CPAN changing permissions on OSX

some Perl code
some Perl code

If you are looking for a Perl module to interface with Amazon’s S3 hosting service, do not use the Net::Amazon::S3 module. It has an unrealistically huge list of modules on which it’s dependent (one of which is more like a framework — a pain in itself) and you’ll likely never get it installed. The Amazon::S3 module by Timothy Appnel installs without a hitch, and it was based on an earlier version of the Net::Amazon::S3 module.

So apparently something in CPAN on OSX 10.6 (Perl version 5.10.0) causes it to change permissions of the /usr/bin/cpan script, not only removing the executable bit for all, but also setting the write bit (not good).

This results in the common “permission denied” message when someone trys to run CPAN to install some Perl modules:


[root@lorien ~]# cpan
-bash: /usr/bin/cpan: Permission denied

For the uninitiated, this permission change will render your CPAN installation completely vulnerable to anyone who logs in (or breaks in) to the system, even standard “normal” user accounts.

You can run this find statement to show all files in a directory (including subdirectories) that are world-writeable:
find . -perm -o+w

In the example below, I’ve paired this with the “exec” argument using ‘ls’ to show the permissions and inode number of each file.


[root@lorien bin]# find . -perm -o+w -exec ls -ldi {} \;
2491453 -rw-rw-rw- 34 root wheel 807 2009-06-24 02:42 ./c2ph
2491453 -rw-rw-rw- 34 root wheel 807 2009-06-24 02:42 ./corelist
2491453 -rw-rw-rw- 34 root wheel 807 2009-06-24 02:42 ./cpan
2491453 -rw-rw-rw- 34 root wheel 807 2009-06-24 02:42 ./cpan2dist
2491453 -rw-rw-rw- 34 root wheel 807 2009-06-24 02:42 ./cpanp
2491453 -rw-rw-rw- 34 root wheel 807 2009-06-24 02:42 ./cpanp-run-perl
2491453 -rw-rw-rw- 34 root wheel 807 2009-06-24 02:42 ./dprofpp
2491453 -rw-rw-rw- 34 root wheel 807 2009-06-24 02:42 ./enc2xs
2491453 -rw-rw-rw- 34 root wheel 807 2009-06-24 02:42 ./find2perl
2491453 -rw-rw-rw- 34 root wheel 807 2009-06-24 02:42 ./h2ph
2491453 -rw-rw-rw- 34 root wheel 807 2009-06-24 02:42 ./h2xs
2491453 -rw-rw-rw- 34 root wheel 807 2009-06-24 02:42 ./libnetcfg
2491453 -rw-rw-rw- 34 root wheel 807 2009-06-24 02:42 ./perlbug
2491453 -rw-rw-rw- 34 root wheel 807 2009-06-24 02:42 ./perlcc
2491453 -rw-rw-rw- 34 root wheel 807 2009-06-24 02:42 ./perldoc
2491453 -rw-rw-rw- 34 root wheel 807 2009-06-24 02:42 ./perlivp
2491453 -rw-rw-rw- 34 root wheel 807 2009-06-24 02:42 ./perlthanks
2491453 -rw-rw-rw- 34 root wheel 807 2009-06-24 02:42 ./piconv
2491453 -rw-rw-rw- 34 root wheel 807 2009-06-24 02:42 ./pl2pm
2491453 -rw-rw-rw- 34 root wheel 807 2009-06-24 02:42 ./pod2html
2491453 -rw-rw-rw- 34 root wheel 807 2009-06-24 02:42 ./pod2latex
2491453 -rw-rw-rw- 34 root wheel 807 2009-06-24 02:42 ./pod2man
2491453 -rw-rw-rw- 34 root wheel 807 2009-06-24 02:42 ./pod2text
2491453 -rw-rw-rw- 34 root wheel 807 2009-06-24 02:42 ./pod2usage
2491453 -rw-rw-rw- 34 root wheel 807 2009-06-24 02:42 ./podchecker
2491453 -rw-rw-rw- 34 root wheel 807 2009-06-24 02:42 ./podselect
2491453 -rw-rw-rw- 34 root wheel 807 2009-06-24 02:42 ./psed
2491453 -rw-rw-rw- 34 root wheel 807 2009-06-24 02:42 ./pstruct
2491453 -rw-rw-rw- 34 root wheel 807 2009-06-24 02:42 ./ptar
2491453 -rw-rw-rw- 34 root wheel 807 2009-06-24 02:42 ./ptardiff
2491453 -rw-rw-rw- 34 root wheel 807 2009-06-24 02:42 ./s2p
2491453 -rw-rw-rw- 34 root wheel 807 2009-06-24 02:42 ./shasum
2491453 -rw-rw-rw- 34 root wheel 807 2009-06-24 02:42 ./splain
2491453 -rw-rw-rw- 34 root wheel 807 2009-06-24 02:42 ./xsubpp

As you can see from the output, there are a lot of files that were affected, but you can also see from the inode number that they are all hard links to the same file (good in this case). So, we fix the permissions on one file and we fix them all.


[root@lorien bin]# chmod 0755 cpan
[root@lorien bin]# ls -ld cpan
-rwxr-xr-x 34 root wheel 807 2009-06-24 02:42 cpan
[root@lorien bin]# find . -perm -o+w -exec ls -ldi {} \;
[root@lorien bin]#

Life is good again. (Note: this will fix the problems, but not the root cause. I’m too lazy to start looking into CPAN itself to find the root cause, so… I’ll leave it to the smart guys who actually write the code for CPAN to figure that one out.)

And in case you are wondering, yes, my computer’s name is Lorien. What can I say? I’m a LotR nerd. Not too unusual for us techie types.