Arch Linux

jkhsjdhjs

Member

Registered: 2017-09-05

Posts: 39

[SOLVED] Directory permissions get resetted every reboot

Hey,

I'm currently trying to setup znc (IRC Bouncer) with the identfile module for oidentd. In order to do this oidentd needs to have access to /var/lib/znc/.oidentd.conf, so I have to set the directory /var/lib/znc to be world executable (o+x) (https://wiki.znc.in/Identfile#Using_ide … th_oidentd).
This works fine until I reboot because everytime I reboot it resets the directory permissions to 750, removing the world executable and thus preventing oidentd from entering the directory.

I tried watching the directory with the audit framework by installing the hardened kernel (https://wiki.archlinux.org/index.php/Au … stallation) with the following rule:

 $ cat /etc/audit/audit.rules
-w /var/lib/znc

But it didn't help as it doesn't show any other chmod than mine on the directory:

type=DAEMON_START msg=audit(1525482468.965:5105): op=start ver=2.8.3 format=raw kernel=4.16.7-1-hardened auid=4294967295 pid=355 uid=0 ses=4294967295 res=success
type=MAC_MAP_ADD msg=audit(1525482449.930:2): netlabel: auid=0 ses=0 nlbl_domain=(default) nlbl_protocol=unlbl res=1
type=MAC_UNLBL_ALLOW msg=audit(1525482449.930:3): netlabel: auid=0 ses=0 unlbl_accept=1 old=0ess to /var/lib/znc/.oidentd.conf, so I have to set the directory /var/lib/znc to be world executable (a+w) (https://wiki.znc.in/Identfile#Using_identfile_with_oidentd).
type=CONFIG_CHANGE msg=audit(1525482466.220:4): audit_enabled=1 old=1 auid=4294967295 ses=4294967295 res=1
type=CONFIG_CHANGE msg=audit(1525482468.970:5): audit_enabled=1 old=1 auid=4294967295 ses=4294967295 res=1
type=CONFIG_CHANGE msg=audit(1525482468.970:6): audit_pid=355 old=0 auid=4294967295 ses=4294967295 res=1
type=CONFIG_CHANGE msg=audit(1525482469.073:7): auid=4294967295 ses=4294967295 op=add_rule key=(null) list=4 res=1
type=SECCOMP msg=audit(1525482469.133:8): auid=4294967295 uid=62583 gid=62583 ses=4294967295 pid=353 comm="sd-resolve" exe="/usr/lib/systemd/systemd-timesyncd" sig=0 arch=c000003e syscall=41 compat=0 ip=0x65fa861e5937 code=0x50000
type=LOGIN msg=audit(1525482470.665:9): pid=386 uid=0 old-auid=4294967295 auid=1002 tty=(none) old-ses=4294967295 ses=1 res=1
type=LOGIN msg=audit(1525482474.872:10): pid=468 uid=0 old-auid=4294967295 auid=1000 tty=(none) old-ses=4294967295 ses=2 res=1
type=LOGIN msg=audit(1525482474.882:11): pid=513 uid=0 old-auid=4294967295 auid=1000 tty=(none) old-ses=4294967295 ses=3 res=1
type=SYSCALL msg=audit(1525482577.017:12): arch=c000003e syscall=268 success=yes exit=0 a0=ffffff9c a1=79c006f4750 a2=1e9 a3=0 items=1 ppid=718 pid=719 auid=1000 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts0 ses=2 comm="chmod" exe="/usr/bin/chmod" key=(null)
type=CWD msg=audit(1525482577.017:12): cwd="/root"
type=PATH msg=audit(1525482577.017:12): item=0 name="/var/lib/znc" inode=2361216 dev=08:02 mode=040750 ouid=975 ogid=975 rdev=00:00 nametype=NORMAL cap_fp=0000000000000000 cap_fi=0000000000000000 cap_fe=0 cap_fver=0
type=PROCTITLE msg=audit(1525482577.017:12): proctitle=63686D6F64006F2B78002F7661722F6C69622F7A6E63
type=SYSCALL msg=audit(1525482618.144:13): arch=c000003e syscall=191 success=no exit=-61 a0=7709af835c2b a1=1e3ec2cbd8b a2=0 a3=0 items=1 ppid=718 pid=724 auid=1000 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts0 ses=2 comm="ls" exe="/usr/bin/ls" key=(null)
type=CWD msg=audit(1525482618.144:13): cwd="/root"
type=PATH msg=audit(1525482618.144:13): item=0 name="/var/lib/znc" inode=2361216 dev=08:02 mode=040751 ouid=975 ogid=975 rdev=00:00 nametype=NORMAL cap_fp=0000000000000000 cap_fi=0000000000000000 cap_fe=0 cap_fver=0
