[Gnumed-devel] OS-dependencies for successful bootstrapping of GNUmed

[Busser, Jim]

Hi,

I am trying to understand whether some difficulties that I experienced over 
time are truly Mac OS-related, or just lack of some knowledge, when trying to 
bootstrap.

During the bootstrap process, do the following fully enough describe what is 
needed?

at the OS file system level:
- execute permission on the bootstrap scripts
- read permission on bootstrap conf and data files
- write permission for logging

at the PostgreSQL level
- read / write access to the gnumed databases
- read access to files at the OS file system level

Now it appears that (at least on Mac OS, for a regular user who is not 
restricted) my regular user account has

        rwx permissions on all .sh (and some .py) in
                server
                server/bootstrap

and

        rw permissions on all the rest

making my question what, if anything, in the above requires root or even 
root-like (sudo) access?

For example, if the shell script was executed (initiated) by the regular system 
user, and if within the script there exists a 'su' to postgres, does a problem 
arise at the point of the 'su' to system account user 'postgres' on account of 
limitation of its file privileges to postgres-related directories and maybe 
/tmp …. IOW the 'powers' of sudo are maybe non-inheritable inside the 'su' to 
postgres?

Is that the problem that will prevent a successful bootstrap via sudo on every 
*nix and not just Mac OS?

If a limitation of sudo 'su' gets solved by initiating the bootstrap script 
*as* root, why must root 'own' the bootstrap files (say by untarring as root 
instead of executing files untarred by the regular user)? Does this again 
somehow relate to the 'su' such that the resulting user (postgres) will, for 
the duration of its session, gain access to files owned by root but not to the 
files that are unowned by root?

Thanks!

-- Jim