Lazarus directory permissions on Linux and Unix
One of the most annoying facts of the default Lazarus install on Linux is that Lazarus benefits from full access to its files (because of recompilation for example), yet as an ordinary user you don't get it.
There are several workarounds:
- Work as root This is against good unix practice and you should strictly limit the time your programs work under root privileges. Say, you may invoke Lazarus as root just to install some packages and recompile IDE, then return to work as normal user. You should not do the development work as root.
- Install just for yourself Installing Lazarus into your home directory overcomes the limitation, but the drawbacks are that it implies manual installation, and other users (if any) cannot use it.
- Make Lazarus dir world writable Solves write problems for all users, but anyone can mess things up, also can pose a security risk.
Perhaps the most correct unix way is to use groups. You may either create a new group like "lazarus" or "devel" specifically for it, or you can use an existing group, perhaps a privileged users groups as "adm" (e.g, Ubuntu) and "wheel" (BSD) are on some systems.
If you create a new group, as root do this:
- addgroup mygroupname
Add yourself to the relevant group:
- addgroup myusername mygroupname
Change group for the Lazarus directory tree (/usr/local/share/lazarus or /usr/lib/lazarus/[version] on Debian or Ubuntu):
- chgrp -R mygroupname <lazarus_dir>
Add write access for the group to the Lazarus directory tree:
- chmod -R g+w <lazarus_dir>
Do "ls -l" <lazarus_dir> to confirm files in it have the adequate security parameters, for example:
-rwxrwxr-x 1 root lazarus 27100648 2011-10-10 20:26 lazarus
And that's it. You may now recompile the IDE as a normal user, yet you don't expose security risks working as root. Other users cannot do the same if they do not belong to the needed group; if someone needs write access to the lazarus dir, you just add them to the group.
