Skip to content

CRAN installer for macOS - directory permissions

8 messages · Jim Hester, Jeff Newmiller, Patrick Schratz +1 more

Original
Duncan Murdoch
#
On 30/04/2022 2:58 p.m., Patrick Schratz wrote:
I think Simon is talking about the package installer in R.app and you 
are talking about the installer for R itself.  The package installer 
dialog in R.app has a pretty clear section called Install Location.

Duncan Murdoch
1 day later
Jim Hester
# 
I agree with Patrick that if the macOS behavior was more like the
default on linux it would benefit most users on macOS. His proposal to
change the group writability of the system library seems a good one to
me.

The current behavior (installing by default into the system library)
is quite surprising to users when they install a new version of R
(even just a new patch version) and they lose their entire package
library. It causes some users to avoid updating R frequently as a
result.

As far as R.app having an option for this, that is good, unfortunately
many users aren't using R.app, often they are either using R through
RStudio or using the command line version of R directly. In these
cases it is not as obvious they could install packages to a user
library.

Jim
On Sun, May 1, 2022 at 9:12 AM Duncan Murdoch <murdoch.duncan at gmail.com> wrote:
Duncan Murdoch
#
On 02/05/2022 1:08 p.m., Jim Hester wrote:
I think migrating packages is something the installer could do.

I'm not sure I understand the details of the proposed change.  I'm in 
the admin group on my laptop, because I'm the only user.  So when I 
install R using the MacOS installer, where should it be installed, and 
where should it install packages?

I would find it strange if the installer wanted to install R.app 
anywhere but the system /Applications folder.  That's where almost 
everything else I use gets installed.

The installer also installs two kinds of R packages:  base and 
recommended ones.  Base packages are closely tied to the internals and 
can't be updated without updating everything, so it makes sense to 
install them in the system library if R itself is going there.

But what about recommended packages?  They are contributed packages, and 
they are often updated between R releases.  Should they go by default 
into a user library?

Duncan Murdoch
Jeff Newmiller
# 
FWIW I lurk here not because I use MacOS regularly but because my wife does. However I find some of the conventions being discussed here puzzling.

System-wide software and support data is usually read-only for normal users on other OSes... avoiding having one user making changes that surprise another is one reason, and avoiding inter-account security leaks is another. Any desire to avoid duplication needs to be tempered by use of administrative privilege escalation. Group write-access does not conform with how this admin-vs-user normal practice is handled on other OSes.

It is not uncommon for reproducible research to specify that explicit versions of R and an project-specific selection of packages be used, which is kind of the opposite end of the library management spectrum. Whether such efforts manage to avoid duplication or not, bleeding those project-level decisions into the user-specific library would be just as troublesome as leaking user-specific package choices into the system library.

IMO the fact that any one computer happens to have only one user shouldn't change the default library setup. Even installing an update to a recommended package into the user library seems like a small price to pay for the overall consistency of security and behavioral isolation practices.
On May 2, 2022 11:00:43 AM PDT, Duncan Murdoch <murdoch.duncan at gmail.com> wrote:

  
    

      
      
    

  


  


      

    

    

      
      

        


  

        

      Patrick Schratz
    

    

      
      #
    

  


  

      
Thanks Jim, that?s a very well phrased summary!

Duncan,

            

      
      
      
    

        
There is only one place the official CRAN installer will install things into which is `/Library/Frameworks/R.framework`.
However, the proposal is not about the install location of *R* or *R.app* (which resides in `/Applications/R.app`) but about base and recommended packages (which go into the ?system lib?) and ?other? packages.

            

      
      
      
    

        
Both base and recommended packaged are placed in `/Library/Frameworks/R.framework/Resources/library`.
And yes, base packages should not be touched while recommended packages can be. Yet, the discussion is not about these two but about the location where all other packages go into which the user install *after* R has been installed.

            

      
      
      
    

        
Recommended packages can live in both system and user library. If a user library exists, the package instance within the user library will be loaded as it is first in the library path (`.libPaths()`).

