Directory permissions differ on /root/

noreset · 2021-01-25 15:03:27

Hello folks, I had a strange warning during the upgrade I issued today. During the installation of the package filesystem-2021.01.19-1 I got this message back:

(  5/239) upgrading filesystem                           [##############################] 100%
warning: directory permissions differ on /root/
filesystem: 755  package: 750

I never changed any permission on root folder, btw, I'm using ext4 fs.
Do I have to change the user permission to 0 on the root folder to fix this issue?

Thanks

Trilby · 2021-01-25 15:22:28

/root/ has alwas been 750 (at least for the past 7 years). Do you want your root user's home directory to be world readable? It seems unwise on principle, but also completely benign in practice on most systems: do you even have anything under /root/?

Personally I'd be a bit more curious how it got that way. If you in fact did not change it, something did. And that something was running with root access and changing bits of your system to be less secure. That's a red flag to me: what else was changed.

Last edited by Trilby (2021-01-25 15:24:45)

WorMzy · 2021-01-25 15:31:01

noreset wrote:

I never changed any permission on root folder, btw,

Well something did. /root on Arch has had 750 permissions for as long as I can remember:

$ for pkg in /var/cache/pacman/pkg/filesystem-*; do bsdtar tvf "$pkg" root; done
drwxr-x---  0 root   root        0 Oct 23  2012 root/
drwxr-x---  0 root   root        0 Nov 22  2012 root/
drwxr-x---  0 root   root        0 Dec  4  2012 root/
drwxr-x---  0 root   root        0 Jan 27  2013 root/
drwxr-x---  0 root   root        0 Mar 14  2013 root/
drwxr-x---  0 root   root        0 May 31  2013 root/
drwxr-x---  0 root   root        0 May 31  2013 root/
drwxr-x---  0 root   root        0 May 29  2014 root/
drwxr-x---  0 root   root        0 Jun  4  2014 root/
drwxr-x---  0 root   root        0 Jun 12  2014 root/
drwxr-x---  0 root   root        0 Jul  4  2014 root/
drwxr-x---  0 root   root        0 Oct 25  2014 root/
drwxr-x---  0 root   root        0 Feb 15  2015 root/
drwxr-x---  0 root   root        0 Feb 15  2015 root/
drwxr-x---  0 root   root        0 Sep 30  2015 root/
drwxr-x---  0 root   root        0 Sep 30  2015 root/
drwxr-x---  0 root   root        0 Dec  5  2016 root/
drwxr-x---  0 root   root        0 Dec  5  2016 root/
drwxr-x---  0 root   root        0 Mar 26  2017 root/
drwxr-x---  0 root   root        0 Mar 26  2017 root/
drwxr-x---  0 root   root        0 Oct 17  2017 root/
drwxr-x---  0 root   root        0 Dec  6  2018 root/
drwxr-x---  0 root   root        0 Jan  5  2018 root/
drwxr-x---  0 root   root        0 Aug 21  2018 root/
drwxr-x---  0 root   root        0 May 23  2019 root/
drwxr-x---  0 root   root        0 Oct  6  2019 root/
drwxr-x---  0 root   root        0 Nov 13  2019 root/
drwxr-x---  0 root   root        0 May  3  2020 root/
drwxr-x---  0 root   root        0 May  7  2020 root/
drwxr-x---  0 root   root        0 May 19  2020 root/
drwxr-x---  0 root   root        0 Aug 21 12:19 root/
drwxr-x---  0 root   root        0 Sep  2 23:30 root/
drwxr-x---  0 root   root        0 Jan 19 01:32 root/

If you didn't change it directly, perhaps you ran some third-party script with questionable commands in it as root?

Do you have to change the permissions back? No. It's a warning, not an error. Should you change them back? That's up to you. I don't see any reason for non-root users to have access to root's home directory, but that's just me.

noreset · 2021-01-25 15:34:41

Trilby wrote:

/root/ has alwas been 750 (at least for the past 7 years). Do you want your root user's home directory to be world readable? It seems unwise on principle, but also completely benign in practice on most systems: do you even have anything under /root/?
Personally I'd be a bit more curious how it got that way. If you in fact did not change it, something did. And that something was running with root access and changing bits of your system to be less secure. That's a red flag to me: what else was changed.

This is my concern, how this happened... basically this is a fresh install, I just installed necessary software always from the main repository and I'm not running any strange script as far as I know.

