Results 1 to 6 of 6
Discuss [Req] comprehensive list of permissions/ownership at the Free Toolchain Software (Cydia App's) - Hackint0sh.org; i only hope that I titled this post correctly so as to avoid the wrath ...
  1. #1
    Advanced Array

    Join Date
    Jan 2008
    Posts
    35
    Post Thanks / Like
    Downloads
    0
    Uploads
    0
    Rep Power
    0

    Default [Req] comprehensive list of permissions/ownership

    i only hope that I titled this post correctly so as to avoid the wrath of the moderators. (I looked but couldn't find the guidelines.)

    After messing with my phone for months, going through every upgrade since 1.0.2, and just about every jailbreak method, the latest version of my phone is a custom firmware based on 1.1.4. Having survived a difficult learning curve with WinPwn, I now have my phone ALMOST exactly the way I would like it, having endured countless restores in the past few days. (My phone kept freezing up or moving VERY slowly. The only solution I found was to content myself with just the bare essential apps.)

    Anyway, my question is this: does someone have a definitive list of which apps should run as 'root' and which as 'mobile'? I understand that basically anything that writes should be root, but how does this work with, say, Mail, which runs as 'mobile' but obviously writes? In other words, please explain ownership as well as write permission issues. Right now, I can't add a new email account to my phone. I access "Add Account" through "Settings" (Preferences.app), but the new account doesn't save, and thus doesn't appear when I open up the mail app. So, what's going on here? Specifically, who should own /Applications/MobileMail.app, /Applications/Preferences.app, /var/mobile/Library/Mail, and especially var/mobile/Library/Mail/Accounts.plist?

    Thanks for any help!



  2. #2
    Former Bender
    Guest

    Default

    Hi, your MobileMail.app folder and its binary's ownership - permissions should be root:wheel - 755
    All the other files inside /Applications/MobileMail.app/ should be root:wheel - 644.

    Since 1.1.3, Apple has added the mobile user account.
    Springboard now runs all the apps as mobile (mobile:wheel - 755) instead of root (root:wheel - 755), by bypassing the app's original permissions.
    Even apps with root level will be executed as mobile.
    This option is in /System/Library/LaunchDaemons/com.apple.SpringBoard.plist.

    The apps launched as mobile will write their prefs or other files in /private/var/mobile/
    If the launched app's original ownership - permissions are root:wheel - 755, it will be able to write files or folders with root level located in /var/mobile/

    Unofficial 3rd party apps are not acting the same way.
    They were initially developed to run as root and some of them even launched as mobile still want to write in /private/var/root/ (their default path is hardcoded).
    Because they don't have permissions to do it, actually they can't.
    That's the reason why, you can see people saying they can't save prefs in some apps.

    You might see some exceptions like "Installer.app" that requires special permissions (root:wheel or admin and 6755 or 4755).
    (4 and 6 (SUID) will prevent Springboard to execute the app as mobile)

    You might ask why ? Well, the reason is simple:

    Installer is doing something that is not possible since 1.1.3.
    It is writing in root level area of the filesystem to install files and set permissions.

    For example:

    The Summerboard.app or even BSD Subsystem installation process requires modification/installation of files with root level.
    If Installer has only mobile (mobile:wheel - 755) level, it won't be able to write/modify the files.
    The Installation will fail with a script execution error.

    Also, when you install MobileFinder or FileBrowser, you'll need to manually change their permissions/ownership same as Installer to be able to modify or set file permissions of files with root level.

    All the unofficial 3rd party apps should be run as mobile if they don't need to access the / (root).

    In fact with the mobile user account Apple has brought more security, especially for the upcoming apps that will be available on the AppStore.

    You can read these two thread for more details

    [Solution][Updated] Fix Installer v3.1 "Package download failed " & permissions error

    [HowTo] Check why your app is crashing/not saving/freezing... and more
    Last edited by Former Bender; 06-15-2008 at 07:13 AM.

  3. #3
    Advanced Array

    Join Date
    Jan 2008
    Posts
    35
    Post Thanks / Like
    Downloads
    0
    Uploads
    0
    Rep Power
    0

    Default Well, that's certainly interesting...

    The solution I found is to run Mail as mobile--just the opposite of what you suggested--but to also have it write to a mobile-owned Mail folder within /private/var/Mobile/Library. I found that as long as Preferences.app was running in root, and had write permissions for Accounts.plist, things worked okay.

