[linux] - Installer permission issue.

[LordJason]

I have a few things to report, and will be making a seperate thread for each. I hope that is proper.

altitude needs to check the permissions on the files that it creates.

If a user installs altitude with root privs, at the end of the installation it asks if you would like to launch the game. Doing so runs the game as root. I'm not sure if the files in /opt/altitude/log/ are created via the first run of the game or via the installer.... But they end up being created with permissions that will not work for a standard user.
This is easily fixed with sudo chmod -R 777 /opt/altitude/log
However if altitude did this automatically it would be nicer.


some console errors for the purpose of finding this post...
java.io.FileNotFoundException: /opt/altitude/log/Launch.log (Permission denied)
log4j:WARN No appenders could be found for logger (em.update.client.launch.UpdateLauncher).

[ledow]

Eek!

Yeah, if you install as root, this happens with any program because it can only assume the user is root so the files are owned as root.

But blanket 777-ing of files is silly - they aren't 777 for a reason, even if you install as the wrong user. You should "chown -R username:groupname logs/" instead, so that the right users own those particular files rather than letting the world and his brother have access to them.

Better would be to not install as root at all.

The file error is actually quite clear "Permission denied" and even points to the right file to tell you where the permissions need to be checked.

I have an altitude user on my servers - it only has permission to see and run programs from the altitude folder, which is owned by that same user. I've not had to change any permissions, just owners. And the process ends up being launched as a lowly user with no shell and no access to anything but altitude. Pretty standard *nix installation practice, if you look at any large program that acts as an Internet server on a standard distro.

Don't get in the habit of 777-ing in order to solve your problems. It's like saying "Hell, the lock on my front door is sticky - I know, I'll just remove the lock entirely so anything opens the door". Don't!

Altitude runs on Java, with it's own JRE installed in the altitude folder. Although you've only done the log folder, it's very bad practice to 777 stuff that close to something that has such enormous potential to go wrong and run rogue code. You do *NOT* want your website user (e.g. www-data) to be able to access folders like that, even if you think that it's handling directory traversal attacks properly at the moment.