From f00b67d87e761e04da9e760498dc252e68ac7d0a Mon Sep 17 00:00:00 2001 From: "mark@chromium.org" Date: Fri, 16 Oct 2009 19:37:25 +0000 Subject: Updating from user Keystone under /Applications by an admin user should leave the application admin-writeable. BUG=16360 (not really, but it's somewhat related) TEST=keystone_install_test.sh Review URL: http://codereview.chromium.org/276066 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@29310 0039d316-1c4b-4281-b951-d872f2087c98 --- chrome/tools/build/mac/keystone_install.sh | 20 ++++++++++++++++++++ 1 file changed, 20 insertions(+) (limited to 'chrome/tools') diff --git a/chrome/tools/build/mac/keystone_install.sh b/chrome/tools/build/mac/keystone_install.sh index dd5ab68..6dfd992 100755 --- a/chrome/tools/build/mac/keystone_install.sh +++ b/chrome/tools/build/mac/keystone_install.sh @@ -264,5 +264,25 @@ for versioned_dir in "${DEST}/Contents/Versions/"* ; do fi done +# If this script is not running as root (indicating an update driven by user +# Keystone) and the application is installed somewhere under /Applications, +# try to make it writeable by all admin users. This will allow other admin +# users to update the application from their own user Keystone instances. +# +# If this script is running as root, it's driven by system Keystone, and +# future updates can be expected to be applied the same way, so +# admin-writeability is not a concern. +# +# If the application is not installed under /Applications, it might not be in +# a system-wide location, and it probably won't be something that other users +# are running, so err on the side of safety and don't make it group-writeable. +# +# If this script is running as a user that is not a member of the admin group, +# this operation will not succeed. Tolerate that case, because it's better +# than the alternative, which is to make the applicaiton world-writeable. +if [ ${EUID} -ne 0 ] && [ "${DEST:0:14}" = "/Applications/" ] ; then + (chgrp -Rfh admin "${DEST}" && chmod -Rfh g+w "${DEST}") >& /dev/null +fi + # Great success! exit 0 -- cgit v1.1