Sen2Cor installer sets some wrong permissions

lnicola · April 13, 2021, 2:42pm

The permissions set by the Sen2Cor installer are a bit weird:

root@8a507c82f30a:/# ll /Sen2Cor-02.09.00-Linux64
total 44
drwxr-sr-x 6 root root  4096 Apr 13 14:38 ./
drwxr-xr-x 1 root root  4096 Apr 13 14:34 ../
-rwx------ 1 root root   661 Apr 13 14:38 L2A_Bashrc* # here
-rw-r--r-- 1 root root 11959 Oct  1  2020 LICENSE.txt
-rw-r--r-- 1 root root  1441 Oct  1  2020 README.md
drwxr-sr-x 2 root root  4096 Apr 13 14:38 bin/
drwxr-xr-x 2 root root  4096 Feb  4 10:01 copyright/
drwxr-sr-x 3 root root  4096 Apr 13 14:38 lib/
drwxr-sr-x 3 root root  4096 Feb  4 10:01 share/

root@8a507c82f30a:/# ll /Sen2Cor-02.09.00-Linux64/bin/
total 18812
drwxr-sr-x 2 root root    4096 Apr 13 14:38 ./
drwxr-sr-x 6 root root    4096 Apr 13 14:38 ../
-rwx------ 1 root root     178 Apr 13 14:38 L2A_Process* # here
-rwxr-xr-x 1 root root 2122344 Apr 13 14:38 gdal_translate*
-rwxr-xr-x 1 root root 2118248 Apr 13 14:38 gdaladdo*
-rwxr-xr-x 1 root root 2114152 Apr 13 14:38 gdalbuildvrt*
-rwxr-xr-x 1 root root 2114152 Apr 13 14:38 gdaldem*
-rwxr-xr-x 1 root root 2114152 Apr 13 14:38 gdalinfo*
-rwxr-xr-x 1 root root 2118248 Apr 13 14:38 gdalwarp*
-rwxr-xr-x 1 root root 2282088 Apr 13 14:38 h52gif*
-rwxr-xr-x 1 root root 2126440 Apr 13 14:38 ogrinfo*
lrwxrwxrwx 1 root root      39 Apr 13 14:38 python -> /Sen2Cor-02.09.00-Linux64/bin/python2.7*
lrwxrwxrwx 1 root root      39 Apr 13 14:38 python2 -> /Sen2Cor-02.09.00-Linux64/bin/python2.7*
-rwxr-xr-x 1 root root 2110056 Apr 13 14:38 python2.7*

root@8a507c82f30a:/# ll /root/sen2cor/2.9/
total 12
drwx------ 3 root root 4096 Apr 13 14:38 ./
drwx------ 3 root root 4096 Apr 13 14:38 ../
drwx------ 2 root root 4096 Apr 13 14:38 cfg/ # here

root@8a507c82f30a:/# ll /root/sen2cor/2.9/cfg
total 16
drwx------ 2 root root 4096 Apr 13 14:38 ./
drwx------ 3 root root 4096 Apr 13 14:38 ../
-rw------- 1 root root 6588 Apr 13 14:38 L2A_GIPP.xml # here

On Unix, it’s idiomatic to set permissions for executables and directories to 755, and to 644 to data files, unless they contain sensitive information. Some of the files (marked above) are instead not accessible by other users. This means that if a system administrator installs a per-machine Sen2Cor instance, she needs to make sure to update these permissions to more reasonable values for non-root users to be able to run the processor.