[Req] comprehensive list of permissions/ownership
i only hope that I titled this post correctly so as to avoid the wrath of the moderators. (I looked but couldn't find the guidelines.)
After messing with my phone for months, going through every upgrade since 1.0.2, and just about every jailbreak method, the latest version of my phone is a custom firmware based on 1.1.4. Having survived a difficult learning curve with WinPwn, I now have my phone ALMOST exactly the way I would like it, having endured countless restores in the past few days. (My phone kept freezing up or moving VERY slowly. The only solution I found was to content myself with just the bare essential apps.)
Anyway, my question is this: does someone have a definitive list of which apps should run as 'root' and which as 'mobile'? I understand that basically anything that writes should be root, but how does this work with, say, Mail, which runs as 'mobile' but obviously writes? In other words, please explain ownership as well as write permission issues. Right now, I can't add a new email account to my phone. I access "Add Account" through "Settings" (Preferences.app), but the new account doesn't save, and thus doesn't appear when I open up the mail app. So, what's going on here? Specifically, who should own /Applications/MobileMail.app, /Applications/Preferences.app, /var/mobile/Library/Mail, and especially var/mobile/Library/Mail/Accounts.plist?
Thanks for any help!
Well, that's certainly interesting...
The solution I found is to run Mail as mobile--just the opposite of what you suggested--but to also have it write to a mobile-owned Mail folder within /private/var/Mobile/Library. I found that as long as Preferences.app was running in root, and had write permissions for Accounts.plist, things worked okay.
Here are some screen grabs of the file system on my phone. Please let me know what you think:
/private/var/Mobile/Library (part 1):
(Not sure if these images will show up in my post, so here is the URL.)
/private/var/Mobile/Library (part 2):
/Applications (part 1):
/Applications (part 2):
I may have gone overboard in giving root access to too many apps, but too many things need to write, e.g., MobileCast, or, most especially, TimeCapsule, if you want to be able to restore. I made the MobileCast folder in ../../mobile/Media owned by root, as well as made it universally-writable; this may have been overkill, but before I did this, MobileCast wasn't refreshing the list of feeds.
So, I am not really satisfied with/convinced by your answer...perhaps you can explain to me the security benefits of running most apps as mobile rather than root. (I come from a linux perspective, so I do understand the basic concept of root, but I am the only one with access to my phone's file system, and if I screw something up--and I do, regularly--I just fix it.)