Difference between revisions of "Lazarus directory permissions on Linux and Unix"

From Lazarus wiki
Jump to navigationJump to search
(Completely rewrote this, as it was based on misconceptions)
Line 1: Line 1:
==Note by JuhaManninen :==
+
===Common misconceptions===
 +
When you install Lazarus on a *nix system (Linux/MacOS X), using your distro's package system, Lazarus binaries and source files are installed in a location where typically only root has write access.<br>
 +
Somehow this fact has lead to the misconception that a user without root privileges cannot rebuild Lazarus (which is done when you install new packages), and therefor one would need to change the Lazarus directory permissions.<br>
 +
This, however is <b>definitely not</b> true.<br><br>
 +
When you rebuild Lazarus in this scenario, Lazarus will detect that it does not have write access to the place where the Lazarus binary is installed. It will then build the new Lazarus in a subfolder of the primary configpath path. When the IDE has finished building the new Lazarus binary, it will launch [[startlazarus]]. The startlazarus application will detect that there is a more recent lazarus binary somewhere in your primary config path and it will launch that binary instead of the original one.<br>
 +
This is also the reason why it is better to start Lazarus by means of the startlazarus application.
  
This page contains misinformation. It claims that Lazarus requires write access to its installation directory for rebuilding itself (when installing packages).
+
====Possible problems when trying to rebuild Lazarus in this scenario====
Program startlazarus is made to solve this issue of file permissions. See:
+
When rebuiling the IDE, you should <b>not</b> select the "Clean all" options in the "Configure Build Lazarus" dialog, beacuse this option will try to delete (amongst others) all of Lazarus' .ppu files, to which you do not have write access.
[[startlazarus#Searching_the_right_executable]]
 
  
If someone wants to modify the sources of LCL or Lazarus itself, he should download the sources from SVN to his home-dir anyway. I don't see any situation that requires changing files in a privileged installation directory.
+
===If you want to modify the Lazarus source code===
 
+
Users that want to be able to modify the Lazarus source code (e.g. for fixing bugs and helping us improving Lazarus) should install the Lazarus sources in a subfolder of their home directory and build Lazarus from source (see [[Getting_Lazarus#Getting_Lazarus_SVN_development_version]] and [[Getting_Lazarus#Compiling_and_installing_Lazarus]]).<br>
Somebody should fix this page properly. Startlazarus should be mentioned.
+
This is a common *nix practice.
A valid reason for writing to installation directory should be explained, or if there is none this page could be even removed.
 
 
 
==Original text :==
 
 
 
One of the most annoying facts of the default Lazarus install on Linux is that Lazarus benefits from full access to its files (because of recompilation for example), yet as an ordinary user you don't get it.
 
 
 
There are several workarounds:
 
 
 
- Work as root
 
This is against good unix practice and you should strictly limit the time your programs work under root privileges. Say, you may invoke Lazarus as root just to install some packages and recompile IDE, then return to work as normal user. You should not do the development work as root.
 
 
 
- Install just for yourself
 
Installing Lazarus into your home directory overcomes the limitation, but the drawbacks are that it implies manual installation, and other users (if any) cannot use it.
 
 
 
- Make Lazarus dir world writable
 
Solves write problems for all users, but anyone can mess things up, also can pose a security risk.
 
 
 
Perhaps the most correct unix way is to use groups. You may either create a new group like "lazarus" or "devel" specifically for it, or you can use an existing group, perhaps a privileged users groups as "adm" (e.g, Ubuntu) and "wheel" (BSD) are on some systems.
 
 
 
If you create a new group, as root do this:
 
 
 
#addgroup mygroupname
 
 
 
 
 
Add yourself to the relevant group:
 
 
 
#addgroup myusername mygroupname
 
 
 
 
 
Change group for the Lazarus directory tree (/usr/local/share/lazarus or /usr/lib/lazarus/[version] on Debian or Ubuntu):
 
 
 
#chgrp -R mygroupname <lazarus_dir>
 
 
 
 
 
Add write access for the group to the Lazarus directory tree:
 
 
 
#chmod -R g+w <lazarus_dir>
 
 
 
 
 
Do "ls -l" <lazarus_dir> to confirm files in it have the adequate security parameters, for example:
 
 
 
-rwxrwxr-x  1 root lazarus 27100648 2011-10-10 20:26 lazarus
 
 
 
 
 
 
 
And that's it. You may now recompile the IDE as a normal user, yet you don't expose security risks working as root. Other users cannot do the same if they do not belong to the needed group; if someone needs write access to the lazarus dir, you just add them to the group.
 
  
 
[[Category:Lazarus]]
 
[[Category:Lazarus]]
 
[[Category:Unix]]
 
[[Category:Unix]]

Revision as of 17:00, 8 February 2014

Common misconceptions

When you install Lazarus on a *nix system (Linux/MacOS X), using your distro's package system, Lazarus binaries and source files are installed in a location where typically only root has write access.
Somehow this fact has lead to the misconception that a user without root privileges cannot rebuild Lazarus (which is done when you install new packages), and therefor one would need to change the Lazarus directory permissions.
This, however is definitely not true.

When you rebuild Lazarus in this scenario, Lazarus will detect that it does not have write access to the place where the Lazarus binary is installed. It will then build the new Lazarus in a subfolder of the primary configpath path. When the IDE has finished building the new Lazarus binary, it will launch startlazarus. The startlazarus application will detect that there is a more recent lazarus binary somewhere in your primary config path and it will launch that binary instead of the original one.
This is also the reason why it is better to start Lazarus by means of the startlazarus application.

Possible problems when trying to rebuild Lazarus in this scenario

When rebuiling the IDE, you should not select the "Clean all" options in the "Configure Build Lazarus" dialog, beacuse this option will try to delete (amongst others) all of Lazarus' .ppu files, to which you do not have write access.

If you want to modify the Lazarus source code

Users that want to be able to modify the Lazarus source code (e.g. for fixing bugs and helping us improving Lazarus) should install the Lazarus sources in a subfolder of their home directory and build Lazarus from source (see Getting_Lazarus#Getting_Lazarus_SVN_development_version and Getting_Lazarus#Compiling_and_installing_Lazarus).
This is a common *nix practice.

Retrieved from "http://wiki.freepascal.org/index.php?title=Lazarus_directory_permissions_on_Linux_and_Unix&oldid=76789"