Paths to executables not working with non-admin accounts

General support questions
Post Reply
kadwm00
Posts: 13
Joined: 2022/09/19 14:55:18

Paths to executables not working with non-admin accounts

Post by kadwm00 » 2022/11/18 20:36:55

I am using the Cadence software package where the executables are located under these directories:

# Provide paths to a Cadence application
PATH=$PATH:/home/administrator/cadence/installs/IC618/bin
PATH=$PATH:/home/administrator/cadence/installs/GENUS211/bin
PATH=$PATH:/home/administrator/cadence/installs/INNOVUS211/bin
export PATH


I have the above script along with an environment setting to the licensing server. My understanding is that sh.local under etc/profile.d gets executed regardless of whether the user is an admin or non-admin. I also found this comment here telling me it gets done last:
viewtopic.php?t=70417

For IC618, one uses 'virtuoso' to bring up the GUI. There are also commands for the 'genus' and 'innovus' respectively to those executables.

I have one workstation where no errors occur for virtuoso or innovus or genus regardless of whether the user is admin or non-admin.

I tried a different way of installing CentOS 7 for some other reasons related to installing these Cadence programs. I now have workstations where the script works great if the user account is an admin, but gives me an error if the account is non-admin. If the account is changed to admin, it works.

A 'printenv' command shows that the respective paths above and the licensing env variable is available to the non-admin user. However, I get an error like "bash virtuoso: command not found..."

I have one CentOS 7 workstation that I installed this past July or so and kept updated, so some how admin and non-admin users do not give me any problems when trying to execute 'virtuoso' or 'innovus' for example. A 'whereis innovus' shows me "innovus:/home/administrator/cadence/installs/INNOVUS211/bin" works the same for both accounts.

This problem seems to occur fairly often, but I could not find an example applicable to my situation. I executed 'printenv' for an admin and non-admin and don't see any differences. What is the difference with one workstation working fine but the others not working?

I noticed there is also a an 'environment' under etc/. I still need to try it. Would that be better?

User avatar
TrevorH
Site Admin
Posts: 32401
Joined: 2009/09/24 10:40:56
Location: Brighton, UK

Re: Paths to executables not working with non-admin accounts

Post by TrevorH » 2022/11/18 21:04:19

If you are expecting users other than 'adminstrator' to be able to use this then you need to install your software somewhere other than the 'administrator' user's home directory which is (and should be) private and accessible only to that user. By default user directories under /home are created with permissions of drwx------ meaning that only the owner of that directory can get inside it. This is the correct setting from a security POV or user Jane would be able to read all Dick's personal files.

If security is not a great concern then you could chmod o+x /home/administrator which would allow other users to traverse the /home/administrator directory and get to things inside it. So long as the cadence subdirectory also allows other users to read/traverse it then it should work. Look at the output from namei -l /home/administrator/cadence/installs/IC618/bin for example. A user has to be able to either read each directory on the way down to the end or it has to be able to traverse it to get to things it already knows about that exist in the traversed directory.
CentOS 8 died a premature death at the end of 2021 - migrate to Rocky/Alma/OEL/Springdale ASAP.
Info for USB installs on http://wiki.centos.org/HowTos/InstallFromUSBkey
CentOS 5 and 6 are dead, do not use them.
Use the FAQ Luke

tunk
Posts: 1128
Joined: 2017/02/22 15:08:17

Re: Paths to executables not working with non-admin accounts

Post by tunk » 2022/11/19 01:41:53

I usually put non-CentOS software in /opt.

User avatar
jlehtone
Posts: 4202
Joined: 2007/12/11 08:17:33
Location: Finland

Re: Paths to executables not working with non-admin accounts

Post by jlehtone » 2022/11/19 10:44:03

The /etc/profile has utility function. I'd have file /etc/profile.d/cadence-paths.sh
with content:

Code: Select all

pathmunge path_to_cadence/IC618/bin after
pathmunge path_to_cadence/GENUS211/bin after
pathmunge path_to_cadence/INNOVUS211/bin after
The file does not need to be executable (it will be sourced) and there is no clear need to do it last.

