Update broke my permissions!

rabcor · 2014-07-13 20:22:51

I just ran an update and restarted my system. Here are the contents of pacman.log

[2014-07-13 19:38] [PACMAN] starting full system upgrade
[2014-07-13 19:42] [PACMAN] upgraded libdbus (1.8.4-1 -> 1.8.6-1)
[2014-07-13 19:42] [PACMAN] upgraded dbus (1.8.4-1 -> 1.8.6-1)
[2014-07-13 19:42] [PACMAN] upgraded elfutils (0.158-3 -> 0.159-1)
[2014-07-13 19:42] [ALPM] warning: /etc/group installed as /etc/group.pacnew
[2014-07-13 19:42] [ALPM] warning: /etc/gshadow installed as /etc/gshadow.pacnew
[2014-07-13 19:42] [PACMAN] upgraded filesystem (2014.06-2 -> 2014.07-1)
[2014-07-13 19:42] [PACMAN] upgraded geoip-database (20140604-1 -> 20140702-1)
[2014-07-13 19:42] [PACMAN] upgraded harfbuzz (0.9.29-1 -> 0.9.30-1)
[2014-07-13 19:42] [PACMAN] upgraded harfbuzz-icu (0.9.29-1 -> 0.9.30-1)
[2014-07-13 19:42] [PACMAN] upgraded lib32-elfutils (0.158-2 -> 0.159-1)
[2014-07-13 19:42] [PACMAN] upgraded lib32-lcms (1.19-4 -> 1.19-5)
[2014-07-13 19:42] [PACMAN] upgraded lib32-libxdmcp (1.1.1-1 -> 1.1.1-2)
[2014-07-13 19:42] [PACMAN] upgraded lib32-ncurses (5.9-2 -> 5.9-3)
[2014-07-13 19:42] [PACMAN] upgraded lib32-nvidia-utils (337.25-2 -> 340.24-1)
[2014-07-13 19:42] [PACMAN] upgraded lib32-nvidia-libgl (337.25-2 -> 340.24-1)
[2014-07-13 19:42] [PACMAN] upgraded libsystemd (214-2 -> 215-4)
[2014-07-13 19:42] [PACMAN] upgraded systemd (214-2 -> 215-4)
[2014-07-13 19:42] [PACMAN] upgraded lib32-systemd (214-1 -> 215-1)
[2014-07-13 19:42] [PACMAN] upgraded libmariadbclient (5.5.37-1 -> 10.0.12-1)
[2014-07-13 19:42] [PACMAN] upgraded mariadb-clients (5.5.37-1 -> 10.0.12-1)
[2014-07-13 19:42] [ALPM-SCRIPTLET] :: Major version update. Consider restarting mysqld.service and
[2014-07-13 19:42] [ALPM-SCRIPTLET]    running mysql_upgrade afterwards.
[2014-07-13 19:42] [PACMAN] upgraded mariadb (5.5.37-1 -> 10.0.12-1)
[2014-07-13 19:42] [PACMAN] upgraded nvidia-utils (337.25-3 -> 340.24-1)
[2014-07-13 19:42] [PACMAN] upgraded nvidia-libgl (337.25-3 -> 340.24-1)
[2014-07-13 19:42] [PACMAN] upgraded nvidia (337.25-4 -> 340.24-1)
[2014-07-13 19:43] [PACMAN] upgraded opencl-nvidia (337.25-3 -> 340.24-1)
[2014-07-13 19:43] [PACMAN] upgraded systemd-sysvcompat (214-2 -> 215-4)
[2014-07-13 19:43] [PACMAN] upgraded wine (1.7.21-1 -> 1.7.22-1)

