On Wednesday, January 11, 2017 at 6:55:55 AM UTC-8, Red Claw wrote: > > One of our faculty member is asking for Sage to run on his Macintosh. In > reviewing the application, I was able to determine that Sage needs write > access for the user in order to launch correctly. >
This is not entirely true. It only needs write permission *the first time it's run*. So you can make it owned by an account (say, sage-admin) that has write permission on the sage tree and use that for the first run. After that, other users can happily use it if they have "-rx" permissions on the tree. I use this frequently to give students access to sage. > I believe this to be bad form by the developers. The application should > not be writable unless an administrator is preforming an update to the app; > (patch or version upgrade). This has the potential to leading to exploits > if another piece of "badware" knows about Sage It could inject its own > files into the application space for Sage and execute them (worst case > scenario). > Indeed. You should consider running sage once after a change as part of the update process. You might not want to do that as "root", so using a special-purpose account to compartmentalize privileges might be a good idea. The application should write to either the root Library folder or to the > users Library folder for writing application settings. > sage uses $DOT_SAGE (defaulting to $HOME/.sage) for per-user settings. If you want you could try to point that to the users Library folder (normal linux filesystem layout has no such thing) -- You received this message because you are subscribed to the Google Groups "sage-support" group. To unsubscribe from this group and stop receiving emails from it, send an email to sage-support+unsubscr...@googlegroups.com. To post to this group, send email to sage-support@googlegroups.com. Visit this group at https://groups.google.com/group/sage-support. For more options, visit https://groups.google.com/d/optout.
