Prasenjit Kapat <[email protected]> writes: > On Sun, Feb 15, 2009 at 11:03 AM, tyler <[email protected]> wrote: >> Ista Zahn <[email protected]> writes: >> >>> I've found the version of R in the Ubuntu repository is almost always >>> out of date. Here is the process I follow: >>> >>> 4) Start R from the command line as root so I can install packages >>> system-wide: sudo R >> >> As an alternative, if you set the permissions on >> /usr/local/lib/R/site-library to allow universal write access, you can >> call install.packages() from R without having root privileges: >> >> sudo chmod o+w /usr/local/lib/R/site-library > > Is that a safe / secure?
I think the primary safety provided by granting only root access to /usr/local/lib/R/site-library is that it prevents random users from installing R packages. This is important if multiple users are depending on the correct libraries being properly installed, but I think it's a non-issue on single-user laptops. I don't think the security of my system is any less than if I was installing my packages to ~/mylibs/, which is what I do on my university's cluster. In either case, an attack would require someone compromised my machine, (or the R repositories) and the impact would be limited to the installed R libraries (and everything else in ~/, of course, but that's the same either way). Which makes it even more important not to run R as root. I would welcome any corrections! > BTW what are the permissions on /usr/local/lib/R? Mine's already set > to 755 for the "user"!!! I though it used to be owned by root! On my Debian machine, it's: drwxrwsr-x 3 root staff 4096 2007-12-01 23:32 R Cheers, Tyler -- Only YOU can stop forest fires. _______________________________________________ [email protected] mailing list https://stat.ethz.ch/mailman/listinfo/r-sig-teaching
