Permissions on ~olpc/Activities are too restrictive.

[cscott]

On upgrade, olpc-configure resets permissions in /home/olpc to 770; the contents of ~olpc/Activities need to be 755 or 775 instead (installing new Activities sets their permissions to 755).

This is a blocker for update.1, since otherwise pre-installed activities are unusable after upgrade.

[bernie]

Michael, should I set permissions of /home/olpc and all its descendant directories to 775?

We need at least the the x bit for "others" on /home/olpc if we want to make /home/olpc/Activities accessible.

[mstone]

As we learned in #5320, this issue is a bit subtle.

Currently, (i.e. while Rainbow runs as root and while the Datastore runs as uid 500), the important things are that

/home/olpc/.sugar should be rwx by uid 500 and --- by anyone else. /home/olpc and /home/olpc/Activities should be rwx by uid 500 and r-x by anyone else. /home/olpc should contain _no_ world-writable files in directories that are world-traversable

Any assignment of permissions to files in /home/olpc that is consistent with these principles is fine by me, though we should probably be careful to keep SSH happy by locking down .ssh and to keep a tight lid on other sensitive files.

[bernie]

Please let the dust settle for a couple of days, then tag:

olpc-utils-0.63-1.olpc2

for update1

[dgilmore]

bernie you need to get approval for update before it goes in. I cant give you that. please follow the procedue at http://wiki.laptop.org/go/Update.1_process

[mstone]

(In #5851) Should be fixed in joyride-1508 and later.

[jg]

Approved.

[dgilmore]

Please test update.1 build 684

[cscott]

Michael, can you confirm that permissions are reasonable when upgrading to the latest update.1 build, and when it is installed cleanly?