Jump to content
Don Lee

Permissions wrong on engines in /Lib/App_support

Recommended Posts

I note that on my server machine, the files in /Library/Application support have what I consider the wrong permissions.  Most of the files here are owned by root, but the bundles and their contents are owned by the user who installed the engine.  It is a security problem to allow a "normal" user

to manipulate these files directly.

 

(first cd "/Library/Application support")

 

 

virtue:Retrospect sysadmin$ ls -al
total 30736
drwxrwxr-x  19 root    admin      646 Aug 12 19:52 .
drwxr-xr-x  20 root    admin      680 Apr 15 11:45 ..
-rw-rw-r--@  1 donlee  admin     6148 Oct  6  2011 .DS_Store
drwxrwxrwx   3 root    admin      102 Apr  3 15:45 Catalogs
-rwxr-xr-x   1 root    admin  1488072 Aug 12 18:13 Config80.bak
-rwxr-xr-x   1 root    admin  7731400 Aug 13 02:37 Config80.dat
-rwxr-xr-x   1 root    admin    86988 Jul 12 17:21 ConfigISA.bak
-rwxr-xr-x   1 root    admin    86988 Jul 12 17:21 ConfigISA.dat
drwxrwxr-x   3 donlee  staff      102 Jul  4 10:41 RetrospectEngine.bundle
drwxrwxr-x   3 donlee  staff      102 Jul  4 10:41 RetrospectInstantScan.bundle
drwxr-xr-x   4 root    admin      136 Aug 13 02:37 RtrExec.dir
drwxr-xr-x   2 root    admin       68 Apr  4 13:36 RtrISAExec.dir
drwxr-xr-x   3 root    admin      102 Apr  3 15:43 RtrSec.dir
-rwxr-xr-x   1 root    admin   120003 Aug 12 19:52 assert_log.utx
-rwxr-xr-x   1 root    admin  6171156 Aug 13 02:37 operations_log.utx
-rwxrwxr-x   1 root    admin      211 Aug 12 19:53 retro.ini
-rwxr-xr-x   1 root    admin    18466 Jul 12 17:21 retroISA_log.utx
-rwxrwxr-x@  1 root    admin      195 Jul 12 17:21 retro_isa.ini
-rw-r--r--   1 root    admin        0 Jul 11 05:00 uuid_temp.log
virtue:Retrospect sysadmin$ ls -al Retro*
RetrospectEngine.bundle:
total 0
drwxrwxr-x   3 donlee  staff  102 Jul  4 10:41 .
drwxrwxr-x  19 root    admin  646 Aug 12 19:52 ..
drwxrwxr-x   4 donlee  staff  136 Jul  4 10:41 Contents
 
RetrospectInstantScan.bundle:
total 0
drwxrwxr-x   3 donlee  staff  102 Jul  4 10:41 .
drwxrwxr-x  19 root    admin  646 Aug 12 19:52 ..
drwxrwxr-x   4 donlee  staff  136 Jul  4 10:41 Contents
virtue:Retrospect sysadmin$ 
 

 

 

 

  • Like 1

Share this post


Link to post
Share on other sites

The listings appear to have been done after cd /Library/Application\ Support/Retrospect, not after cd /Library/Application\ Support but otherwise I get similar results.

Share this post


Link to post
Share on other sites

Thanks for pointing this out. The bundles should indeed be owned by root:admin. The issue will be fixed in the next release. Until then, you can run 'sudo chown -R root:admin /Library/Application\ Support/Retrospect/RetrospectEngine.bundle' to fix the ownership.

  • Like 1

Share this post


Link to post
Share on other sites

Thanks for pointing this out. The bundles should indeed be owned by root:admin. The issue will be fixed in the next release. Until then, you can run 'sudo chown -R root:admin /Library/Application\ Support/Retrospect/RetrospectEngine.bundle' to fix the ownership.

Perhaps sudo chown -R root:admin /Library/Application\ Support/Retrospect/Retrospect*.bundle, since both RetrospectEngine.bundle and RetrospectInstantScan.bundle have the wrong ownership.

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

×