Better owner, group, and mode management for .keystone_install.

BUG=none TEST=none Review URL: http://codereview.chromium.org/338048 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@30224 0039d316-1c4b-4281-b951-d872f2087c98

Better owner, group, and mode management for .keystone_install.
BUG=none TEST=none Review URL: http://codereview.chromium.org/338048 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@30224 0039d316-1c4b-4281-b951-d872f2087c98
e4056b93 · mark@chromium.org · 4eaca49e · e4056b93
Commit e4056b93 authored Oct 27, 2009 by mark@chromium.org
Hide whitespace changes
Inline Side-by-side

Showing with 27 additions and 14 deletions

chrome/tools/build/mac/keystone_install.sh chrome/tools/build/mac/keystone_install.sh +27 -14

No files found.
--- a/chrome/tools/build/mac/keystone_install.sh
+++ b/chrome/tools/build/mac/keystone_install.sh
@@ -271,25 +271,38 @@ for versioned_dir in "${DEST}/Contents/Versions/"* ; do
  fi
 done
-# If this script is not running as root (indicating an update driven by user
+# If this script is not running as root (indicating an update driven by a user
-# Keystone) and the application is installed somewhere under /Applications,
+# Keystone ticket) and the application is installed somewhere under
-# try to make it writeable by all admin users.  This will allow other admin
+# /Applications, try to make it writeable by all admin users.  This will allow
-# users to update the application from their own user Keystone instances.
+# other admin users to update the application from their own user Keystone
+# instances.
 #
-# If this script is running as root, it's driven by system Keystone, and
+# If the script is not running as root and the application is not installed
-# future updates can be expected to be applied the same way, so
+# under /Applications, it might not be in a system-wide location, and it
-# admin-writeability is not a concern.
+# probably won't be something that other users on the system are running, so
+# err on the side of safety and don't make it group-writeable.
 #
-# If the application is not installed under /Applications, it might not be in
+# If this script is running as root, it's driven by a system Keystone ticket,
-# a system-wide location, and it probably won't be something that other users
+# and future updates can be expected to be applied the same way, so
-# are running, so err on the side of safety and don't make it group-writeable.
+# admin-writeability is not a concern.  Set the entire thing to be owned by
+# root in that case, regardless of where it's installed, and drop any group
+# and other write permission.
 #
 # If this script is running as a user that is not a member of the admin group,
-# this operation will not succeed.  Tolerate that case, because it's better
+# the chgrp operation will not succeed.  Tolerate that case, because it's
-# than the alternative, which is to make the application world-writeable.
+# better than the alternative, which is to make the application
-if [ ${EUID} -ne 0 ] && [ "${DEST:0:14}" = "/Applications/" ] ; then
+# world-writeable.
-  (chgrp -Rfh admin "${DEST}" && chmod -Rf g+w "${DEST}") >& /dev/null
+CHMOD_MODE="a+rX,u+w,go-w"
+if [ ${EUID} -ne 0 ] ; then
+  if [ "${DEST:0:14}" = "/Applications/" ] &&
+     chgrp -Rh admin "${DEST}" >& /dev/null ; then
+    CHMOD_MODE="a+rX,ug+w,o-w"
+  fi
+else
+  chown -Rh root:wheel "${DEST}" >& /dev/null
 fi
+chmod -R "${CHMOD_MODE}" "${DEST}" >& /dev/null
 # Great success!
 exit 0