moment; umask
schneidt at mail.nih.gov
Fri Jul 12 16:35:23 CEST 2013
> I'm sending this to the MacTeX group so they can answer support
> questions. Some people installing from the DVD got a TeX directory with permissions
> instead of the expected
> Karl Berry immediately traced this to an unusual umask setting, but the question
> was where that setting might occur.
> I woke up at 3:00 AM with new insight on installing MacTeX from the
> DVD in 2013.
> In 2012 and earlier, MacTeX on the DVD installed TeX Live by calling
> the TeX Live Install Script from the postflight script in the
> installer. This postflight script runs at the very end of
> installation. It is a shell script, but it is run as root by the
> install package. Thus it knows nothing about the user's choice of a
> default shell or user shell startup scripts.
> On the other hand, in 2013 we ask users to run Terminal and then
> copy a command to Terminal. The default shell used by Terminal in
> recent systems is bash, but users can easily change this default in
> Terminal Preferences. Moreover, Terminal certainly runs shell
> startup scripts if present in the user's home directory. In new Macs
> there are no local startup scripts, but users can easily add them.
> This means that any user shell startup which alters umask will
> immediately affect the install.
> So yesterday's conjecture about HomeBrew is pretty irrelevant, and
> the Apple document about changing umask in system processes is also
> irrelevant. The place to look is in your shell startup settings.
> My only consolation is that anyone who directly installed using the
> TeX Live Install script in past years should have run into the same
> problem. But I suppose those were fairly rare ducks.
> Let's let this rest for a couple of days. Then we can think about
> improving the process next year. And we might want to clarify the
> texhax discussion.
I found that in my shell start up script I have:
That means that when I create files, I have rwx permissions and nobody
else can read, write or execute them. That is, my files are private:
drwx------. I think this is a reasonable security precaution.
When I installed TexLive 2013, sudo inherited the 077 mask from my
environment. Subtracting this from 777 gives 700, which is the
drwx------ permissions observed. I have confirmed this by creating
some directories and files using sudo with different umask settings
set while not being sudo.
As I've said, I think that /usr/local ought to stay owned by root for
security purposes. The permissions should allow root to read, write
and execute and others should only be able to read and execute. That
is, drwxr-xr-x or 755. Subtracting this from 777 gives 022.
So I currently suggest that you add to the beginning of install
Corrections to this are welcome!
Thomas D. Schneider, Ph.D.
National Institutes of Health
National Cancer Institute
Center for Cancer Research
Gene Regulation and Chromosome Biology Laboratory
Molecular Information Theory Group
Frederick, Maryland 21702-1201
schneidt at mail.nih.gov
http://alum.mit.edu/www/toms (permanent link)
More information about the texhax