Hello tangoers,
after installing ArchivingRoot archiving system, we wanted to authorize only accounts in group archivage to be able to execute mambo-rw.

We gave read & execution rights on this directory to all users:

$ ls -la ArchivingRoot/bin
total 0
dr-xr-xr-x 4 USER archivage 32 août 18 2020 .
dr-xr-xr-x 8 USER archivage 114 oct. 2 2020 ..
dr-xr-xr-x 3 USER archivage 170 mai 10 2021 linux
drwxr-xr-x 2 USER archivage 193 août 18 2020 win32

When launching mambo-rw, we got following error: "Mambo encountered an undesired error and will close: The path is read only".

This issue was solved when we gave rwx rights for all users which should execute mambo-rw to directory "~":

$ ls -la ArchivingRoot/bin/linux/
total 52
drwxrwxr-x 3 1001 archivage 20 Oct 2 2020 ~
dr-xr-xr-x 3 1001 archivage 170 May 10 2021 .
dr-xr-xr-x 4 1001 archivage 32 Aug 18 2020 ..
-r-xr-xr-x 1 1001 archivage 8627 Aug 18 2020 bensikin
-r–r–r– 1 1001 archivage 51 May 2 2011 bensikin-rw
-r–r–r– 1 1001 archivage 1814 Aug 18 2020 databaseconnection
-r-xr-xr-x 1 1001 archivage 8337 May 10 2021 mambo
-r-xr-xr-x 1 1001 archivage 48 Jan 8 2014 mambodegrad
-r-xr-xr– 1 1001 archivage 55 Jan 8 2014 mambodegrad-rw
-r-xr-x— 1 1001 archivage 48 May 2 2011 mambo-rw
-r–r–r– 1 1001 archivage 5681 Aug 18 2020 snapshotexplorer

However, my understanding is those rights should only be given to account path and not to binaries path.
Why are these rights necessary?

I would like to give right for launching read-only tools for all users but I got the following message:
"Failed to lock account folder for writing. Please check your account folder rights (write access)."

Here is the current rights from account path:

$ ls -la /data/shared/archivage/
total 8
drwxrwxr-x 7 USER archivage 67 déc. 17 10:26 .
drwxrwxrwt 49 root root 4096 déc. 14 10:38 ..
drwxrwxr-x 2 USER archivage 161 oct. 26 19:50 ac
drwxrwxr-x 2 USER archivage 6 oct. 2 2020 acd
drwxrwxr-x 2 USER archivage 25 oct. 2 2020 history
drwxrwxr-x 2 USER archivage 25 oct. 2 2020 options
drwxrwxr-x 2 USER archivage 21 sept. 28 15:04 vc

I understand I should give write rights to some directories, but I do not want users be able to modify ac (archiving configuration) or vc (visualisation configuration).

Which directories should have write access?
Giving write access to the directory only but no subdirectories will be sufficient?

Regards.
- Philippe
Edited 2 years ago