Submit Hint Search The Forums LinksStatsPollsHeadlinesRSS
14,000 hints and counting!

Auto-Reset root permissions UNIX
Do you run sendmail, like to have a secure system or does it just plain annoy you that Apple's installer messes with the root permissions. If so, then here's a place to put the script which will save you having to remember to do it yourself.

The script /etc/daily, which runs as root automatically does some tasks each day. However, I'm loathed to mess with these scripts - it's really nasty to install stuff in global scripts, there should be some way to customize without hacking arround to much. Well, there is. /etc/daily checks for a script /etc/daily.local which doesn't exist by default. I'd suggest putting the following in that file (and ensuring it has appropriate permissions). This will keep your root directories permissions neat without much work.

Read on to see the script...

Use pico or the like to make /etc/daily.local
#! /bin/sh

# extra daily tasks
# 1) clean up from apple installers
chmod go-w /
Remove extra write permssions on the script for security
chmod go-w /etc/daily.local
Voilla.

next time /etc/daily runs daily.local will too.
    •    
  • Currently 2.50 / 5
  You rated: 5 / 5 (4 votes cast)
 
[6,962 views]  

Auto-Reset root permissions | 11 comments | Create New Account
Click here to return to the 'Auto-Reset root permissions' hint
The following comments are owned by whoever posted them. This site is not responsible for what they say.
Re: Auto-Reset root permissions
Authored by: sjk on Mar 11, '02 10:40:29PM
For more thorough permission checking/resetting check out: http://homepage.mac.com/lprall/.cv/lprall/Public/chkstuff115.sit-binhex.hqx

[ Reply to This | # ]
Re: Auto-Reset root permissions
Authored by: loekjehe on Mar 12, '02 03:17:36PM

I think these are very handy scripts. Thank you! I have been looking for this a long time.



[ Reply to This | # ]
Can't wait
Authored by: professor on Mar 12, '02 02:27:45AM

Putting daily maintenance tasks in /etc/daily.local is a great idea (though, if your machine is asleep at 3:15 am, they won't get executed).

However, if you are running sendmail, you don't want to wait until the next morning to clean up after Apple's Installer. (Sendmail will *censored* and complain and refuse to do stuff if the permissions on / are wrong.)

Best to click on over to Terminal.app and issue the command
sudo chmod 755 /
before clicking on "restart" in the Installer.



[ Reply to This | # ]
Can't wait
Authored by: saywake on Mar 12, '02 08:56:07AM

Actually, the cron jobs will run at 3:15am even if the machine is asleep. In the Energy Saver pref pane, under options, there is a check box to wake for admin tasks.

Strangely though, it doesn't show up on my Rev.B iMac, but it does on my new G4 iMac (both running 10.1.3). On the older one, there isn't even an "options" tab in the Energy Saver pref pane. Any idea why? Hardware limitation?



[ Reply to This | # ]
waking for cron jobs
Authored by: a1291762 on Mar 12, '02 05:32:33PM

> Actually, the cron jobs will run at 3:15am even if the machine is asleep. In the
> Energy Saver pref pane, under options, there is a check box to wake for admin
> tasks.

Are you sure? I don't see such a box on my iMac DV 400. There's a "Wake for network administrative access".

I can't get the cron jobs to run unless the computer is still on.



[ Reply to This | # ]
waking for cron jobs
Authored by: 128K Mac on Mar 12, '02 11:23:10PM

Different Macs have different hardware when it comes to Energy Saver pref pane.

My G4 DP 450 has the option mentioned available. Sure you looked under the "options" tab of the pref pane? A slot loading iMac G3/400 DV is a kissing cousin to my old (Gig) G4 DP.



[ Reply to This | # ]
Can't wait
Authored by: koen on Mar 12, '02 11:21:09AM

Hi,

Check out the Learning the OSX Terminal series on http://www.oreillynet.com/mac/. The latest issue (3) shows how to configure sendmail without changing the permissions.


- Koen.



[ Reply to This | # ]
Why do this?
Authored by: sjonke on Mar 12, '02 10:14:26AM

What I see is that sometimes I end up, after an installer, with folders that I use to be able to set the view of (such as the top level of my boot drive), always losing their view setting. I set it to keep arranged by name and then before I know all the icons are a mess again, with no sorting in effect. Sometimes I seem to be able to solve this by giving group write permission on these directories (though I'm not sure if that's what really does it). Which begs the question, why would I want to take away write permissions? Apple's installer already seems to do that!



[ Reply to This | # ]
Thats 'loath,' not loathe
Authored by: baba on Mar 12, '02 10:14:15PM

Sorry, I can't help it, but I'm loath to forgo mentioning that loath is unrelated to 'loathe'.
"I am loath to go on such short notice."
but
"I loathe the very ground on which Dick Chainsaw treads."



[ Reply to This | # ]
Thats 'loath,' not loathe
Authored by: pcorchary on Mar 13, '02 11:41:36AM

Um... Well, while there is a slight difference in modern English idiomatic usage, the are NOT unrelated, as they both derive from the same Old English root word 'lath', meaning hateful or loathsome.



[ Reply to This | # ]
Thats 'loath,' not loathe
Authored by: baba on Mar 13, '02 04:31:52PM

Cool! Isn't etymology wonderful.? It sets my heart to fluttering, don't you know.



[ Reply to This | # ]