[fpc-pascal] Re: Issue with deploying linux application in /opt directory

Mark Morgan Lloyd markMLl.fpc-pascal at telemetry.co.uk
Tue Sep 4 11:35:30 CEST 2012


Reinier Olislagers wrote:
> On 3-9-2012 20:17, Krzysztof wrote:
>> Hi,
>>
>> I have script which install my application in /opt/myapp directory.
>> This script check if user is root so it can set permissions to read
>> and access as executable. Everything works fine. After installation I
>> can run this application, but It doesn't has access to the internet. I
>> must manually set owner to whole application directory: "sudo chown
>> MY_NAME -R /opt/myapp". Now, I have access to internet. Does anyone
>> know how to properly prepare installation script which set permissions
>> in /opt directory? User should simply extract zipped application, run
>> setup skrypt and run app
> 
> Perhaps you're using some protection/privilege management system
> (AppArmor, SELinux, something else) that restricts internet access to
> the application running under root... but mysteriously doesn't restrict
> it when it is running under your account???
> Is your account member of some group that has "all network access
> allowed" permissions, while root isn't?

Broadly agreed. Messing around with ownership of anything other than the 
installed file (or installing extra libraries etc. that might clash with 
what's already on the system) should be done only as a last resort, and 
will probably need tailoring to the distro and version in question.

"Doesn't has access" /how/ exactly? What are you trying to do: connect 
to a remote HTTP port? Create a local HTTP port? Ping a remote address? 
Fabricate a non-standard packet to see how a remote port responds?

What files were changed by the chown -R operation? In other words, 
compare before and after.

-- 
Mark Morgan Lloyd
markMLl .AT. telemetry.co .DOT. uk

[Opinions above are the author's, not those of his employers or colleagues]



More information about the fpc-pascal mailing list