Don Lee Posted January 9, 2013 Report Share Posted January 9, 2013 I try to do my installs with a "system" user who owns and installs all of the applications. In general, I can set all of the applications to read-only, so that even a user who does something pretty dumb can't do much damage. This is also something that is commonly done with enterprise setups, where "approved" applications are kept on a network server, and are strictly read-only because they are shared among many users. The Retrospect console is a single application, and when it is installed according to the implied instructions on the installer disk, the single app is placed in a folder in the /Applications folder, and on first run, parts of that application are moved from the bundle to the folder. Two problems with this: 1. The files so moved are set up with "0777" permissions - that is world read/write/execute. This means that anyone on the system can scribble on them, remove them, rename them, or otherwise screw them up. If I am trying to keep my machine relatively secure this is "bad". 2. If I install the Retrospect console as "admin" and then first launch it as a normal user, these files are not moved from the bundle. I have not yet explored what this means, but it is clear that the difference in behavior will be puzzling to someone in addition to me. My suggestion is that the application should definitely be set up so that if I want to have the folder and all its content be read-only, it should be possible. Bonus points if it is also easy. If the ease of installation of having the bundle contents in the app is important, the step of moving the components to the enclosing folder should be explicit and should request authorization explicitly rater than simply failing as it does now. Quote Link to comment Share on other sites More sharing options...
prl Posted January 9, 2013 Report Share Posted January 9, 2013 In Retro 9, the 0777s created are all folders (directories), not files. Still not a good thing. The 0777 folders on Retro9 are: prl$ find /Applications/Retrospect -ls | grep rwxrwxrwx 60017190 0 drwxrwxrwx 3 prl staff 102 24 Sep 2011 /Applications/Retrospect/Client Installers/Mac/Mac Client Installer (Intel)/Uninstall OS X Client.app/Contents/Resources/de.lproj 60017191 0 drwxrwxrwx 3 prl staff 102 24 Sep 2011 /Applications/Retrospect/Client Installers/Mac/Mac Client Installer (Intel)/Uninstall OS X Client.app/Contents/Resources/de.lproj/description.rtfd 60017184 0 drwxrwxrwx 3 prl staff 102 24 Sep 2011 /Applications/Retrospect/Client Installers/Mac/Mac Client Installer (Intel)/Uninstall OS X Client.app/Contents/Resources/es.lproj 60017185 0 drwxrwxrwx 3 prl staff 102 24 Sep 2011 /Applications/Retrospect/Client Installers/Mac/Mac Client Installer (Intel)/Uninstall OS X Client.app/Contents/Resources/es.lproj/description.rtfd 60017181 0 drwxrwxrwx 3 prl staff 102 24 Sep 2011 /Applications/Retrospect/Client Installers/Mac/Mac Client Installer (Intel)/Uninstall OS X Client.app/Contents/Resources/fr.lproj 60017182 0 drwxrwxrwx 3 prl staff 102 24 Sep 2011 /Applications/Retrospect/Client Installers/Mac/Mac Client Installer (Intel)/Uninstall OS X Client.app/Contents/Resources/fr.lproj/description.rtfd 60017178 0 drwxrwxrwx 3 prl staff 102 24 Sep 2011 /Applications/Retrospect/Client Installers/Mac/Mac Client Installer (Intel)/Uninstall OS X Client.app/Contents/Resources/it.lproj 60017179 0 drwxrwxrwx 3 prl staff 102 24 Sep 2011 /Applications/Retrospect/Client Installers/Mac/Mac Client Installer (Intel)/Uninstall OS X Client.app/Contents/Resources/it.lproj/description.rtfd 60017175 0 drwxrwxrwx 3 prl staff 102 24 Sep 2011 /Applications/Retrospect/Client Installers/Mac/Mac Client Installer (Intel)/Uninstall OS X Client.app/Contents/Resources/ja.lproj 60017176 0 drwxrwxrwx 3 prl staff 102 24 Sep 2011 /Applications/Retrospect/Client Installers/Mac/Mac Client Installer (Intel)/Uninstall OS X Client.app/Contents/Resources/ja.lproj/description.rtfd 60017172 0 drwxrwxrwx 3 prl staff 102 24 Sep 2011 /Applications/Retrospect/Client Installers/Mac/Mac Client Installer (Intel)/Uninstall OS X Client.app/Contents/Resources/ko.lproj 60017173 0 drwxrwxrwx 3 prl staff 102 24 Sep 2011 /Applications/Retrospect/Client Installers/Mac/Mac Client Installer (Intel)/Uninstall OS X Client.app/Contents/Resources/ko.lproj/description.rtfd 60017169 0 drwxrwxrwx 3 prl staff 102 24 Sep 2011 /Applications/Retrospect/Client Installers/Mac/Mac Client Installer (Intel)/Uninstall OS X Client.app/Contents/Resources/pt.lproj 60017170 0 drwxrwxrwx 3 prl staff 102 24 Sep 2011 /Applications/Retrospect/Client Installers/Mac/Mac Client Installer (Intel)/Uninstall OS X Client.app/Contents/Resources/pt.lproj/description.rtfd 60017166 0 drwxrwxrwx 3 prl staff 102 24 Sep 2011 /Applications/Retrospect/Client Installers/Mac/Mac Client Installer (Intel)/Uninstall OS X Client.app/Contents/Resources/ru.lproj 60017167 0 drwxrwxrwx 3 prl staff 102 24 Sep 2011 /Applications/Retrospect/Client Installers/Mac/Mac Client Installer (Intel)/Uninstall OS X Client.app/Contents/Resources/ru.lproj/description.rtfd 60017161 0 drwxrwxrwx 3 prl staff 102 24 Sep 2011 /Applications/Retrospect/Client Installers/Mac/Mac Client Installer (Intel)/Uninstall OS X Client.app/Contents/Resources/zh_CN.lproj 60017162 0 drwxrwxrwx 3 prl staff 102 24 Sep 2011 /Applications/Retrospect/Client Installers/Mac/Mac Client Installer (Intel)/Uninstall OS X Client.app/Contents/Resources/zh_CN.lproj/description.rtfd 60017158 0 drwxrwxrwx 3 prl staff 102 24 Sep 2011 /Applications/Retrospect/Client Installers/Mac/Mac Client Installer (Intel)/Uninstall OS X Client.app/Contents/Resources/zh_TW.lproj 60017159 0 drwxrwxrwx 3 prl staff 102 24 Sep 2011 /Applications/Retrospect/Client Installers/Mac/Mac Client Installer (Intel)/Uninstall OS X Client.app/Contents/Resources/zh_TW.lproj/description.rtfd prl$ Quote Link to comment Share on other sites More sharing options...
prl Posted January 9, 2013 Report Share Posted January 9, 2013 ... 2. If I install the Retrospect console as "admin" and then first launch it as a normal user, these files are not moved from the bundle. I have not yet explored what this means, but it is clear that the difference in behavior will be puzzling to someone in addition to me. ... My guess is that when you install, the application is copied owned by "admin", and another normal user doesn't have permission to make the require modifications in the bundle and/or the application's folder. Given the 0777 files in places in the bundle, that's a bit ironic. It may well also be the case if any user installs and any other user does the first run. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.