Lazarus directory permissions on Linux and Unix

From Lazarus wiki
Revision as of 21:01, 6 February 2014 by Swen (talk | contribs) (Note by JuhaManninen :)

Note by JuhaManninen :

This page contains misinformation. It claims that Lazarus requires write access to its installation directory for rebuilding itself (when installing packages). Program startlazarus is made to solve this issue of file permissions. See: startlazarus#Searching_the_right_executable If someone wants to modify the sources of LCL or Lazarus itself, he should download the sources from SVN to his home-dir anyway. I don't see any situation that requires changing files in a privileged installation directory.

Somebody should fix this page properly. Startlazarus should be mentioned. A valid reason for writing to installation directory should be explained, or if there is none this page could be even removed.

Original text :

One of the most annoying facts of the default Lazarus install on Linux is that Lazarus benefits from full access to its files (because of recompilation for example), yet as an ordinary user you don't get it.

There are several workarounds:

- Work as root This is against good unix practice and you should strictly limit the time your programs work under root privileges. Say, you may invoke Lazarus as root just to install some packages and recompile IDE, then return to work as normal user. You should not do the development work as root.

- Install just for yourself Installing Lazarus into your home directory overcomes the limitation, but the drawbacks are that it implies manual installation, and other users (if any) cannot use it.

- Make Lazarus dir world writable Solves write problems for all users, but anyone can mess things up, also can pose a security risk.

Perhaps the most correct unix way is to use groups. You may either create a new group like "lazarus" or "devel" specifically for it, or you can use an existing group, perhaps a privileged users groups as "adm" (e.g, Ubuntu) and "wheel" (BSD) are on some systems.

If you create a new group, as root do this:

#addgroup mygroupname

Add yourself to the relevant group:

#addgroup myusername mygroupname

Change group for the Lazarus directory tree (/usr/local/share/lazarus or /usr/lib/lazarus/[version] on Debian or Ubuntu):

#chgrp -R mygroupname <lazarus_dir>

Add write access for the group to the Lazarus directory tree:

#chmod -R g+w <lazarus_dir>

Do "ls -l" <lazarus_dir> to confirm files in it have the adequate security parameters, for example:

-rwxrwxr-x 1 root lazarus 27100648 2011-10-10 20:26 lazarus

And that's it. You may now recompile the IDE as a normal user, yet you don't expose security risks working as root. Other users cannot do the same if they do not belong to the needed group; if someone needs write access to the lazarus dir, you just add them to the group.