[ic] Permission error on makecat

[Mike Heins]

Quoting Ed LaFrance (edl@newmediaems.com):
> At 07:45 PM 12/12/2002 -0600, you wrote:
> >I've just finished installing interchange and I get the following error 
> >when I try to run makecat.
> >
> >Couldn't copy interchange.cfg.dist: Permission denied
> >
> >Any ideas what would cause this error?
> 
> Either you VENDROOT directory permissions are goofy, or you are otherwise 
> trying to run makecat as a user who does not have proper permissions to 
> read files in VENDROOT.
> 
> In my consulting travels I often run across Interchange server 
> installations which have been done from the tardist, it which 
> /usr/local/interchange and most of the files and directories therein are 
> owned by root. This is unnecessary,

I must respectfully disagree. In fact, when locking down a site for
production use, I change ownership to root on all of the files
that could be read as configuration or software. If they are writeable
by the interchange UID, it is conceivable that an attack could modify
a file in the software, allowing installation of a trojan on the next
restart. Of course you can run TripWire or some other mechanism to notify
you about such things, but this prevents the problem in the first place.

> and in most cases undesirable, so I 
> will usually recursively chown the whole interchange tree to the 
> interchange user and group (interch.interch in most cases). Then you can 
> run makecat and other ops as interch without getting permissions-related 
> errors. Of course, what you choose to do on your server is up to you.

I think this is fine during development. In production, I would far
rather have everything possible owned by bin or root.

-- 
Mike Heins
Perusion -- Expert Interchange Consulting    http://www.perusion.com/
phone +1.513.523.7621      <mike@perusion.com>

Experience is what allows you to recognize a mistake the second
time you make it. -- unknown