Difference between revisions of "Lazarus directory permissions on Linux and Unix"

From Lazarus wiki
Jump to navigationJump to search
m (→‎Common misconceptions: OSX->macOS; Added FreeBSD)
 
(14 intermediate revisions by 8 users not shown)
Line 1: Line 1:
=Note by JuhaManninen :=
+
{{Lazarus directory permissions on Linux and Unix}}
  
This page contains misinformation. It claims that Lazarus requires write access to its installation directory for rebuilding itself (when installing packages).
+
===Common misconceptions===
Program startlazarus is made to solve this issue of file permissions. See:
+
When you install Lazarus on a *nix system ([[Portal:Linux|Linux]], [[Portal:FreeBSD|FreeBSD]], [[Portal:Mac|macOS]]), using your distro's package system, Lazarus binaries and source files are installed in a location where typically only root has write access.
  http://wiki.lazarus.freepascal.org/startlazarus#Searching_the_right_executable
 
If someone wants to modify the sources of LCL or Lazarus itself, he should download the sources from SVN to his home-dir anyway. I don't see any situation that requires changing files in a privileged installation directory.
 
  
Somebody should fix this page properly. Startlazarus should be mentioned.
+
Somehow this fact has lead to the misconception that a user without root privileges cannot rebuild Lazarus (which is done when you install new packages), and therefor one would need to change the Lazarus directory permissions.<br>
A valid reason for writing to installation directory should be explained, or if there is none this page could be even removed.
+
This, however is '''''definitely not''''' true.
  
=Original text :=
+
When you rebuild Lazarus in this scenario, Lazarus will detect that it does not have write access to the place where the Lazarus binary is installed. It will then build the new Lazarus in a subfolder of the [[pcp|primary config path]]. When the IDE has finished building the new Lazarus binary, it will launch [[startlazarus]]. The startlazarus application will detect that there is a more recent lazarus binary somewhere in your primary config path and it will launch that binary instead of the original one
  
One of the most annoying facts of the default Lazarus install on Linux is that Lazarus benefits from full access to its files (because of recompilation for example), yet as an ordinary user you don't get it.
+
This is also the reason why it is better to start Lazarus by means of the <tt>startlazarus</tt> application.
  
There are several workarounds:
+
====Possible problems when trying to rebuild Lazarus in this scenario====
 +
When rebuiling the IDE, you should <b>not</b> select the "Clean all" options in the "Configure Build Lazarus" dialog, because this option will try to delete (amongst others) all of Lazarus' .ppu files, to which you do not have write access.
  
- Work as root
+
===If you want to modify the Lazarus source code===
This is against good unix practice and you should strictly limit the time your programs work under root privileges. Say, you may invoke Lazarus as root just to install some packages and recompile IDE, then return to work as normal user. You should not do the development work as root.
+
Users that want to be able to modify the Lazarus source code (e.g. for fixing bugs and helping us improving Lazarus) should install the Lazarus sources in a subfolder of their home directory and build Lazarus from source (see [[Getting_Lazarus#Development_version_of_Lazarus|getting]] and [[Getting_Lazarus#Compiling_and_running_Lazarus|compiling an running Lazarus]]).
  
- Install just for yourself
+
This is a common *nix practice.
Installing Lazarus into your home directory overcomes the limitation, but the drawbacks are that it implies manual installation, and other users (if any) cannot use it.
 
 
 
- Make Lazarus dir world writable
 
Solves write problems for all users, but anyone can mess things up, also can pose a security risk.
 
 
 
Perhaps the most correct unix way is to use groups. You may either create a new group like "lazarus" or "devel" specifically for it, or you can use an existing group, perhaps a privileged users groups as "adm" (e.g, Ubuntu) and "wheel" (BSD) are on some systems.
 
 
 
If you create a new group, as root do this:
 
 
 
#addgroup mygroupname
 
 
 
 
 
Add yourself to the relevant group:
 
 
 
#addgroup myusername mygroupname
 
 
 
 
 
Change group for the Lazarus directory tree (/usr/local/share/lazarus or /usr/lib/lazarus/[version] on Debian or Ubuntu):
 
 
 
#chgrp -R mygroupname <lazarus_dir>
 
 
 
 
 
Add write access for the group to the Lazarus directory tree:
 
 
 
#chmod -R g+w <lazarus_dir>
 
 
 
 
 
Do "ls -l" <lazarus_dir> to confirm files in it have the adequate security parameters, for example:
 
 
 
-rwxrwxr-x  1 root lazarus 27100648 2011-10-10 20:26 lazarus
 
 
 
 
 
 
 
And that's it. You may now recompile the IDE as a normal user, yet you don't expose security risks working as root. Other users cannot do the same if they do not belong to the needed group; if someone needs write access to the lazarus dir, you just add them to the group.
 
 
 
[[Category:Lazarus]]
 
[[Category:Unix]]
 

Latest revision as of 11:42, 23 December 2019

English (en) magyar (hu)

Common misconceptions

When you install Lazarus on a *nix system (Linux, FreeBSD, macOS), using your distro's package system, Lazarus binaries and source files are installed in a location where typically only root has write access.

Somehow this fact has lead to the misconception that a user without root privileges cannot rebuild Lazarus (which is done when you install new packages), and therefor one would need to change the Lazarus directory permissions.
This, however is definitely not true.

When you rebuild Lazarus in this scenario, Lazarus will detect that it does not have write access to the place where the Lazarus binary is installed. It will then build the new Lazarus in a subfolder of the primary config path. When the IDE has finished building the new Lazarus binary, it will launch startlazarus. The startlazarus application will detect that there is a more recent lazarus binary somewhere in your primary config path and it will launch that binary instead of the original one

This is also the reason why it is better to start Lazarus by means of the startlazarus application.

Possible problems when trying to rebuild Lazarus in this scenario

When rebuiling the IDE, you should not select the "Clean all" options in the "Configure Build Lazarus" dialog, because this option will try to delete (amongst others) all of Lazarus' .ppu files, to which you do not have write access.

If you want to modify the Lazarus source code

Users that want to be able to modify the Lazarus source code (e.g. for fixing bugs and helping us improving Lazarus) should install the Lazarus sources in a subfolder of their home directory and build Lazarus from source (see getting and compiling an running Lazarus).

This is a common *nix practice.