drwxr-xr-x  17 root root  4096 25 gen 15.43 .
drwxr-xr-x  17 root root  4096 25 gen 15.43 ..
lrwxrwxrwx   1 root root     7 19 gen 02.32 bin -> usr/bin
drwxr-xr-x   5 root root  4096  1 gen  1970 boot
drwxr-xr-x  23 root root  4140 25 gen 16.27 dev
drwxr-xr-x  82 root root  4096 25 gen 16.26 etc
drwxr-xr-x   4 root root  4096 18 nov 00.37 home
lrwxrwxrwx   1 root root     7 19 gen 02.32 lib -> usr/lib
lrwxrwxrwx   1 root root     7 19 gen 02.32 lib64 -> usr/lib
drwx------   2 root root 16384 17 nov 01.27 lost+found
drwxr-xr-x   2 root root  4096  3 set 00.30 mnt
drwxr-xr-x   2 root root  4096  3 set 00.30 opt
dr-xr-xr-x 261 root root     0 25 gen 16.26 proc
drwxr-xr-x   4 root root  4096 15 gen 00.09 root
drwxr-xr-x  24 root root   560 25 gen 16.26 run
lrwxrwxrwx   1 root root     7 19 gen 02.32 sbin -> usr/bin
drwxr-xr-x   4 root root  4096 17 nov 02.06 srv
dr-xr-xr-x  13 root root     0 25 gen 16.26 sys
drwxrwxrwt  15 root root   380 25 gen 16.29 tmp
drwxr-xr-x  10 root root  4096 25 gen 15.44 usr
drwxr-xr-x  12 root root  4096 25 gen 16.15 var
[noreset@argon /]$ ls -al /root/
total 44
drwxr-xr-x  4 root root 4096 15 gen 00.09 .
drwxr-xr-x 17 root root 4096 25 gen 15.43 ..
-rw-------  1 root root 7768 15 gen 00.09 .bash_history
-rw-r--r--  1 root root   21  9 ago 18.27 .bash_logout
-rw-r--r--  1 root root   57  9 ago 18.27 .bash_profile
-rw-r--r--  1 root root  643 18 nov 00.27 .bashrc
drwx------  2 root root 4096 11 dic 02.34 .cache
-rw-r--r--  1 root root 4304 18 nov 00.31 .dircolors
drwx------  3 root root 4096 17 nov 02.06 .gnupg

I'm gonna change the /root/ folder permissions to 750

Last edited by noreset (2021-01-25 15:41:54)

Trilby · 2021-01-25 15:37:59

Whatever made the change seems to have done so recursively - either that or there was also a umask or related change that happened before files were created (note those dot files are world readable which is atypical). But like the directory, this on it's own is pretty trivial.

Last edited by Trilby (2021-01-25 15:38:32)

noreset · 2021-01-25 15:47:27

Trilby wrote:

Whatever made the change seems to have done so recursively - either that or there was also a umask or related change that happened before files were created (note those dot files are world readable which is atypical). But like the directory, this on it's own is pretty trivial.

I just modified permissions to be 750 recursively for the /root folder and its content.

Last edited by noreset (2021-01-25 15:47:43)

y5 · 2022-12-04 22:27:20

.

Last edited by y5 (2022-12-06 22:22:16)

cfr · 2022-12-05 03:59:16

y5 wrote:

requesting guidance.
after a fresh install with archlinux-2022.11.01-x86_64.iso the command sudo stat -c "%a %n" /root gives me 700 /root
is that the default or should i chmod root to 750?

On my system they are 0750. However, since /root is typically owned by root:root and only root should be a member of the root group, the effective difference is probably negligible provided you've configured things in this way.

In contrast, my home directory has 0700, but I may well have changed that whereas I wouldn't have altered /root.

y5 · 2022-12-05 05:58:06

.

Last edited by y5 (2022-12-06 22:22:02)

Lone_Wolf · 2022-12-05 11:20:26

for /home 755 is normal (every user needs to be able to access their home folder), for /home/your-user-name 700 is normal .,

cfr · 2022-12-05 15:22:59

To be clear, I was talking about /home/<myusername> and *not* /home when I said the permissions were 0700.

y5 · 2022-12-05 16:00:00

.

Last edited by y5 (2022-12-06 22:21:46)

seth · 2022-12-05 16:42:27

In a perfect world it wouldn't matter because the GID should *really* be 0 as well (ie. owned by root:root) and there should™ be no other user in the root group (that's kinda what wheel is for)
700 is therefore fine

grep root: /etc/group

on how ideal your world is.

y5 · 2022-12-05 20:35:39

.

Last edited by y5 (2022-12-06 22:21:34)

seth · 2022-12-05 20:53:07

700 is the stricter variant anyway, but since the only user in GID 0 is the root user (what is normal and borderline mandatory) it is effectively equivalent to 750 (except for setgid binaries/processes that are not equivalent setuid)

Fyi only, you don't need to post the outputs:

find /usr/bin -xdev -user root -perm -2000 # SGID in /usr/bin
find /usr/bin -xdev -user root -perm -2000 # SUID in /usr/bin

Other processes might ask for credentials to elevate UID or GID.

tl;dr, you can easily leave it at 700 until you get feature problems w/ that (what is unlikely)
It is NOT an "unsafe" value.

y5 · 2022-12-05 21:04:38

.

Last edited by y5 (2022-12-06 22:21:20)

Arch Linux

#1 2021-01-25 15:03:27

Directory permissions differ on /root/

#2 2021-01-25 15:22:28

Re: Directory permissions differ on /root/

#3 2021-01-25 15:31:01

Re: Directory permissions differ on /root/

#4 2021-01-25 15:34:41

Re: Directory permissions differ on /root/

#5 2021-01-25 15:37:59

Re: Directory permissions differ on /root/

#6 2021-01-25 15:47:27

Re: Directory permissions differ on /root/

#7 2022-12-04 22:27:20

Re: Directory permissions differ on /root/

#8 2022-12-05 03:59:16

Re: Directory permissions differ on /root/

#9 2022-12-05 05:58:06

Re: Directory permissions differ on /root/

#10 2022-12-05 11:20:26

Re: Directory permissions differ on /root/

#11 2022-12-05 15:22:59

Re: Directory permissions differ on /root/

#12 2022-12-05 16:00:00

Re: Directory permissions differ on /root/

#13 2022-12-05 16:42:27

Re: Directory permissions differ on /root/

#14 2022-12-05 20:35:39

Re: Directory permissions differ on /root/

#15 2022-12-05 20:53:07

Re: Directory permissions differ on /root/

#16 2022-12-05 21:04:38

Re: Directory permissions differ on /root/

Board footer