Ste wrote this on his page:

Prior to the 1.1.3 firmware, everything was installed as, and ran as root. Following good UNIX practices, I installed apps with the following permissions: 755 for directories and executable files; 644 for all else. I held developer’s to this standard, too.

Now, with 1.1.3, we have multiple, competing, dissimilar jailbreak methods. Owner and group settings are not consistent between them, nor do they behave the same. This is causing havoc for app developers and me. Some examples:

“Nate’s” jailbreak:
/var/mobile is a symbolic link to /var/root, which is owner:group root:wheel
Files installed under /var/mobile by are created root:wheel
If you run “id” as mobile, you get: uid 0 (root), gid 0 (wheel), groups 0 (wheel)
Applications run as root

ziphone jailbreak:
/var/root is root:wheel
/var/mobile is mobile:wheel
Files installed under /var/mobile by are created root:wheel
If you run “id” as mobile, you get: uid 501 (mobile), gid 501 (mobile), groups (501)
Applications run as mobile

“Official” jailbreak:
/var/root is root:wheel
/var/mobile is mobile:mobile
Files installed under /var/mobile by are created root:mobile
If you run “id” as mobile, you get: uid 501 (mobile), gid 501 (mobile), groups (501)
Applications run as mobile

Problem arise, as neither application developers, nor I, know which jailbreak method a user has chosen to use.

With “Nate’s” jailbreak method, the 755/644 permissions were still fine, as everything was owned by, and running as, root.
Then, to support the “Official” jailbreak method, I had to change the permissions on files and directories I installed under /var/mobile to 775/664. The files were owned by root and couldn’t be written to by mobile. However, since their group ownership was mobile, I was able to get things working by allowing group write.

Now along comes ziphone. Files created by under /var/mobile are owned by root and their group is wheel, but the app’s owner and group when run are both mobile so even 775/664 won’t allow an app to write. Now I am forced to set those files and directories to 777/666 in order for things to work correctly.

So, even though Apple is trying to create privilege separation between the root and mobile accounts, I have to throw out all separation when it comes to what can write where, when it comes to anything under /var/mobile that I install via, if the app must write there.

This issue does not arise, however, for files and directories that an app creates under /var/mobile itself. That’s because the app’s running as mobile and creates the files and directories with the whatever uid/gid mobile has under that jailbreak.

Jailbreak developers need to standardize on what the correct uid/gid is for the mobile account and what account apps run as. needs to make sure that when it creates files under an account, they they can actually be read by and written to by, that account.

Unfortunately, so many people have used the various jailbreaks that I can’t stand my ground against users and developers and say “X jailbreak is the correct one, and the only one I will support.”, because 1) I no longer know which is correct (does anyone? What’s your proof?) and 2) even if I did, users and developers would be in an uproar if I refused to make it work for everyone, when I clearly can, just because it’s not the right way to do it.

So, I’m left with the distasteful task of installing everything under /var/root or /var/mobile with world read/write.

Someone please fix this mess.