type=PROCTITLE msg=audit(1525482618.144:13): proctitle=6C73002D6C64002F7661722F6C69622F7A6E63
type=SYSCALL msg=audit(1525482618.144:14): arch=c000003e syscall=191 success=no exit=-61 a0=7709af835c2b a1=1e3ec2cbda3 a2=0 a3=0 items=1 ppid=718 pid=724 auid=1000 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts0 ses=2 comm="ls" exe="/usr/bin/ls" key=(null)
type=CWD msg=audit(1525482618.144:14): cwd="/root"
type=PATH msg=audit(1525482618.144:14): item=0 name="/var/lib/znc" inode=2361216 dev=08:02 mode=040751 ouid=975 ogid=975 rdev=00:00 nametype=NORMAL cap_fp=0000000000000000 cap_fi=0000000000000000 cap_fe=0 cap_fver=0
type=PROCTITLE msg=audit(1525482618.144:14): proctitle=6C73002D6C64002F7661722F6C69622F7A6E63
type=DAEMON_END msg=audit(1525482656.129:5106): op=terminate auid=0 pid=1 subj= res=success
type=DAEMON_START msg=audit(1525482689.891:3380): op=start ver=2.8.3 format=raw kernel=4.16.7-1-hardened auid=4294967295 pid=348 uid=0 ses=4294967295 res=success
type=MAC_MAP_ADD msg=audit(1525482668.346:2): netlabel: auid=0 ses=0 nlbl_domain=(default) nlbl_protocol=unlbl res=1
type=MAC_UNLBL_ALLOW msg=audit(1525482668.346:3): netlabel: auid=0 ses=0 unlbl_accept=1 old=0
type=CONFIG_CHANGE msg=audit(1525482687.140:4): audit_enabled=1 old=1 auid=4294967295 ses=4294967295 res=1
type=CONFIG_CHANGE msg=audit(1525482689.896:5): audit_enabled=1 old=1 auid=4294967295 ses=4294967295 res=1
type=CONFIG_CHANGE msg=audit(1525482689.896:6): audit_pid=348 old=0 auid=4294967295 ses=4294967295 res=1
type=CONFIG_CHANGE msg=audit(1525482689.983:7): auid=4294967295 ses=4294967295 op=add_rule key=(null) list=4 res=1
type=SECCOMP msg=audit(1525482690.026:8): auid=4294967295 uid=62583 gid=62583 ses=4294967295 pid=345 comm="sd-resolve" exe="/usr/lib/systemd/systemd-timesyncd" sig=0 arch=c000003e syscall=41 compat=0 ip=0x60cc40221937 code=0x50000
type=LOGIN msg=audit(1525482691.443:9): pid=377 uid=0 old-auid=4294967295 auid=1002 tty=(none) old-ses=4294967295 ses=1 res=1
type=LOGIN msg=audit(1525482711.939:10): pid=520 uid=0 old-auid=4294967295 auid=1000 tty=(none) old-ses=4294967295 ses=2 res=1
type=LOGIN msg=audit(1525482711.949:11): pid=523 uid=0 old-auid=4294967295 auid=1000 tty=(none) old-ses=4294967295 ses=3 res=1
type=SYSCALL msg=audit(1525482740.013:12): arch=c000003e syscall=191 success=no exit=-61 a0=78f862225ffd a1=1b21c9b1d8b a2=0 a3=0 items=1 ppid=530 pid=605 auid=1000 uid=1000 gid=1000 euid=1000 suid=1000 fsuid=1000 egid=1000 sgid=1000 fsgid=1000 tty=pts0 ses=2 comm="ls" exe="/usr/bin/ls" key=(null)
type=CWD msg=audit(1525482740.013:12): cwd="/home/jkhsjdhjs"
type=PATH msg=audit(1525482740.013:12): item=0 name="/var/lib/znc" inode=2361216 dev=08:02 mode=040750 ouid=975 ogid=975 rdev=00:00 nametype=NORMAL cap_fp=0000000000000000 cap_fi=0000000000000000 cap_fe=0 cap_fver=0
type=PROCTITLE msg=audit(1525482740.013:12): proctitle=6C73002D2D636F6C6F723D747479002D6C64002F7661722F6C69622F7A6E63
type=SYSCALL msg=audit(1525482740.013:13): arch=c000003e syscall=191 success=no exit=-61 a0=78f862225ffd a1=1b21c9b1da3 a2=0 a3=0 items=1 ppid=530 pid=605 auid=1000 uid=1000 gid=1000 euid=1000 suid=1000 fsuid=1000 egid=1000 sgid=1000 fsgid=1000 tty=pts0 ses=2 comm="ls" exe="/usr/bin/ls" key=(null)
type=CWD msg=audit(1525482740.013:13): cwd="/home/jkhsjdhjs"
type=PATH msg=audit(1525482740.013:13): item=0 name="/var/lib/znc" inode=2361216 dev=08:02 mode=040750 ouid=975 ogid=975 rdev=00:00 nametype=NORMAL cap_fp=0000000000000000 cap_fi=0000000000000000 cap_fe=0 cap_fver=0
type=PROCTITLE msg=audit(1525482740.013:13): proctitle=6C73002D2D636F6C6F723D747479002D6C64002F7661722F6C69622F7A6E63

