This is an example why I will never understand Unix permissions.

Discussion in 'macOS' started by MattG, Apr 9, 2011.

  1. MattG macrumors 68040

    MattG

    Joined:
    May 27, 2003
    Location:
    Fletcher, NC
    #1
    1. I'm logged onto the computer as myself. I am a local administrator.
    2. I create a file on my desktop called "whatever.command" and I insert some Terminal commands into it. I'm going to make this file run each time my computer starts up.
    3. I save out, double-click on the file to test it. Permission denied -- you don't have appropriate privileges to run this. Right click and hit "Get Info" to see and adjust permissions. This makes no sense, because if I wanted to, I could open up Terminal right now, enter the same commands manually, and they would run without issue.
    4. I right-click and hit "Get Info" and based on what the permissions say, I should have no trouble running this. My name is listed under who has permissions, and it says "Read and Write."
    5. I do some Google searching and find a page that says I should go into Terminal, run "chmod 755" on this file. I do so, and now it works.

    Why should I have to do this when I created the file, I'm an administrator, and I can run these same commands with no issue outside of this .command file?

    I love my Macs, I'd take one over a Windows PC any day, but...this is one area where Microsoft actually got it right in comparison. Setting user permissions on Windows desktops is so much more straightforward than it is on the Mac, and stuff like this drives me crazy.
     
  2. Phil A. Moderator

    Phil A.

    Staff Member

    Joined:
    Apr 2, 2006
    Location:
    Shropshire, UK
    #2
    You need to give the file execute permissions - it's not an ownership issue per se, but a security block to stop random files being executed (or to stop people executing files who shouldn't): Only users that have explicitly been granted execute permissions for a specified file can execute it.

    To give the file owner execute permissions run

    chmod u+x filename

    To give the file group execute permissions run

    chmod u+x filename


    to give people who are neither the owner nor in the owner group execute permissions run

    chmod o+x filename


    and to give anyone execute permissions run

    chmod a+x filename
     
  3. MattG thread starter macrumors 68040

    MattG

    Joined:
    May 27, 2003
    Location:
    Fletcher, NC
    #3
    That makes sense, but why isn't it implied that as the creator, I can run my own file? And is there a way to just tell the computer that as an Administrator, just let me run everything?
     
  4. gnasher729 macrumors P6

    gnasher729

    Joined:
    Nov 25, 2005
    #4
    As the owner of your car, you can take a sledge hammer and smash up your windows. Perfectly legal. Still, you don't want to do this.

    It would be totally unsafe to let you run just any file. Most files would contain text that should be read, not executed. Letting you just execute any file that was never meant to be executed would be a recipe for desaster. So the OS requires you to use a command that says "yes, this file is meant to be executed". And frankly, if you don't know the command that you need to make a file executable, or if you forgot to use it, then maybe, just maybe, you shouldn't be writing files with commands to be executed in the first place.
     
  5. MattG thread starter macrumors 68040

    MattG

    Joined:
    May 27, 2003
    Location:
    Fletcher, NC
    #5
    It's not just "any file," it's a file that I, the Administrator, created. It makes no logical sense that I would create a file on my desktop so it could sit there, look pretty and do nothing. I could understand it not applying execute permissions to other users on the computer automatically, but this makes no sense.

    Things would at least be a little easier if Apple gave you a way to assign "execute" privileges within the GUI, in "Get Info" or wherever. I do enough Windows command line BS at work -- I've got Macs at home so I don't have to deal with it. Normally I don't have to, but in this case I'm having to get a terminal-based program to work for me for home-use. Say what you will about me "not knowing commands" but from a user standpoint, the way this works is totally unintuitive.
     
  6. firestarter macrumors 603

    firestarter

    Joined:
    Dec 31, 2002
    Location:
    Green and pleasant land
    #6
    Why are you creating this executable as the administrator? That could be your problem.

    If you created it as yourself, then it would be automatically executable by you (you still have to chmod +x of course).

    If you've used 'su' to become administrator, or chown'ed it to root, then as the desktop user you would no longer be able to run it (unless you did a chmod a+x).

    Allowing lax security as a default is something Microsoft has done for years, and it's bitten them in the ass bigstyle when it comes to viruses. Unix assumes tough security as a default and that's a MUCH BETTER way to go. It's hardly a big real to use chmod to make the security what you want - and if you're writing terminal scripts it's just something you need to know. The regular 'joe user' doesn't usually create terminal scripts, so it's not a big deal for him.
     
  7. calderone, Apr 9, 2011
    Last edited: Apr 9, 2011

    calderone macrumors 68040

    calderone

    Joined:
    Aug 28, 2009
    Location:
    Seattle
    #7
    There is ZERO connection between you being an Administrator and execute permissions on a file. Drop this ridiculous connection immediately as it is clearly not helping the situation.

    It makes perfect logical sense that you would create a file, because it has information in it. You could open that file with a text editor and modify it. You could copy it, move it, etc. Outside of these operations, Apple knows squat about your intentions with it. They don't know you want to execute it that file and they are assuming that if you do, you know what needs to be done. Just because you created a file that serves no use due to your ignorance does not lead to the conclusion that Apple just wants you to create files to look pretty on your Desktop.

    The fact is execute is not something typically assigned to a file. You don't need execute to open a text file for example, or a Word document or pretty much any other file. You aren't executing anything in those examples. You are simply reading and writing.

    From http://en.wikipedia.org/wiki/Filesystem_permissions

    Execute is a unique permission which goes beyond the typical end user's usage. I find it laughable that you suggest Apple should allow users to give execute on files through Get Info when most users would never even 1. Know would it means 2. Have a use for it. 3. It could be super dangerous

    Your rant only shows your ignorance for computing at the level you are trying to operate at. There is nothing "unintuitive" about having to set execute or where you have to set execute. If you have a need to create something that must be executed then you should damn well know how.

    This has to be one of the most ridiculous posts I have read on this topic. While you are complaining about Apple not giving you the ability to add execute in Get Info, throw in advanced ACLs among other things obscured in user land.
     
  8. Nermal Moderator

    Nermal

    Staff Member

    Joined:
    Dec 7, 2002
    Location:
    New Zealand
    #8
    I'm sorry to use a Windows analogy, but adding execute permissions is like naming a file with an .exe (or in this case .bat or .cmd) extension. In both cases all you're doing is indicating to the system that the file is intended to be run/executed.

    Remember, Unix doesn't look at file extensions so adding the execute bit is how the OS determines that it's an executable file.
     
  9. calderone macrumors 68040

    calderone

    Joined:
    Aug 28, 2009
    Location:
    Seattle
    #9
    Exactly. To add a Windows example, you can't run powershell scripts willy nilly. If it is a custom one and not signed, you have to set the execution policy to allow it to run.

    It would be a nightmare to have execute on files by default.
     

Share This Page