On 18.04.2010, at 17:10, Michael Stone wrote: > > Bert Freudenberg wrote: >> On 18.04.2010, at 14:10, Sascha Silbe wrote: >>> On Sat, Apr 17, 2010 at 09:26:23PM -0400, George Hunt wrote: >>> >>>> Rainbow changes UID for every invocation [...] >>> >>> Yes, that's the default behaviour. Rainbow can be instructed to use a >>> constant UID (Browse does); according to the OLPC wiki [1] you'd need to >>> add a >>> file activity/permissions.info, containing "constant-uid" on a single line. >>> >>> This is the least preferable solution, though. >>>> Apparently the create mask rainbow uses is 755 and group members do not >>>> have write access. >>> >>> It's not Rainbow that decides this. >> >> But arguably Rainbow could set a better default, no? Making files >> group-writable? > > Rainbow actually calls os.umask(0) here: > > http://dev.laptop.org/git/security/tree/rainbow/rainbow/inject.py#n263 > > However, it's entirely possible that some other logic in your program is > setting umask(022) or is creating files with an explicitly specified mode. > (You > may recall that xulrunner's behavior here was the reason why constant-uid was > introduced.)
Well, I remember having to put the "umask 0002" call in the Etoys startup script a long time ago. It's still there, but unconditionally. Hence my next question ... >> Hmm, how do I test if Rainbow is enabled, in a shell script, again? > > If you mean "is sugar going to launch the next activity it launches under > rainbow?", then test for the presence of /etc/olpc-security, e.g. with > > if [ -f /etc/olpc-security ]; then ... fi > > If you mean "is my script currently running under rainbow?", then I don't > have a > perfect answer for you this instant. > (A good but imperfect answer is to test whether whether getuid() > 10000 and > getgid() > 10000, e.g. by parsing the output of the "id" command.) > Regards, > > Michael I meant the latter. Guess I won't worry too much, since most distros nowadays use per-user groups anyway. - Bert - _______________________________________________ Devel mailing list [email protected] http://lists.laptop.org/listinfo/devel
