Installing app permissions question

[Steve-M]

Hi all. I have a question about installing downloaded apps from a normal user account. In particular from disk images.

Lets say I download a new app that is contained in a disk image. The disk image is mounted, and opened. At this point I either drag the app to the application alias provided by the developer, or straight to the application folder. Since I'm in a normal user account, I'm prompted to authenticate with a administrator user name and password. I do this and the app package is transfered to the application folder.

Now, if I use "Get info" to view the permissions for the app I just installed, it will show my normal user as the owner with read & write permissions.

I've said all this to ask, if I need to authenticate moving the app to the applications folder, should not the ownership of the app package now belong to the administrator account that authenticated?

It would appear to me the authentication is only to move the app bundle to a location that my normal user has no write permission. If this is correct, why would my normal user still be the owner with write permission on the app bundle? It's like having write permission on a file, that is in a folder where I have no write permissions.

Can anyone shed a little more light on this? Would there be any merit in manually changing the permissions of the app bundle?

 

[LtRammstein]

The reason why authenticating the install of an application is to make sure it's what you want to do.

On a few *nix OSes I've played on (Ubuntu, Fedora, Solaris) only the administrator/root could install applications; however, these applications use the kernel of the *nix OS so it is necessary to have that happen.

Apple has taken this and done it to protect the system. Since you're under the Normal User account and you have the administrator authenticate it, it then belongs to that normal user.

Here are two users, Admin and User. Admin obviously has Admin authentication and User has Normal (Power User).

If Admin installs an application, they have the option whether to allow it for all users or just them.

If User installs an application, and it asks him to authenticate, it's basically saying, "Did the Admin allow you to install this?" If the reply is, "Yes" (typing in the Admin password), then the application is installed only to that user and the Admin.

You can check what I mean by typing this in Terminal.app:

cd /Applications/
ls -l | grep <Application Name>

Replace <Application Name> with the name of your application. It'll display the permissions of that application. You should see this:

drwxrwxr-x <Owner> <Date Installed/Modified> <Application Name>.app

If I have said anything wrong here, please correct me! I'm smart, but sometimes I learn things a different way than what is normal understood.

 

[Steve-M]

On a few *nix OSes I've played on (Ubuntu, Fedora, Solaris) only the administrator/root could install applications; however, these applications use the kernel of the *nix OS so it is necessary to have that happen.

Ubuntu seems to have taken the same approach as OS X. Disable root and make the first user a administrator. In both cases you must enter a administrator password to install software, or make system changes. Still, I prefer not to do my daily task as a administrator.

If User installs an application, and it asks him to authenticate, it's basically saying, "Did the Admin allow you to install this?" If the reply is, "Yes" (typing in the Admin password), then the application is installed only to that user and the Admin.

I can understand that. If a administrator allows it, a user can drag a app package to the Applications folder. In the end, the user still does not have write permission to the Application folder, just to the app package.

cd /Applications/
ls -l | grep Burn

returns

drwxr-xr-x@  3 steve  staff   102 May 20 02:11 Burn.app

I should have included in my first post that I'm using OS X 10.5.7 to avoid any confusion. I've been using OS X a total of 36 days now. So far I'm very impressed.

Thank for your reply LtRammstein. Appreciate your help