After this update my user permissions (for all users) weren't working right, I had created users as per the wiki (useradd -m -G wheel -s /bin/bash archie) and before the update these users could reboot the system and access alsa (and alsamixer).
Now they can do neither and also for some strange reason my .bash_profile which was meant to autostart X11 stopped working after the update as well. Adding the user to the audio group does give access to sound devices (and alsamixer) again, but adding it to the power group does not give reboot permissions (it insist on being run as root) and as a result my desktop environment hangs when I tell it to reboot/shutdown.
I'm pretty sure there are more things that went wrong that I am not aware of considering the quantity of unusual behavior so far, is there any way for me to tell what broke, and why? How do I fix this?
So far I have tried replacing (I backed up the originals) /etc/group and /etc/gshadow with the .pacnew ones mentioned in the pacman.log, then recreating the users (userdel archie, then create again with the same command as above, and do chown -R archie /home/archie/) and fixing the UIDs back to what they were with usermod -u ...
As a result I get these complaints on startup that the groups plugdev and colord don't exist.

júl 13 21:39:05 Rabcor systemd-tmpfiles[374]: [/usr/lib/tmpfiles.d/mysql.conf:1] Unknown group 'mysql'.
júl 13 21:39:05 Rabcor systemd[1]: systemd-tmpfiles-setup.service: main process exited, code=exited, status=1/FAILURE
júl 13 21:39:05 Rabcor systemd[1]: Failed to start Create Volatile Files and Directories.
júl 13 23:59:39 Rabcor systemd-tmpfiles[373]: [/usr/lib/tmpfiles.d/mysql.conf:1] Unknown group 'mysql'.
júl 13 23:59:39 Rabcor systemd[1]: systemd-tmpfiles-setup.service: main process exited, code=exited, status=1/FAILURE
júl 13 23:59:39 Rabcor systemd[1]: Failed to start Create Volatile Files and Directories.
júl 13 23:59:39 Rabcor systemd[1]: Unit systemd-tmpfiles-setup.service entered failed state.

Last edited by rabcor (2014-07-14 00:27:52)

clfarron4 · 2014-07-13 20:37:32

Were you part of those groups to begin with?

Telling us what else was updated might help us (/var/log/pacman.log).

rabcor · 2014-07-13 20:40:47

I was not a part of these groups originally, (only wheel) and here is my pacman.log (added to OP):

[2014-07-13 19:17] [PACMAN] installed lximage-qt-git (0.2.0.2.g5e95cfd-1)
[2014-07-13 19:38] [PACMAN] Running 'pacman -Syu'
[2014-07-13 19:38] [PACMAN] synchronizing package lists
[2014-07-13 19:38] [PACMAN] starting full system upgrade
[2014-07-13 19:42] [PACMAN] upgraded libdbus (1.8.4-1 -> 1.8.6-1)
[2014-07-13 19:42] [PACMAN] upgraded dbus (1.8.4-1 -> 1.8.6-1)
[2014-07-13 19:42] [PACMAN] upgraded elfutils (0.158-3 -> 0.159-1)
[2014-07-13 19:42] [ALPM] warning: /etc/group installed as /etc/group.pacnew
[2014-07-13 19:42] [ALPM] warning: /etc/gshadow installed as /etc/gshadow.pacnew
[2014-07-13 19:42] [PACMAN] upgraded filesystem (2014.06-2 -> 2014.07-1)
[2014-07-13 19:42] [PACMAN] upgraded geoip-database (20140604-1 -> 20140702-1)
[2014-07-13 19:42] [PACMAN] upgraded harfbuzz (0.9.29-1 -> 0.9.30-1)
[2014-07-13 19:42] [PACMAN] upgraded harfbuzz-icu (0.9.29-1 -> 0.9.30-1)
[2014-07-13 19:42] [PACMAN] upgraded lib32-elfutils (0.158-2 -> 0.159-1)
[2014-07-13 19:42] [PACMAN] upgraded lib32-lcms (1.19-4 -> 1.19-5)
[2014-07-13 19:42] [PACMAN] upgraded lib32-libxdmcp (1.1.1-1 -> 1.1.1-2)
[2014-07-13 19:42] [PACMAN] upgraded lib32-ncurses (5.9-2 -> 5.9-3)
[2014-07-13 19:42] [PACMAN] upgraded lib32-nvidia-utils (337.25-2 -> 340.24-1)
[2014-07-13 19:42] [PACMAN] upgraded lib32-nvidia-libgl (337.25-2 -> 340.24-1)
[2014-07-13 19:42] [PACMAN] upgraded libsystemd (214-2 -> 215-4)
[2014-07-13 19:42] [PACMAN] upgraded systemd (214-2 -> 215-4)
[2014-07-13 19:42] [PACMAN] upgraded lib32-systemd (214-1 -> 215-1)
[2014-07-13 19:42] [PACMAN] upgraded libmariadbclient (5.5.37-1 -> 10.0.12-1)
[2014-07-13 19:42] [PACMAN] upgraded mariadb-clients (5.5.37-1 -> 10.0.12-1)
[2014-07-13 19:42] [ALPM-SCRIPTLET] :: Major version update. Consider restarting mysqld.service and
[2014-07-13 19:42] [ALPM-SCRIPTLET]    running mysql_upgrade afterwards.
[2014-07-13 19:42] [PACMAN] upgraded mariadb (5.5.37-1 -> 10.0.12-1)
[2014-07-13 19:42] [PACMAN] upgraded nvidia-utils (337.25-3 -> 340.24-1)
[2014-07-13 19:42] [PACMAN] upgraded nvidia-libgl (337.25-3 -> 340.24-1)
[2014-07-13 19:42] [PACMAN] upgraded nvidia (337.25-4 -> 340.24-1)
[2014-07-13 19:43] [PACMAN] upgraded opencl-nvidia (337.25-3 -> 340.24-1)
[2014-07-13 19:43] [PACMAN] upgraded systemd-sysvcompat (214-2 -> 215-4)
[2014-07-13 19:43] [PACMAN] upgraded wine (1.7.21-1 -> 1.7.22-1)