Now, what is good path_to_cadence?
* /opt/cadence makes sense. /opt is on / filesystem by default, so space might become a concern
* /home/cadence, perhaps although it won't be a "home directory" unlike everything else in /home/
* I have unmanaged software on network share that is mounted to every machine (as /site/app7 for CentOS 7 software)

Whoever
Posts: 1299
Joined: 2013/09/06 03:12:10

Re: Paths to executables not working with non-admin accounts

Post by Whoever » 2022/11/19 16:17:36

jlehtone wrote:
2022/11/19 10:44:03

Now, what is good path_to_cadence?
* /opt/cadence makes sense. /opt is on / filesystem by default, so space might become a concern
* /home/cadence, perhaps although it won't be a "home directory" unlike everything else in /home/
* I have unmanaged software on network share that is mounted to every machine (as /site/app7 for CentOS 7 software)
Personally, I use something like /home/tools/Cadence, where the /home directory is managed by the automounter.

kadwm00
Posts: 13
Joined: 2022/09/19 14:55:18

Re: Paths to executables not working with non-admin accounts

Post by kadwm00 » 2022/12/02 20:12:08

Thank you everyone for the suggestions on administering a workstation.

It turns out that InstallScape will not allow me to put their software into the 'opt/' directory. I tried changing the default directory, but it would not let me do it, so it seems I have limited options there. The InstallScape is executed from a script and then it runs the installation software. So, whomever has some administration privileges will end up with the installs under their directory.

I did note that Libreoffice and a couple other softwares were under the opt/ directory.

I followed the instructions to check permissions on each system. This is for the working one where the software loads:
[guest@engc129-90226 ~]$ namei -l /home/administrator/cadence/installs/IC618/bin
f: /home/administrator/cadence/installs/IC618/bin
dr-xr-xr-x root root /
drwxr-xr-x root root home
drwxr-xr-x administrator administrator administrator
drwxrwxr-x administrator administrator cadence
drwxrwxr-x administrator administrator installs
drwxr-xr-x root root IC618
drwxr-xr-x root root bin
[guest@engc129-90226 ~]$
Then, this is for the one where it will not load with a non-admin account without the permissions changed:
[guest@engc129-90229 ~]$ namei -l /home/administrator/cadence/installs/IC618/bin
f: /home/administrator/cadence/installs/IC618/bin
dr-xr-xr-x root root /
drwxr-xr-x root root home
drwxrwx--- administrator administrator administrator
cadence - No such file or directory
[guest@engc129-90229 ~]$ virtuoso
bash: virtuoso: command not found...
After changing the permissions as suggested by Trevor with chmod o+x /home/administrator , I was able to load up virtuoso and other installed Cadence software. I did try the pathmunge/after on another workstation, but that did not work.

Here is the result of checking the permission for the subdirectory:
[guest@engc129-90229 ~]$ namei -l /home/administrator/cadence/installs/IC618/bin
f: /home/administrator/cadence/installs/IC618/bin
dr-xr-xr-x root root /
drwxr-xr-x root root home
drwxrwx--x administrator administrator administrator
drwxrwxr-x administrator administrator cadence
drwxrwxr-x administrator administrator installs
drwxrwxr-x administrator administrator IC618
drwxr-xr-x administrator administrator bin
I posted this for my and as reference for others. I did read about namei, pathmunge, after, and chmod again. I also noted that 'whereis virtuoso' also gave an output for the 'bin/' directory which was not happening before the permissions change.

I did install CentOS slightly differently on the 90226 versus the 90229 because I was trying to resolve some issues with the software installing with all the dependencies from InstallScape. If anyone has dealt with Cadence, they will know the annoying things about it. Anyway, the permission change will be enough since I do need people to execute and read but not write to the install directories.

Post Reply