Install into /usr/local
Dan Shoop
shoop at iwiring.net
Mon Feb 12 14:26:07 PST 2007
At 10:21 PM +0100 2/12/07, Richard Taubo wrote:
>Hi!
>
>On 12. feb. 2007, at 21.27, Dan Shoop wrote:
>
>>At 7:26 PM +0100 2/12/07, Richard Taubo wrote:
>>>Hi!
>>>
>>>When installing some software OS X into /usr/local and reading the
>>>corresponding Linux manual, I see that OS X requires me to install
>>>using sudo whereas Linux do not.
>>
>>OS X requires no such thing.
>
>No, but if you install anything inside the /usr or /usr/local
>folder, you would - per default - be asked for password as root is
>the only one with write access in these directories.
Not necessarily, no.
> Thus by default, without chowning the directory, the program
>installed will be owned by root. Right?
Not necessarily, no.
>>Being root can be done numerous ways. I normally just log in as
>>root, but I'm older than sudo.
>>
>>>Is there a reason for this difference, and should the OS X way
>>>cause security concerns?
>>
>>Huh?
>
>I was just referring to the difference I saw in install instructions
>for the Linux system, and what I had to do to make it work on OS X.
And to make a banana split from apples you have to change the recipe
too. Point?
>Due to this I was wondering if it is good security practice that
>anything installed in /usr/local - per default on OS X - will get
>owned by root, instead of by the person installing the software.
That's mostly a policy decision. Ask your Security Manager or SysAdmin.
> In that way you could end up with a system where you run more
>programs as root than is actually needed.
You probably don't want things, especially executables, owned by root
if not necessary.
And ownership has nothing to do with permissions (access).
That is programs don't have to be run as root just b/c root owns
them. In fact you do this daily already.
--
-dhan
------------------------------------------------------------------------
Dan Shoop AIM: iWiring
Systems & Networks Architect http://www.ustsvs.com/
shoop at iwiring.net http://www.iwiring.net/
1-714-363-1174
"The wise man doesn't give the right answers, he poses the right
questions." -- Claude Levi-Strauss
------------------------------------------------------------------------
iWiring provides systems and networks support for Mac OS X, unix, and
Open Source application technologies at affordable rates.
More information about the MacOSX-admin
mailing list