Last edited by rabcor (2014-07-14 00:28:55)

jasonwryan · 2014-07-14 00:38:25

Moving to NC...

rabcor · 2014-07-14 12:03:58

I decided to try taking a shot and updating my laptop too which is also arch based and x86_64. Turns out that it remained unaffected by these problems, but my main system is still broken, and i've found no clues on how to fix it.

I'm beginning to miss system restore from Windows

Last edited by rabcor (2014-07-14 12:49:31)

weirddan455 · 2014-07-14 15:25:08

Replacing your /etc/group and /etc/gshadow was a mistake. The pacnew files contain only the base groups so by doing so, you removed a lot of the groups you had set up. Instead, you're supposed to merge the *changes* to the base groups and leave your existing groups in place. The diff tool should help you "diff /etc/group /etc/group.pacnew"

rabcor · 2014-07-14 17:33:38

That's a really primitive way of doing it, it should be less effort on the users behalf to merge the files. (And my issues occurred before these file were exchanged, I still have the originals)

weirddan455 · 2014-07-14 18:06:02

rabcor wrote:

That's a really primitive way of doing it, it should be less effort on the users behalf to merge the files. (And my issues occurred before these file were exchanged, I still have the originals)

There's not really a better way of handling this that conforms to The Arch Way. The filesystem package is part of the base install so it only contains the bare minimum groups. Other packages that need to add groups, say mariadb or apache, are responsible for adding those groups in their install script. Also you may have manually added some groups you need. There's no simple way for pacman to detect all of this and automatically merge changes so it gives you a pacnew file for you to examine and merge the changes you see fit. You're never supposed to just blindly copy pacnew files.

I would suggest also examining your /etc/passwd and /etc/shadow files. Some previous updates to the filesystem package created pacnew files for those and if you blindly replaced them like you did your /etc/group that could be part of your problem.

