installing Rcmdr

Prasenjit Kapat <kapatp at gmail.com> writes:

On Sun, Feb 15, 2009 at 11:03 AM, tyler <tyler.smith at mail.mcgill.ca> wrote:

Ista Zahn <istazahn at gmail.com> writes:

I've found the version of R in the Ubuntu repository is almost always
out of date. Here is the process I follow:

4) Start R from the command line as root so I can install packages
system-wide: sudo R

As an alternative, if you set the permissions on
/usr/local/lib/R/site-library to allow universal write access, you can
call install.packages() from R without having root privileges:

sudo chmod o+w /usr/local/lib/R/site-library

Is that a safe / secure? 

I think the primary safety provided by granting only root access to
/usr/local/lib/R/site-library is that it prevents random users from
installing R packages. This is important if multiple users are depending
on the correct libraries being properly installed, but I think it's a
non-issue on single-user laptops. I don't think the security of my
system is any less than if I was installing my packages to ~/mylibs/,
which is what I do on my university's cluster. 

In either case, an attack would require someone compromised my machine,
(or the R repositories) and the impact would be limited to the installed
R libraries (and everything else in ~/, of course, but that's the same
either way). Which makes it even more important not to run R as root.

I would welcome any corrections!

BTW what are the permissions on /usr/local/lib/R? Mine's already set
to 755 for the "user"!!! I though it used to be owned by root!

On my Debian machine, it's:

drwxrwsr-x 3 root staff   4096 2007-12-01 23:32 R

Cheers,

Tyler

Only YOU can stop forest fires.