Search code examples
linuxdownloadexecutablebinappimage

User-friendly execution of downloaded file in Linux

On my website I need to give users an ability to download and easily start my executable (AppImage binary) on Linux. For Windows version it is just .exe which works after downloading and clicking:

  1. Download file
  2. Click on file in browser downloads panel to start it

For Linux user now needs to do following:

  1. Download file
  2. Open folder containing file from browser downloads panel
  3. Right click on it to add exec permission
  4. Click on "Allow execution of this file" checkbox
  5. Press Ok
  6. Click on file to start it

It is hard to explain this flow for regular user, it makes users leave away.

Is it possible to minimize it to minimal clicks as on Windows?

Any advises appreciated to achieve minimal clicks. I can compile app for any format (its on electron but I can process it before upload)

I thought about using .deb . It will limit app for Debian-based only, but main problem in same time that I did not find ability to run post installation to exec app, and I don't want ask user to enter start menu.

Solution

  • Executable bits are a basic UNIX security measure thus it is not really easy to work around this (for good reason). Thinking about this, for the specific case of downloaded files, Windows also applies some restrictions (special NTFS stream which tells Windows Explorer to warn about the dangers of an executable file from the Internet).

    You can of course provide your application as a .tar.something archive and store executable files in there. After extraction, they will normally have the correct execution bits set.

    The option with the deb-package can also solve your problem (for some users) but is a little more complicated:

    • User downloads deb package
    • User clicks on deb package and has some program installed that provides a GUI for installing packages (like gdebi). Like on Windows there will be some "security check" in form of a dialog box where the user needs to enter a (sudo) password. Afterwards, apt will install the package
    • If the package is created correctly, it can transport the executable bit correctly such that no explicit permission change is needed afterwards. If for some reason there is need to do something post-installation, Debian packages can provide postinst scripts which run (as root!) at the end of the package's installation.

    In any case, as dealing with executable files is a common procedure on Linux, it might not scare so many users away as expected. If you want to make it comfortable for the users, provide the package as they expect/like them. On Windows I would think that to be a .msi package and on Linux I prefer a package corresponding to my distribution (.deb, .rpm).

    If you want the users to update their packages regularly (good for security) then it is helpful to provide a "repository" that users can add and install your package from. Of course, "the best" is having a package as part of the distribution, but that is quite some effort and needs to pass a lot of "quality assurance gates" :)