You are not logged in.

#1 2019-11-17 02:15:21

eomanis
Member
Registered: 2013-04-17
Posts: 50

[SOLVED] pacman: How to display package-shipped permissions?

Tl;dr

apg wrote:

Install pacutils, see paccheck and pacfile.

"paccheck --file-properties --quiet" gives the required output.

------------------------------------------------

Situation: You update your system with "pacman -Syu", and for some reason or other you do this in a text-only environment, and you see some of these scroll by:

warning: directory permissions differ on /var/log/audit/
filesystem: 755  package: 700

Before you can look closer, the warning messages get pushed off the screen, and you don't remember the affected paths or the package-shipped permissions.

After the update you reboot, with the intention of fixing these issues. You use "pacman -Qkk" to list packages having this kind of issue. Unfortunately, all you get is this:

warning: audit: /var/log/audit (Permissions mismatch)

This is what just happened to me. I invested about 45 minutes into reading "man pacman" and the pacman Arch wiki entry and I also searched the forums for a bit, without finding anything worthwhile.

I also tried "pacman -Qkkk", "pacman -Qkk --verbose", "pacman -Ql" and "pacman -Qll" without success.

For the time being I can do this: For each affected package...

  1. Find out if it is explicitely installed with "pacman -Qi <package>"

  2. Reinstall it with "pacman -S <package>" or "pacman -S --asdeps <package>", depending on whether it was explicitely installed or not

  3. Read the warnings that now show the package-shipped permissions for the affected path(s)

  4. Fix the affected paths' permissions

To be honest, this is both unwieldy and unnecessarily heavyweight (all files get re-extracted).
Is there a better way to find out a path's package-shipped permissions, or even better yet, find out the package-shipped permissions of all paths that do not have these permissions?

Last edited by eomanis (2019-11-17 18:01:03)

Offline

#2 2019-11-17 02:47:47

apg
Developer
Registered: 2012-11-10
Posts: 211

Re: [SOLVED] pacman: How to display package-shipped permissions?

Install pacutils, see paccheck and pacfile.  Also, there's no need for --asdeps in your current method.

Offline

#3 2019-11-17 03:03:17

Scimmia
Fellow
Registered: 2012-09-01
Posts: 11,466

Re: [SOLVED] pacman: How to display package-shipped permissions?

eomanis wrote:

Situation: You update your system with "pacman -Syu", and for some reason or other you do this in a text-only environment, and you see some of these scroll by:

warning: directory permissions differ on /var/log/audit/
filesystem: 755  package: 700

Before you can look closer, the warning messages get pushed off the screen, and you don't remember the affected paths or the package-shipped permissions.

Shift-PgUp

Offline

#4 2019-11-17 03:16:39

jasonwryan
Anarchist
From: .nz
Registered: 2009-05-09
Posts: 30,424
Website

Re: [SOLVED] pacman: How to display package-shipped permissions?

grep -A1 "differ" /var/log/pacman.log

Arch + dwm   •   Mercurial repos  •   Surfraw

Registered Linux User #482438

Offline

#5 2019-11-17 03:31:55

Trilby
Inspector Parrot
Registered: 2011-11-29
Posts: 29,449
Website

Re: [SOLVED] pacman: How to display package-shipped permissions?

eomanis wrote:
  1. Find out if it is explicitely installed with "pacman -Qi <package>"

  2. Reinstall it with "pacman -S <package>" or "pacman -S --asdeps <package>", depending on whether it was explicitely installed or not

  3. Read the warnings that now show the package-shipped permissions for the affected path(s)

  4. Fix the affected paths' permissions

There is no need for step one or the second half of step two.  Reinstalling a package with `pacman -S <pkgname>` will not change the install reason.

eomanis wrote:

Is there a better way to find out a path's package-shipped permissions...

$ bsdtar tzvf /var/cache/pacman/pkg/audit-2.8.5-6-x86_64.pkg.tar.xz var/log/audit
drwx------  0 root   root        0 Oct 27 02:09 var/log/audit/
eomanis wrote:

...or even better yet, find out the package-shipped permissions of all paths that do not have these permissions?

Grep the log as JWR suggested.

Keep in mind that most such mismatches can simply be ignored, but if you really do want to fix them all in one go:

sed -n '/permissions differ/ {s/.* on //;h;n;s/.*age:/chmod/;G;s/\n/ /p; }' /var/log/pacman.log > fixem
chmod 0755 fixem
sudo ./fixem

Last edited by Trilby (2019-11-17 03:39:55)


"UNIX is simple and coherent..." - Dennis Ritchie, "GNU's Not UNIX" -  Richard Stallman

Offline

#6 2019-11-17 03:41:02

Allan
Pacman
From: Brisbane, AU
Registered: 2007-06-09
Posts: 11,365
Website

Re: [SOLVED] pacman: How to display package-shipped permissions?

or, you could look at this:

zless /var/lib/pacman/local/glibc-2.30-3/mtree 

But that might be difficult to interpret.

Offline

#7 2019-11-17 17:57:43

eomanis
Member
Registered: 2013-04-17
Posts: 50

Re: [SOLVED] pacman: How to display package-shipped permissions?

apg wrote:

Install pacutils, see paccheck and pacfile.

Awesome. "paccheck --file-properties --quiet" gives me exactly the output I need – all package-shipped files with permissions/owner/group mismatches, along with the perms/owner/group they are shipped with.

jasonwryan wrote:
grep -A1 "differ" /var/log/pacman.log

Very helpful as well. In retrospect I should have thought to look for a log file.

apg wrote:

Also, there's no need for --asdeps in your current method.

Trilby wrote:

Reinstalling a package with `pacman -S <pkgname>` will not change the install reason.

This will make re-installing all packages after having root file system issues all the more easier, thank you.

Scimmia wrote:
eomanis wrote:

Before you can look closer, the warning messages get pushed off the screen

Shift-PgUp

Damnit. All those wasted years.
However the default scrollback only seems to be 1 screen height, which would not have sufficed. Still, good to know, thanks.

Offline

Board footer

Powered by FluxBB