Help with permissions under Rainbow sought
bert at freudenbergs.de
Sun Apr 18 11:22:36 EDT 2010
On 18.04.2010, at 17:10, Michael Stone wrote:
> Bert Freudenberg wrote:
>> On 18.04.2010, at 14:10, Sascha Silbe wrote:
>>> On Sat, Apr 17, 2010 at 09:26:23PM -0400, George Hunt wrote:
>>>> Rainbow changes UID for every invocation [...]
>>> Yes, that's the default behaviour. Rainbow can be instructed to use a
>>> constant UID (Browse does); according to the OLPC wiki  you'd need to add a
>>> file activity/permissions.info, containing "constant-uid" on a single line.
>>> This is the least preferable solution, though.
>>>> Apparently the create mask rainbow uses is 755 and group members do not
>>>> have write access.
>>> It's not Rainbow that decides this.
>> But arguably Rainbow could set a better default, no? Making files group-writable?
> Rainbow actually calls os.umask(0) here:
> However, it's entirely possible that some other logic in your program is
> setting umask(022) or is creating files with an explicitly specified mode. (You
> may recall that xulrunner's behavior here was the reason why constant-uid was
Well, I remember having to put the "umask 0002" call in the Etoys startup script a long time ago. It's still there, but unconditionally. Hence my next question ...
>> Hmm, how do I test if Rainbow is enabled, in a shell script, again?
> If you mean "is sugar going to launch the next activity it launches under
> rainbow?", then test for the presence of /etc/olpc-security, e.g. with
> if [ -f /etc/olpc-security ]; then ... fi
> If you mean "is my script currently running under rainbow?", then I don't have a
> perfect answer for you this instant.
> (A good but imperfect answer is to test whether whether getuid() > 10000 and
> getgid() > 10000, e.g. by parsing the output of the "id" command.)
I meant the latter. Guess I won't worry too much, since most distros nowadays use per-user groups anyway.
- Bert -
More information about the Devel