AIR applications and root access on Linux

A number of users have tweeted, blogged and sent us emails – “It’s understandable for AIR itself to need root access during its installation (since it installs to /opt), but why do AIR applications need root access for installation, especially when I’m installing the application to a folder owned by me?”
The answer lies in the fact that AIR applications are similar to regular native applications – they install as native rpm/deb packages. This requires access to the rpm/deb system database (e.g. rpm database lock). And this is required even if the installation folder is chosen to be one that is owned by the current non-root user. In addition, with root privileges, it’s also possible to install applications to a location that is accessible to other users on the system.
However, do note that when they are launched, AIR applications run with the privileges of the user launching the application and not root. The primary executables of AIR applications (under the bin/ folder in the installation path) do not have the setuid bit set. You should not be worried about AIR applications running with root privileges, based on the fact that their installation required superuser access – the two are completely independent.

4 Responses to AIR applications and root access on Linux

  1. Vadim P. says:

    I don’t see a problem here either. Any program I install wants a password, but not to run, which is what AIR ones do too.

  2. Ed Jolanski says:

    This is ridiculous. At least for Debian packages, you CANNOT install them anywhere you please, especially to a user’s home directory! This is a complete violation of Debian Policy http://www.debian.org/doc/debian-policy/ch-opersys.html#s9.1 And the real advantage of the DEB package management system is not the format of the files, but the adherence to the excellent Debian Policy. Yet more reason I will not install Air and will advise all my fellow Linux users to do the same…

  3. Scott R. Godin says:

    agreed. ridiculous. there’s absolutely no reason a local ‘executable’ cannot be run from within the user’s home directory. Multi-user installs? please. I can think of no single excuse that an app that runs in my browser could have to live in /opt instead of /home/username/arbitrarydirectorysoicanfinditagain/

    Requiring root access to a box for an app installed from a web browser raises warning flags ALL OVER the place for me, and gets instantly denied no matter HOW much I may trust the site I’m browsing, because WHO KNOWS IF THEY’VE JUST BEEN HACKED WITH A ROOTKIT INSTALLER OR NOT.

    I’ll be damned before any web app is allowed root access to my system that I’m not installing via the package manager (yum in my case) directly and can download and inspect beforehand (via rpm2cpio) if I’m at all queasy.

    Thumbs down.

  4. Andrey says:

    Agree with Scott R. Godin. Why applications need root priveleges to be installed in home folder? I just cancelled installation.

    So this is common policy for all applications? OK, then I’ll refrain from installing all other Adobe Air applications too.