Difference between revisions of "Lazarus directory permissions on Linux and Unix"

From Lazarus wiki
Jump to navigationJump to search
(Created page with "One of the most annoying facts of the default Lazarus install on Linux is that Lazarus benefits from full access to its files (because of recompilation for example), yet as an...")
 
m (→‎Common misconceptions: OSX->macOS; Added FreeBSD)
 
(22 intermediate revisions by 10 users not shown)
Line 1: Line 1:
One of the most annoying facts of the default Lazarus install on Linux is that Lazarus benefits from full access to its files (because of recompilation for example), yet as an ordinary user you don't get it.
+
{{Lazarus directory permissions on Linux and Unix}}
  
There are several workarounds:
+
===Common misconceptions===
 +
When you install Lazarus on a *nix system ([[Portal:Linux|Linux]], [[Portal:FreeBSD|FreeBSD]], [[Portal:Mac|macOS]]), using your distro's package system, Lazarus binaries and source files are installed in a location where typically only root has write access.
  
- Work as root
+
Somehow this fact has lead to the misconception that a user without root privileges cannot rebuild Lazarus (which is done when you install new packages), and therefor one would need to change the Lazarus directory permissions.<br>
This is against good unix practice and you should strictly limit the time your programs work under root privileges. Say, you may invoke Lazarus as root just to install some packages and recompile IDE, then return to work as normal user. You should not do the development work as root.
+
This, however is '''''definitely not''''' true.
  
- Install just for yourself
+
When you rebuild Lazarus in this scenario, Lazarus will detect that it does not have write access to the place where the Lazarus binary is installed. It will then build the new Lazarus in a subfolder of the [[pcp|primary config path]]. When the IDE has finished building the new Lazarus binary, it will launch [[startlazarus]]. The startlazarus application will detect that there is a more recent lazarus binary somewhere in your primary config path and it will launch that binary instead of the original one
Installing Lazarus into your home directory overcomes the limitation, but the drawbacks are that it implies manual installation, and other users (if any) cannot use it.
 
  
- Make Lazarus dir world writable
+
This is also the reason why it is better to start Lazarus by means of the <tt>startlazarus</tt> application.
Solves write problems for all users, but anyone can mess things up, also can pose a security risk.
 
  
Perhaps the most correct unix way is to use groups. You may either create a new group like "lazarus" or "devel" specifically for it, or you can use an existing group, perhaps a privileged users groups as "adm" (e.g, Ubuntu) and "wheel" (BSD) are on some systems.
+
====Possible problems when trying to rebuild Lazarus in this scenario====
 +
When rebuiling the IDE, you should <b>not</b> select the "Clean all" options in the "Configure Build Lazarus" dialog, because this option will try to delete (amongst others) all of Lazarus' .ppu files, to which you do not have write access.
  
If you create a new group, as root do this:
+
===If you want to modify the Lazarus source code===
 +
Users that want to be able to modify the Lazarus source code (e.g. for fixing bugs and helping us improving Lazarus) should install the Lazarus sources in a subfolder of their home directory and build Lazarus from source (see [[Getting_Lazarus#Development_version_of_Lazarus|getting]] and [[Getting_Lazarus#Compiling_and_running_Lazarus|compiling an running Lazarus]]).
  
#addgroup mygroupname
+
This is a common *nix practice.
 
 
 
 
Add yourself to the relevant group:
 
 
 
#addgroup myusername mygroupname
 
 
 
 
 
Change group for the Lazarus directory tree (/usr/local/share/lazarus or /usr/lib/lazarus/[version] on Debian or Ubuntu):
 
 
 
#chgrp -R mygroupname <lazarus_dir>
 
 
 
 
 
Add write access for the group to the Lazarus directory tree:
 
 
 
#chmod -R g+w <lazarus_dir>
 
 
 
 
 
Do "ls -l" <lazarus_dir> to confirm files in it have the adequate security parameters, for example:
 
 
 
-rwxrwxr-x  1 root lazarus 27100648 2011-10-10 20:26 lazarus
 
 
 
 
 
 
 
And that's it. You may now recompile the IDE as a normal user, yet you don't expose security risks working as root. Other users cannot do the same if they do not belong to the needed group; if someone needs write access to the lazarus dir, you just add them to the group.
 

Latest revision as of 11:42, 23 December 2019

English (en) magyar (hu)

Common misconceptions

When you install Lazarus on a *nix system (Linux, FreeBSD, macOS), using your distro's package system, Lazarus binaries and source files are installed in a location where typically only root has write access.

Somehow this fact has lead to the misconception that a user without root privileges cannot rebuild Lazarus (which is done when you install new packages), and therefor one would need to change the Lazarus directory permissions.
This, however is definitely not true.

When you rebuild Lazarus in this scenario, Lazarus will detect that it does not have write access to the place where the Lazarus binary is installed. It will then build the new Lazarus in a subfolder of the primary config path. When the IDE has finished building the new Lazarus binary, it will launch startlazarus. The startlazarus application will detect that there is a more recent lazarus binary somewhere in your primary config path and it will launch that binary instead of the original one

This is also the reason why it is better to start Lazarus by means of the startlazarus application.

Possible problems when trying to rebuild Lazarus in this scenario

When rebuiling the IDE, you should not select the "Clean all" options in the "Configure Build Lazarus" dialog, because this option will try to delete (amongst others) all of Lazarus' .ppu files, to which you do not have write access.

If you want to modify the Lazarus source code

Users that want to be able to modify the Lazarus source code (e.g. for fixing bugs and helping us improving Lazarus) should install the Lazarus sources in a subfolder of their home directory and build Lazarus from source (see getting and compiling an running Lazarus).

This is a common *nix practice.