The reboot thing may also be a policykit setting. My local user is only a member of the "users" group but I can both shut down and reboot through KDE. IIRC I can also use the "reboot" command through the console but "shutdown -h now" needs root. In any case, a lot of times your DE will set special permissions for itself using policykit settings. I can also use alsamixer as my local user without being added to any groups (though I may have had to use root for the initial setup but now I can change my volumes through alsamixer as my local user.)

jasonwryan · 2014-07-14 18:22:45

rabcor wrote:

That's a really primitive way of doing it, it should be less effort on the users behalf to merge the files.

You are using the wrong distro.

weirddan455 · 2014-07-14 18:31:49

Actually it looks like I mis-spoke. I can both "reboot" and "shutdown -h now" as my local user from both the console and from inside KDE. It also looks like it's not a KDE specific policykit, but a system wide systemd one. I do remember at once time I was forced to use root to shutdown but the defaults may have changed in a systemd update.

In any case, the relevant file is /usr/share/polkit-1/actions/org.freedesktop.login1.policy Cutting out the descriptions in multiple languages the relevent code looks like:

<action id="org.freedesktop.login1.reboot">
                <defaults>
                        <allow_any>auth_admin_keep</allow_any>
                        <allow_inactive>auth_admin_keep</allow_inactive>
                        <allow_active>yes</allow_active>
                </defaults>
</action>

And there's more in there for shutdown, hibernate, etc. That last line allow_active yes will allow all users in an active session to reboot (I believe you will almost always be in an active session as long as you're not a remote user, at least in bash... haven't tried out other shells.)

rabcor · 2014-07-14 23:29:42

jasonwryan wrote:

rabcor wrote:
That's a really primitive way of doing it, it should be less effort on the users behalf to merge the files.
You are using the wrong distro.

Well ain't that a nasty attitude for an administrator... I would love to bark at you for flaming me, but I'll rest my case at "Even Gentoo has a tool installed by default that mostly automates that process, the same Gentoo that is even more minimal than Arch", wan, wan. I never minded customly configuring the kernel and gcc and whatnot, but when it comes to the actual regular maintenance and system updates, I think user effort should be kept to a minimum, and minimum is not manually merging system configuration files as they get updated, there is a better way. Pacman also doesn't even seem to warn me if I have outdated system files I forgot to update, it just drops in pacnew files and if I by any chance miss the output where it says it created this file, I will not know there was a file that needed my gentle touch to be fully updated.

weirddan455 wrote:

rabcor wrote:
That's a really primitive way of doing it, it should be less effort on the users behalf to merge the files. (And my issues occurred before these file were exchanged, I still have the originals)
There's not really a better way of handling this that conforms to The Arch Way. The filesystem package is part of the base install so it only contains the bare minimum groups. Other packages that need to add groups, say mariadb or apache, are responsible for adding those groups in their install script. Also you may have manually added some groups you need. There's no simple way for pacman to detect all of this and automatically merge changes so it gives you a pacnew file for you to examine and merge the changes you see fit. You're never supposed to just blindly copy pacnew files.
I would suggest also examining your /etc/passwd and /etc/shadow files. Some previous updates to the filesystem package created pacnew files for those and if you blindly replaced them like you did your /etc/group that could be part of your problem.
The reboot thing may also be a policykit setting. My local user is only a member of the "users" group but I can both shut down and reboot through KDE. IIRC I can also use the "reboot" command through the console but "shutdown -h now" needs root. In any case, a lot of times your DE will set special permissions for itself using policykit settings. I can also use alsamixer as my local user without being added to any groups (though I may have had to use root for the initial setup but now I can change my volumes through alsamixer as my local user.)

There is, and the same way as Gentoo does it, a tool that automates the process by allowing you to choose between automatically merging, overwriting or skipping the file update. Here, take a look. (Sure, their tool for doing this is primitive too, but at least it mostly automates the process and keeps warning me every single time that there are files waiting to be merged when I run my package manager so I won't forget)

Isn't the arch way: Simplicity as without unnecessary additions, modifications, or complications.

I don't see why this process can't be mostly automated, or at least simplified. Less effort is my point. You said it yourself, diff does most of the work already, so writing a front-end to automate/simplify the rest of the work should be easy.

As for blindly replacing files, I don't do that normally, and I'm the lazy type so I had just hoped that the pacnew files were patched versions of the originals, not blank new files. Up till now I've mostly just ignored the pacnew files. The only reason I tried replacing these was because they were mentioned during my latest system update and it made me turn suspicious, since I didn't "know" what I was doing I backed up the originals just in case, no harm, no foul. Right?

As I said I tried updating my laptop too, and this did not happen to the laptop, this means this was unpredictable behavior in my specific Arch installation, aka: system-breaking bug.

And I have no way of tracing it since I am n00b. The most mind boggling bit is actually that .bash_profile is no longer being correctly read when I log in. The more disturbing part is that this was a relatively fresh installation, only a few weeks old.

I checked the file (/usr/share/polkit-1/actions/org.freedesktop.login1.policy) and the entry you pointed to looks the same on my end.

Last edited by rabcor (2014-07-14 23:39:25)

Steef435 · 2014-07-14 23:52:16

HANDLING CONFIG FILES
       original=X, current=Y, new=Z
           All three files are different, so install the new file with a .pacnew extension and warn the user. The user must then manually merge any necessary changes into the original file.

There is a tool delivered with the pacman package called pacdiff. I think it does about the same as dispatch-conf looking at the wiki page you provided. It doesn't have this comment feature AFAIK though. You could always write a script to search the file system for .pacnew files and handle them like you want to of course.

If you want to be reminded every time you use pacman, you could write a small wrapper calling pacdiff or any other tool before calling pacman with the provided flags.

EDIT: Unneeded newline

Last edited by Steef435 (2014-07-14 23:52:58)

jasonwryan · 2014-07-15 00:15:13

rabcor wrote:

jasonwryan wrote:
rabcor wrote:
That's a really primitive way of doing it, it should be less effort on the users behalf to merge the files.
You are using the wrong distro.
Well ain't that a nasty attitude for an administrator... I would love to bark at you for flaming me, but I'll rest my case at "Even Gentoo has a tool installed by default that mostly automates that process, the same Gentoo that is even more minimal than Arch", wan, wan. I never minded customly configuring the kernel and gcc and whatnot, but when it comes to the actual regular maintenance and system updates, I think user effort should be kept to a minimum, and minimum is not manually merging system configuration files as they get updated, there is a better way. Pacman also doesn't even seem to warn me if I have outdated system files I forgot to update, it just drops in pacnew files and if I by any chance miss the output where it says it created this file, I will not know there was a file that needed my gentle touch to be fully updated.

Nasty? Telling you what is plainly evident from your post? Hardly.

Let me spell it out for you: your "issues" in this thread, as with almost all of your others, are a direct result of your failure to assume responsibility for your system. Trying to blame someone, anyone else, and whining about how pacman is "primitive" and that "it" (ie., Arch) should hold you hand more is the clearest possible indicator that you are using the wrong distro.

By all means, keep using Arch, just don't post here complaining about the fact that it isn't Gentoo, or Ubuntu or whatever other distro you think is less primitive. We don't need more entitled whiners telling us what is wrong with Arch, especially when the "problems" are just a failure to read the wiki and and keep both hands on the keyboard.

dif · 2014-07-15 00:32:03

rabcor wrote:

That's a really primitive way of doing it, it should be less effort on the users behalf to merge the files. (And my issues occurred before these file were exchanged, I still have the originals)

If you use vim, there is a great tool to merge *.pacnew's. It's called vimdiff. Run your terminal in full screen and after typing

 sudo /etc/file_name.pacnew /etc/file_name

you will get the vim editor running with two vertical panels and the files open in them.
Here's the first link I found on the web with the commands you can use in vimdiff.
If you don't know vim, well... start learning it.

jasonwryan · 2014-07-15 00:51:12

dif wrote:

If you use vim, there is a great tool to merge *.pacnew's. It's called vimdiff.

+1

Also, pacdiff ships with pacman:

pacdiff --help

rabcor · 2014-07-15 01:00:56

Whatever jason, I ain't gonna waste more time arguing with an elitist admin if I can help it, but if you knew about pacdiff from the start I wonder why you didn't point it out rather than start flaming. Believe what you will about me, but I hope you someday pick up some basic etiquette and learn to avoid stating your opinions about people you don't know as if they were fact. You know just as well as (if not a lot better than) me that the right distribution for a user is what that user decides is the right distribution for him, not what someone else thinks, otherwise we would all just use Ubuntu, and I would have never looked into Linux's direction because Ubuntu's interface reminds me of OS X and that is something I really really hate. But luckily on Linux there is choice, who are you to judge the choices I make?

Steef435 wrote:

HANDLING CONFIG FILES
       original=X, current=Y, new=Z
           All three files are different, so install the new file with a .pacnew extension and warn the user. The user must then manually merge any necessary changes into the original file.
There is a tool delivered with the pacman package called pacdiff. I think it does about the same as dispatch-conf looking at the wiki page you provided. It doesn't have this comment feature AFAIK though. You could always write a script to search the file system for .pacnew files and handle them like you want to of course.
If you want to be reminded every time you use pacman, you could write a small wrapper calling pacdiff or any other tool before calling pacman with the provided flags.
EDIT: Unneeded newline

Thanks, I didn't know we had a tool for this. And sure it shouldn't be too hard to write a script to search the file system for pacnew files (although I think indexing them as they appear and then removing them when they've been merged is a lot more efficient.

I have not used vim yet, but I know at some point I should, as far as I know everyone who has started to use it never stopped using it, but my current editor of choice is sublime 2 (although I am waiting on it's upcoming open source duplicate called lime). Thanks again for pointing these two out guys

Last edited by rabcor (2014-07-15 01:01:40)

fukawi2 · 2014-07-15 02:10:22

rabcor wrote:

Whatever jason, I ain't gonna waste more time arguing with an elitist admin if I can help it, but if you knew about pacdiff from the start I wonder why you didn't point it out rather than start flaming.

We're done here.
https://wiki.archlinux.org/index.php/Fo … ther_Users
https://wiki.archlinux.org/index.php/Fo … _The_Staff

If you expect Arch and/or pacman to hold your hand through updates, then you are using the wrong distro. If it doesn't do what you want/expect, then it's clearly not right for you. To start personal attacks against someone (administrator or not) for pointing this out, is not acceptable in our community. You are free to politely disagree, but to tell people they have a "nasty attitude" for pointing out a fact, and then accuse them of being an "elitist admin" and flaming is not going to fly.

Closing.

Arch Linux

#1 2014-07-13 20:22:51

Update broke my permissions!

#2 2014-07-13 20:37:32

Re: Update broke my permissions!

#3 2014-07-13 20:40:47

Re: Update broke my permissions!

#4 2014-07-14 00:38:25

Re: Update broke my permissions!

#5 2014-07-14 12:03:58

Re: Update broke my permissions!

#6 2014-07-14 15:25:08

Re: Update broke my permissions!

#7 2014-07-14 17:33:38

Re: Update broke my permissions!

#8 2014-07-14 18:06:02

Re: Update broke my permissions!

#9 2014-07-14 18:22:45

Re: Update broke my permissions!

#10 2014-07-14 18:31:49

Re: Update broke my permissions!

#11 2014-07-14 23:29:42

Re: Update broke my permissions!

#12 2014-07-14 23:52:16

Re: Update broke my permissions!

#13 2014-07-15 00:15:13

Re: Update broke my permissions!

#14 2014-07-15 00:32:03

Re: Update broke my permissions!

#15 2014-07-15 00:51:12

Re: Update broke my permissions!

#16 2014-07-15 01:00:56

Re: Update broke my permissions!

#17 2014-07-15 02:10:22

Re: Update broke my permissions!

Board footer