The commands I ran:

# chmod o+x /var/lib/znc
# ld -ld /var/lib/znc
drwxr-x--x 4 znc znc 4096 Aug 14  2017 /var/lib/znc
# reboot
Connection to my.hostname closed by remote host.
Connection to my.hostname closed.
$ ssh my.hostname
Enter passphrase for key '/home/jkhsjdhjs/.ssh/id_ed25519': 
Last login: Sat May  5 01:07:55 2018 from my.ip
$ ls -ld /var/lib/znc
drwxr-x--- 4 znc znc 4096 Aug 14  2017 /var/lib/znc

znc worked fine together with oidentd before, but after I updated znc from 1.6.6 to 1.7.0, expanded my filesystem and rebootet because of that, the directory permissions somehow seem to reset themselves.
I resized my filesystem by deleting the partition with fdisk, creating a new one at the same starting sector, rebooting and running resize2fs. I can permanently modify the permissions of files in my home directory and since the operating system runs as usual I don't think the resetting is caused by the filesystem.
I also disabled znc for testing, it definitely isn't causing this problem.

Do you have any idea what could be causing this or how I can find out what's changing the permissions?
Thanks in advance!

Last edited by jkhsjdhjs (2018-05-05 16:34:57)

edacval

Member

From: .LT

Registered: 2008-10-23

Posts: 91

Re: [SOLVED] Directory permissions get resetted every reboot

Cause:

cat /usr/lib/tmpfiles.d/znc.conf

Fix:

echo 'd /var/lib/znc 0755 znc znc -'  > /etc/tmpfiles.d/znc.conf
systemd-tmpfiles --create znc.conf

circleface

Member

Registered: 2012-05-26

Posts: 639

Re: [SOLVED] Directory permissions get resetted every reboot

Please remember to mark your thread as SOLVED by editing the first post and prepending [SOLVED] to the title.

jkhsjdhjs

Member

Registered: 2017-09-05

Posts: 39

Re: [SOLVED] Directory permissions get resetted every reboot

Cause:

cat /usr/lib/tmpfiles.d/znc.conf

Fix:

echo 'd /var/lib/znc 0755 znc znc -'  > /etc/tmpfiles.d/znc.conf
systemd-tmpfiles --create znc.conf

Works like a charm! Thanks a lot!

Please remember to mark your thread as SOLVED by editing the first post and prepending [SOLVED] to the title.

Of course

circleface

Member

Registered: 2012-05-26

Posts: 639

Re: [SOLVED] Directory permissions get resetted every reboot

You know what, I think I posted in the wrong thread...  Seeing as how you hadn't even solved it yet.  But thanks for marking it anyway