You are not logged in.
Tl;dr
Install pacutils, see paccheck and pacfile.
"paccheck --file-properties --quiet" gives the required output.
------------------------------------------------
Situation: You update your system with "pacman -Syu", and for some reason or other you do this in a text-only environment, and you see some of these scroll by:
warning: directory permissions differ on /var/log/audit/
filesystem: 755 package: 700
Before you can look closer, the warning messages get pushed off the screen, and you don't remember the affected paths or the package-shipped permissions.
After the update you reboot, with the intention of fixing these issues. You use "pacman -Qkk" to list packages having this kind of issue. Unfortunately, all you get is this:
warning: audit: /var/log/audit (Permissions mismatch)
This is what just happened to me. I invested about 45 minutes into reading "man pacman" and the pacman Arch wiki entry and I also searched the forums for a bit, without finding anything worthwhile.
I also tried "pacman -Qkkk", "pacman -Qkk --verbose", "pacman -Ql" and "pacman -Qll" without success.
For the time being I can do this: For each affected package...
Find out if it is explicitely installed with "pacman -Qi <package>"
Reinstall it with "pacman -S <package>" or "pacman -S --asdeps <package>", depending on whether it was explicitely installed or not
Read the warnings that now show the package-shipped permissions for the affected path(s)
Fix the affected paths' permissions
To be honest, this is both unwieldy and unnecessarily heavyweight (all files get re-extracted).
Is there a better way to find out a path's package-shipped permissions, or even better yet, find out the package-shipped permissions of all paths that do not have these permissions?
Last edited by eomanis (2019-11-17 18:01:03)
Offline
Install pacutils, see paccheck and pacfile. Also, there's no need for --asdeps in your current method.
Offline
Situation: You update your system with "pacman -Syu", and for some reason or other you do this in a text-only environment, and you see some of these scroll by:
warning: directory permissions differ on /var/log/audit/ filesystem: 755 package: 700
Before you can look closer, the warning messages get pushed off the screen, and you don't remember the affected paths or the package-shipped permissions.
Shift-PgUp
Offline
grep -A1 "differ" /var/log/pacman.log
Offline
Find out if it is explicitely installed with "pacman -Qi <package>"
Reinstall it with "pacman -S <package>" or "pacman -S --asdeps <package>", depending on whether it was explicitely installed or not
Read the warnings that now show the package-shipped permissions for the affected path(s)
Fix the affected paths' permissions
There is no need for step one or the second half of step two. Reinstalling a package with `pacman -S <pkgname>` will not change the install reason.
Is there a better way to find out a path's package-shipped permissions...
$ bsdtar tzvf /var/cache/pacman/pkg/audit-2.8.5-6-x86_64.pkg.tar.xz var/log/audit
drwx------ 0 root root 0 Oct 27 02:09 var/log/audit/
...or even better yet, find out the package-shipped permissions of all paths that do not have these permissions?
Grep the log as JWR suggested.
Keep in mind that most such mismatches can simply be ignored, but if you really do want to fix them all in one go:
sed -n '/permissions differ/ {s/.* on //;h;n;s/.*age:/chmod/;G;s/\n/ /p; }' /var/log/pacman.log > fixem
chmod 0755 fixem
sudo ./fixem
Last edited by Trilby (2019-11-17 03:39:55)
"UNIX is simple and coherent..." - Dennis Ritchie, "GNU's Not UNIX" - Richard Stallman
Offline
or, you could look at this:
zless /var/lib/pacman/local/glibc-2.30-3/mtree
But that might be difficult to interpret.
Offline
Install pacutils, see paccheck and pacfile.
Awesome. "paccheck --file-properties --quiet" gives me exactly the output I need – all package-shipped files with permissions/owner/group mismatches, along with the perms/owner/group they are shipped with.
grep -A1 "differ" /var/log/pacman.log
Very helpful as well. In retrospect I should have thought to look for a log file.
Also, there's no need for --asdeps in your current method.
Reinstalling a package with `pacman -S <pkgname>` will not change the install reason.
This will make re-installing all packages after having root file system issues all the more easier, thank you.
eomanis wrote:Before you can look closer, the warning messages get pushed off the screen
Shift-PgUp
Damnit. All those wasted years.
However the default scrollback only seems to be 1 screen height, which would not have sufficed. Still, good to know, thanks.
Offline