Results 1 to 3 of 3

Thread: OS X Installer Insecure Permissions

  1. #1

    Default OS X Installer Insecure Permissions

    Hello:

    I just installed the Wowza Streaming Engine 4.1.2 OS X using the installer and installs many files/directories with other write permissions.

    Is there a reason why? Or was this overlooked when building the installer? Does others really need write access? What permissions should be used?

    For example, pretty much every directory and file installed in "Library/WowzaStreamingEngine-4.1.2"...

    % ls -al /Library/WowzaStreamingEngine-4.1.2
    total 0
    drwxrwxrwx 16 root wheel 544 Jun 10 13:34 .
    drwxr-xr-x+ 65 root wheel 2210 Jun 10 13:34 ..
    drwxrwxrwx 4 root wheel 136 Jun 10 13:34 applications
    drwxrwxrwx 2 root wheel 68 Jun 10 13:34 backup
    drwxrwxrwx 16 root wheel 544 Jun 10 13:34 bin
    drwxrwxrwx 20 root wheel 680 Jun 10 14:22 conf
    drwxrwxrwx 4 root wheel 136 Jun 10 13:34 content
    drwxrwxrwx 7 root wheel 238 Jun 10 13:34 documentation
    drwxrwxrwx 11 root wheel 374 Jun 10 13:34 examples
    drwxrwxrwx 2 root wheel 68 Jun 10 13:34 keys
    drwxrwxrwx 5 root wheel 170 Jun 10 13:34 legal
    drwxrwxrwx 47 root wheel 1598 Jun 10 13:34 lib
    drwxrwxrwx 6 root wheel 204 Jun 10 14:26 logs
    drwxrwxrwx 6 root wheel 204 Jun 10 13:34 manager
    drwxrwxrwx 2 root wheel 68 Jun 10 13:34 mediacache
    drwxrwxrwx 2 root wheel 68 Jun 10 13:34 updates

  2. #2

    Default

    Hi,

    Wowza generally installs with enough permissions in order to work without the user having to worry too much about permissions. So it can be seen as quite generous on some platforms, as in OS X - which is generally similar to a desktop installation. For example, if installed and run as stand-alone mode then Wowza is running as the user logged into OS X at that time, so long as that user also has admin/root privileges.

    You can lock this down manually to your specific administrator user, for example user "paul" in group "staff" (stop Wowza first)

    cd /Library
    
    chmod -R 700 WowzaStreamingEngine-X.X.X
    
    chown -R paul:admin WowzaStreamingEngine-X.X.X
    That would prevent anyone apart from "paul" (or root of course) from cd'ing into the Wowza installation path.


    Paul

  3. #3

    Default

    Apple has guidelines on best practices on software install on OS X, these permissions on either OS X client or server don't follow there guidelines.

    https://developer.apple.com/library/...hecklists.html

    Everyone should not have write access to /Library or sub-directories. I would recommend that the installer is fixed to use proper permissions in future releases.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •