search

HenrikBengtsson / CBI-software

A Scientific Software Stack for HPC (CentOS oriented)
https://wynton.ucsf.edu/hpc/software/software-repositories.html
5 stars 2 forks source link

ROBUSTNESS: Remove write permission for user who does the installation #47

Closed HenrikBengtsson closed 2 years ago

HenrikBengtsson commented 2 years ago

Issue

Currently, the user who installs the CBI software tools has write permission to each software folder and it's files, e.g.

[henrik@c4-dev3 salmon]$ ls -la /software/c4/cbi/software/salmon-1.8.0/
total 1184
drwxr-xr-x   4 henrik cbc      67 Mar 10 10:33 .
drwxr-xr-x 248 henrik cbc    8192 Mar 13 09:59 ..
drwxr-xr-x   2 henrik cbc      28 Mar 10 10:33 bin
drwxr-xr-x   2 henrik cbc    4096 Mar 10 10:33 lib
-rw-------   1 henrik cbc 1193382 Mar 10 10:33 sample_data.tgz

This means that there is a risk that this user deletes or rewrites some software files.

Suggestion

Add a post install step that removes these write permissions recursively, e.g.

chmod -R ugo-w $(PREFIX)

With this, the user has to undo that before being able to remove the installation folder.

HenrikBengtsson commented 2 years ago

The update was:

chmod -R ugo-w $(PREFIX)

so it also covers the rare cases where group and other have write permissions.