One practical issue is that if users upgrade from one minor version to the next (e.g. 4.1 to 4.2), they loose *all* packages because in this scenario the system lib is overwritten. One could argue that this is needed as packages are not compatible between minor versions anyhow (which is true) but this is not the overall/actual point: actually ?the point? is manifold:

- prevent users from accidentally deleting/interacting with base and recommended packages
- prompt the creation of a user lib by default by not allowing unauthorized (sudo) write actions into the system lib
- align the overall experience/flow with R on Linux and by this reduce confusion for users
- retain user packages for a specific minor version between minor version upgrades and by this simplify the existence of multiple R versions side-by-side (this would even open the door for multiple R patch versions of the same minor side by side, which is not officially supported by the CRAN installer for macOS but only possible with tools like [RSwitch](https://rud.is/rswitch/) or [rcli](https://rcli.pat-s.me/))

On the flip side I am having a hard time to fine arguments which would speak against the change. What I took away so far from Simon?s replies (and apologies if I am wrong here) was mainly along the lines of

- makes admin work easier (I don?t understand this point)
- local admin users should be able to write into directories owned by `admin` (yes and I am not voting against this, but they should use explicitly authenticate with `sudo`)
- a bit of ?it has been like this since XY, let?s keep it like this? (apologies if I misinterpreted this potentially :))

There are additional things which could be simplified WRT to the macOS CRAN installer (e.g. the addition of the option to change the root install location to allow for other install locations than `/Library/Frameworks/R.framework/Resources/library` which would allow the installation of multiple R patch versions side-by-side) but this is clearly a separate discussion.

I am happy to see that more people are joining the discussion and I would also happy to create an official proposal for such a change (if this is required and backed up by more people than just myself).

Cheers
Patrick

        
On 2 May 2022, at 20:00, Duncan Murdoch wrote:

        

            

      
      
      
    

        

      
      
    

            

      
      
      
    

        

      
      
    

        
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://stat.ethz.ch/pipermail/r-sig-mac/attachments/20220502/17161490/attachment-0001.html>

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 870 bytes
Desc: OpenPGP digital signature
URL: <https://stat.ethz.ch/pipermail/r-sig-mac/attachments/20220502/17161490/attachment-0001.sig>

  
  


  


      

    

    

      
      

        


  

        

      Duncan Murdoch
    

    

      
      #
    

  


  

      
On 02/05/2022 3:11 p.m., Patrick Schratz wrote:

            

      
      
      
    

        
I'd really rather have just one library on my system.  In special 
circumstances I sometimes want to have two different versions of a 
package installed, and then I need an extra library, but normally I want 
just one, because it reduces confusion and prevents errors that can in 
the worst case be catastrophic.  (An example is given down below.)

            

      
      
      
    

        
One could argue that this is

            

      
      
      
    

        
Users *should* interact with recommended packages.  As I said before, 
recommended packages are contributed packages, and they can be updated 
between R releases.  If they are updated, in normal circumstances users 
*should* update the default copy.  If your proposal makes this harder, 
then that's a strong negative in my opinion.

            

      
      
      
    

        
Few MacOS users would be confused by what happens on Linux.  Most MacOS 
users never use Linux; the ones who do are the more sophisticated ones.

            

      
      
      
    

        
This is impossible, unless by "minor version upgrade" you mean "patch 
version upgrade".  An installed package for x.y.z is not guaranteed to 
work in a minor upgrade to x.(y+1).0, only in a patch version upgrade to 
x.y.(z+n).  As I said already, a patch version upgrade should migrate 
packages (or at least offer to do so).

            

      
      
      
    

        
I offered one more above:

  * It makes the user interface simpler and less error prone.  It is a 
disaster if a package fixes a serious bug, I install the update, then 
because I have multiple libraries installed, I use the old one without 
realizing it.

It should be harder to end up with two versions of a package installed 
than just one.  Your proposal says I have to jump through the sudo hoop 
to update recommended packages, or any other packages that I (running as 
admin) decided should be visible system-wide.  That's a flaw.

Perhaps a solution to the flaw would be for the package installer to 
warn users that they are about to install a second version instead of 
replacing the defective one, and offer to elevate privileges so the 
replacement could take place.  But that's not a great user interface 
design, and (since most users always answer yes to such questions) not 
really any safer than the current design.

            

      
      
      
    

        
That's such a rare need that RSwitch is sufficient.  I've only used it a 
few times in the last decade, so it doesn't really make sense to make 
the install process more confusing to accommodate that need.

Duncan Murdoch

            

      
      
      
    

        

      
      
    

  
  


  


      

    

    

      
      

        


  

        

      Patrick Schratz
    

    

      
      #
    

  


  

          

      
      
      
    

        
I think we should distinguish here between ?what one wants personally? and ?how R works on most systems? and ?why a user library exists in the first place?.
Both Windows and Linux don?t allow ?normal users? to write into the system lib and require a user library (which to me is the right approach).
-> Aligning macOS to this state would simplify things for users.

