WHY is JRE RPM download not executable?
I've just begun downloading the JRE 1.5 RPM from Sun, in order to install it to my Suse 9.1 machine. While it's downloading, I started looking at the installation instructions. One of the first steps is to add the "x" permission to the downloaded file. I'm still somewhat naive and ignorant in the ways of the penguin (and weak on security in general), so maybe this is an obvious question to most of you, but WHY wouldn't the file be executable from the get-go? Of course, as I type this it brings to my mind the question of how file permissions interact with downloads - if I download a file from a webserver, do the permissions correspond to those on the original file (and how would that address different users/groups on the different machines), is there some universal method that the permissions fall out on the destination copy, is the result the same as if the downloading user had created a new file from scratch him/herself, or is there some setting somewhere that tells the OS what to do with downloaded files? Having thought this through while typing the message, I'm guessing the resulting, downloaded file, holds permissions equal to what the permissions would be if the user simply created a file from scratch. Feel free to correct me. AND, while I obviously have answered (I think) my own question and there's now no need for me to post this, on the offchance it does help someone somewhere, I figure I'll add it to the list anyway for posterity. Hopefully it will prove more helpful than detrimental in the long run.
On Tue, 2005-10-18 at 13:02 -0400, Steve Jacobs wrote:
I've just begun downloading the JRE 1.5 RPM from Sun, in order to install it to my Suse 9.1 machine. While it's downloading, I started looking at the installation instructions.
One of the first steps is to add the "x" permission to the downloaded file. I'm still somewhat naive and ignorant in the ways of the penguin (and weak on security in general), so maybe this is an obvious question to most of you, but WHY wouldn't the file be executable from the get-go?
The x attribute signifies whether or not the file can be executed. You will have to ask the person that provided the file why. -- Ken Schneider UNIX since 1989, linux since 1994, SuSE since 1998
On 10/18/05, Ken Schneider
On Tue, 2005-10-18 at 13:02 -0400, Steve Jacobs wrote:
I've just begun downloading the JRE 1.5 RPM from Sun, in order to install it to my Suse 9.1 machine. While it's downloading, I started looking at the installation instructions.
One of the first steps is to add the "x" permission to the downloaded file. I'm still somewhat naive and ignorant in the ways of the penguin (and weak on security in general), so maybe this is an obvious question to most of you, but WHY wouldn't the file be executable from the get-go?
The x attribute signifies whether or not the file can be executed. You will have to ask the person that provided the file why.
Files on (web|ftp)servers are normally not executable for security reasons. Every file put onto the server is automatically chmod(ed) with the mask set for the directory. \Steve
On Tue, 2005-10-18 at 13:36 -0400, Ken Schneider wrote:
On Tue, 2005-10-18 at 13:02 -0400, Steve Jacobs wrote:
I've just begun downloading the JRE 1.5 RPM from Sun, in order to install it to my Suse 9.1 machine. While it's downloading, I started looking at the installation instructions.
One of the first steps is to add the "x" permission to the downloaded file. I'm still somewhat naive and ignorant in the ways of the penguin (and weak on security in general), so maybe this is an obvious question to most of you, but WHY wouldn't the file be executable from the get-go?
The x attribute signifies whether or not the file can be executed. You will have to ask the person that provided the file why.
I'm not an ace when it comes to RPM's, but having it executable makes no sense to me. If I understand the files in an RPM they have they attributes already assigned and are placed in the install systems normal directory structure with those same permissions. I can understand changing the permissions on any install scripts I download, as they don't come down marked as executable, but not an RPM. Mike
On 10/19/05, Mike McMullin
On Tue, 2005-10-18 at 13:36 -0400, Ken Schneider wrote:
On Tue, 2005-10-18 at 13:02 -0400, Steve Jacobs wrote:
I've just begun downloading the JRE 1.5 RPM from Sun, in order to install it to my Suse 9.1 machine. While it's downloading, I started looking at the installation instructions.
One of the first steps is to add the "x" permission to the downloaded file. I'm still somewhat naive and ignorant in the ways of the penguin (and weak on security in general), so maybe this is an obvious question to most of you, but WHY wouldn't the file be executable from the get-go?
The x attribute signifies whether or not the file can be executed. You will have to ask the person that provided the file why.
I'm not an ace when it comes to RPM's, but having it executable makes no sense to me. If I understand the files in an RPM they have they attributes already assigned and are placed in the install systems normal directory structure with those same permissions. I can understand changing the permissions on any install scripts I download, as they don't come down marked as executable, but not an RPM.
That's perfectly right. In case of the JRE you're downloading a file called jre-xxx.rpm.bin which is a self-extracting archive you will have to invoke directly. It then displays the licensing information and extracts an RPM ready for installation via rpm -i. \Steve
Steve, On Tuesday 18 October 2005 10:02, Steve Jacobs wrote:
I've just begun downloading the JRE 1.5 RPM from Sun, in order to install it to my Suse 9.1 machine. While it's downloading, I started looking at the installation instructions.
One of the first steps is to add the "x" permission to the downloaded file.
Presumably you chose the "Linux RPM in self-extracting file" download. Note the suffix of the downloaded is ".bin" (or, more specifically, ".rpm.bin"), not ".rpm". The file you're downloading is not the RPM. It's a small script with a large chunk of data appended. You run the script (necessitating the "chmod +x ..."), it shows you the license agreement and when you affirm your acceptance it unpacks the RPM payload. You don't actually have to execute the script, you can give the command "sh jre-1_5_0_05-linux-i586-rpm.bin". To answer the question in the subject, the file's mode upon completion of the download is determined by the software that performs the download, but generally such software will not make downloads executable.
...
Randall Schulz
participants (5)
-
Ken Schneider -
Mike McMullin -
Randall R Schulz -
Steve Graegert -
Steve Jacobs