    Here are some screen grabs of the file system on my phone. Please let me know what you think:

    /private/var/Mobile/Library (part 1):

    (Not sure if these images will show up in my post, so here is the URL.)

    /private/var/Mobile/Library (part 2):

    (link)

    /Applications (part 1):

    (link)

    /Applications (part 2):

    (link)

    I may have gone overboard in giving root access to too many apps, but too many things need to write, e.g., MobileCast, or, most especially, TimeCapsule, if you want to be able to restore. I made the MobileCast folder in ../../mobile/Media owned by root, as well as made it universally-writable; this may have been overkill, but before I did this, MobileCast wasn't refreshing the list of feeds.

    So, I am not really satisfied with/convinced by your answer...perhaps you can explain to me the security benefits of running most apps as mobile rather than root. (I come from a linux perspective, so I do understand the basic concept of root, but I am the only one with access to my phone's file system, and if I screw something up--and I do, regularly--I just fix it.)

  4. #4
    Advanced Array

    Join Date
    Jan 2008
    Posts
    35
    Post Thanks / Like
    Downloads
    0
    Uploads
    0
    Rep Power
    0

    Default

    Furthermore, all of the files within the /Applications/MobileMail.app folder (aside from the executable itself, which is currently set at 0755) are simply language files and PNGs of things like the little envelope, etc. Why do I need root access to image files, if the user 'mobile' is accessing them?

  5. #5
    Former Bender
    Guest

    Default

    Quote Originally Posted by amadomon View Post
    The solution I found is to run Mail as mobile--just the opposite of what you suggested--but to also have it write to a mobile-owned Mail folder within /private/var/Mobile/Library.
    I'm sorry but i try to see when i suggested you to run MobileMail as root.

    My previous post was to explain you how the ownership/permissions work in the iPhone OS.

    The default permissions/ownership for MobileMail.app are:

    Code:
    drwxrwxr-x  root:admin MobileMail.app
    All the files inside the app package are root:admin as well, only their permissions are different.

    MobileMail binary and all the .lproj localization folders are 755.
    The other files are 644.

    The Mail folder in /private/var/mobile/Library/ is mobile:wheel - 755
    All the folders and subfolders inside are mobile:wheel - 755
    All the files (plist, emlx, etc...) are mobile:wheel - 644

    Now you can see that launching MobileMail as mobile or root wont make any difference, because all the files it need to modify/create require only mobile level.

    Do you understand now ?


  6. #6
    Former Bender
    Guest

    Default

    Quote Originally Posted by amadomon View Post
    Furthermore, all of the files within the /Applications/MobileMail.app folder (aside from the executable itself, which is currently set at 0755) are simply language files and PNGs of things like the little envelope, etc. Why do I need root access to image files, if the user 'mobile' is accessing them?
    I think you are confusing ownership and permissions.

    Ownership is the user:group belonging to the file.
    Permissions is the ability to read/write/execute a file.

    Permissions are defined as follow:

    xXXX

    first x = suid.
    second X = User permissions
    third X = Group permissions
    fourth X = Others permissions

    for example 755 represents:

    7 = User can read/write/execute
    5 = Group can read/write
    5 = Others can read/write

    So if your Application's ownership is root:wheel but run as mobile and it wants to modify a mobile:wheel file, i don't see any problem.

 

 

Similar Threads

  1. Can't Repair Disk Permissions - Ownership Confused?
    By Doctor Bob in forum Installation
    Replies: 7
    Last Post: 01-10-2009, 08:13 AM
  2. Replies: 10
    Last Post: 10-03-2008, 04:35 PM
  3. [1.1.4] setting permissions/ownership
    By amadomon in forum Tools
    Replies: 2
    Last Post: 03-12-2008, 06:10 PM
  4. [1.1.4] setting permissions/ownership
    By amadomon in forum General
    Replies: 1
    Last Post: 03-12-2008, 04:50 PM
  5. working apps - comprehensive list?
    By bootleg in forum General
    Replies: 1
    Last Post: 07-09-2007, 10:44 PM

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  
Powered by vBulletin®
Copyright © 2014 vBulletin Solutions, Inc. All rights reserved.
Search Engine Friendly URLs by vBSEO
(c) 2006-2012 Hackint0sh.org
All times are GMT +2. The time now is 01:06 PM.
twitter, follow us!