Also user libraries are a quite common thing across many languages. R is a bit special here in that it ships much of it ?default? functionality split in ?base? and ?recommended? packages of which some are mainly there for historic reasons (arguably).
I really don?t think that everything should be in one library, simply for the fact that users can easily destroy the system-wide installation by this.

            

      
      
      
    

        
I didn?t say they should not. But they should install updated recommended packages into the user lib. Updated versions of rec. pkgs in there will be take precedence when loading. This is how things are working on Win and Linux since ever (?).
Why would users need to update the default copy in the system lib?

            

      
      
      
    

        
I strongly disagree.
Modern users don?t just live on one operating system these days.
They switch between multiple ones even during the day (e.g. by using R in a central RStudio Workbench installation which usually run on Linux) and a local installation on their machine running Win or Mac.
This is in fact the standard for thousands of people - and I am in contact with many of such in my daily R consulting/system administration work.
Also even if you are a ?one OS only? user and you aim to switch at some point, after many years?you would want to have things work the same way in your new OS, wouldn?t you?

            

      
      
      
    

        
I was not aiming to reuse those for the updated minor version but preserving them for the previous minor version to be able to switch to this.
This is actually a quite common task and I do this almost on a daily base (yes really).
E.g. right now I am switching between 4.1.3 and 4.2.0 (the former for projects, the latter for pkg dev).

            

      
      
      
    

        
I think you?re confusing things here. If you install an updated version it will go into your preferred library and will be available to you afterwards. You cannot ?just use the old one?.

            

      
      
      
    

        
You should not update recommended pkgs in the system lib, it should not be touched by a normal user. Just interact with your user library and be happy.
This is not a flaw at all, this is how it works on Win and Linux and many people are happy with it.

And ?jump through the sudo hoop? - is it really a problem to call `sudo` once and put in your PW if you aim to interact with the system lib? If this is a real argument than my time spent arguing about technical details feels worthless?

            

      
      
      
    

        
I think the concept of a user lib is just fine.
If at all, those changes should be implemented and discussed across OS for R and not implemented in one OS only.
The way R is installed and behaves on an admin level on Win/Linux/Mac essentially differs in many points but for no real reason often, i.e. the behavior could be aligned in many places.

            

      
      
      
    

        
I think this is quite subjective, I use such tools all day. And I know many other people who do.
One major point is reproducibility (among others) which is otherwise quite hard to achieve.
The mileage varies here and also how people use R. I think allowing people to be as flexible as possible should be the goal, no matter how much of this flexibility is used in the end.

Having multiple versions installed side-by-side is so much easier for other programming languages and R could really do better here in my opinion.

Cheers
Patrick

        
On 2 May 2022, at 22:28, Duncan Murdoch wrote:

        

            

      
      
      
    

        

      
      
    

        
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://stat.ethz.ch/pipermail/r-sig-mac/attachments/20220503/ad2ddf56/attachment-0001.html>

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 870 bytes
Desc: OpenPGP digital signature
URL: <https://stat.ethz.ch/pipermail/r-sig-mac/attachments/20220503/ad2ddf56/attachment-0001.sig>

  
  


  


      

    

    

      
      

        


  

        

      Duncan Murdoch
    

    

      
      #
    

  


  

      
Just one more comment below.

        
On 03/05/2022 2:52 a.m., Patrick Schratz wrote:

            

      
      
      
    

        
It prevents easily made errors.

Let's pretend a contributed package (e.g. a recommended package) in the 
system lib has a newly discovered bug, and I update it with the fix, 
then a little while later accidentally remove it.

Two scenarios:

1.  I have a user lib and a system lib.  In this case, the fix would 
have gone into my user lib, and that's where the delete would happen 
too.  When I try to use the package, I'd get no warning that I'm using 
the buggy copy from the system lib, I'll just get incorrect results.

2.  I do everything in the system lib.  The fix went there, and the 
deletion happened there.  When I try to use the package, I'll get

   Error in library(foobar) : there is no package called ?foobar?

and I'll realize I need to reinstall it.

I prefer scenario 2.  If I'm going to make mistakes, I want to know 
about them.  If I am updating buggy software, I want it to be harder to 
keep the old version than to replace it.

Duncan Murdoch