You are not logged in.
Hello folks, I had a strange warning during the upgrade I issued today. During the installation of the package filesystem-2021.01.19-1 I got this message back:
( 5/239) upgrading filesystem [##############################] 100%
warning: directory permissions differ on /root/
filesystem: 755 package: 750
I never changed any permission on root folder, btw, I'm using ext4 fs.
Do I have to change the user permission to 0 on the root folder to fix this issue?
Thanks
Offline
/root/ has alwas been 750 (at least for the past 7 years). Do you want your root user's home directory to be world readable? It seems unwise on principle, but also completely benign in practice on most systems: do you even have anything under /root/?
Personally I'd be a bit more curious how it got that way. If you in fact did not change it, something did. And that something was running with root access and changing bits of your system to be less secure. That's a red flag to me: what else was changed.
Last edited by Trilby (2021-01-25 15:24:45)
"UNIX is simple and coherent" - Dennis Ritchie; "GNU's Not Unix" - Richard Stallman
Offline
I never changed any permission on root folder, btw,
Well something did. /root on Arch has had 750 permissions for as long as I can remember:
$ for pkg in /var/cache/pacman/pkg/filesystem-*; do bsdtar tvf "$pkg" root; done
drwxr-x--- 0 root root 0 Oct 23 2012 root/
drwxr-x--- 0 root root 0 Nov 22 2012 root/
drwxr-x--- 0 root root 0 Dec 4 2012 root/
drwxr-x--- 0 root root 0 Jan 27 2013 root/
drwxr-x--- 0 root root 0 Mar 14 2013 root/
drwxr-x--- 0 root root 0 May 31 2013 root/
drwxr-x--- 0 root root 0 May 31 2013 root/
drwxr-x--- 0 root root 0 May 29 2014 root/
drwxr-x--- 0 root root 0 Jun 4 2014 root/
drwxr-x--- 0 root root 0 Jun 12 2014 root/
drwxr-x--- 0 root root 0 Jul 4 2014 root/
drwxr-x--- 0 root root 0 Oct 25 2014 root/
drwxr-x--- 0 root root 0 Feb 15 2015 root/
drwxr-x--- 0 root root 0 Feb 15 2015 root/
drwxr-x--- 0 root root 0 Sep 30 2015 root/
drwxr-x--- 0 root root 0 Sep 30 2015 root/
drwxr-x--- 0 root root 0 Dec 5 2016 root/
drwxr-x--- 0 root root 0 Dec 5 2016 root/
drwxr-x--- 0 root root 0 Mar 26 2017 root/
drwxr-x--- 0 root root 0 Mar 26 2017 root/
drwxr-x--- 0 root root 0 Oct 17 2017 root/
drwxr-x--- 0 root root 0 Dec 6 2018 root/
drwxr-x--- 0 root root 0 Jan 5 2018 root/
drwxr-x--- 0 root root 0 Aug 21 2018 root/
drwxr-x--- 0 root root 0 May 23 2019 root/
drwxr-x--- 0 root root 0 Oct 6 2019 root/
drwxr-x--- 0 root root 0 Nov 13 2019 root/
drwxr-x--- 0 root root 0 May 3 2020 root/
drwxr-x--- 0 root root 0 May 7 2020 root/
drwxr-x--- 0 root root 0 May 19 2020 root/
drwxr-x--- 0 root root 0 Aug 21 12:19 root/
drwxr-x--- 0 root root 0 Sep 2 23:30 root/
drwxr-x--- 0 root root 0 Jan 19 01:32 root/
If you didn't change it directly, perhaps you ran some third-party script with questionable commands in it as root?
Do you have to change the permissions back? No. It's a warning, not an error. Should you change them back? That's up to you. I don't see any reason for non-root users to have access to root's home directory, but that's just me.
Sakura:-
Mobo: MSI MAG X570S TORPEDO MAX // Processor: AMD Ryzen 9 5950X @4.9GHz // GFX: AMD Radeon RX 5700 XT // RAM: 32GB (4x 8GB) Corsair DDR4 (@ 3000MHz) // Storage: 1x 3TB HDD, 6x 1TB SSD, 2x 120GB SSD, 1x 275GB M2 SSD
Making lemonade from lemons since 2015.
Offline
/root/ has alwas been 750 (at least for the past 7 years). Do you want your root user's home directory to be world readable? It seems unwise on principle, but also completely benign in practice on most systems: do you even have anything under /root/?
Personally I'd be a bit more curious how it got that way. If you in fact did not change it, something did. And that something was running with root access and changing bits of your system to be less secure. That's a red flag to me: what else was changed.
This is my concern, how this happened... basically this is a fresh install, I just installed necessary software always from the main repository and I'm not running any strange script as far as I know.
drwxr-xr-x 17 root root 4096 25 gen 15.43 .
drwxr-xr-x 17 root root 4096 25 gen 15.43 ..
lrwxrwxrwx 1 root root 7 19 gen 02.32 bin -> usr/bin
drwxr-xr-x 5 root root 4096 1 gen 1970 boot
drwxr-xr-x 23 root root 4140 25 gen 16.27 dev
drwxr-xr-x 82 root root 4096 25 gen 16.26 etc
drwxr-xr-x 4 root root 4096 18 nov 00.37 home
lrwxrwxrwx 1 root root 7 19 gen 02.32 lib -> usr/lib
lrwxrwxrwx 1 root root 7 19 gen 02.32 lib64 -> usr/lib
drwx------ 2 root root 16384 17 nov 01.27 lost+found
drwxr-xr-x 2 root root 4096 3 set 00.30 mnt
drwxr-xr-x 2 root root 4096 3 set 00.30 opt
dr-xr-xr-x 261 root root 0 25 gen 16.26 proc
drwxr-xr-x 4 root root 4096 15 gen 00.09 root
drwxr-xr-x 24 root root 560 25 gen 16.26 run
lrwxrwxrwx 1 root root 7 19 gen 02.32 sbin -> usr/bin
drwxr-xr-x 4 root root 4096 17 nov 02.06 srv
dr-xr-xr-x 13 root root 0 25 gen 16.26 sys
drwxrwxrwt 15 root root 380 25 gen 16.29 tmp
drwxr-xr-x 10 root root 4096 25 gen 15.44 usr
drwxr-xr-x 12 root root 4096 25 gen 16.15 var
[noreset@argon /]$ ls -al /root/
total 44
drwxr-xr-x 4 root root 4096 15 gen 00.09 .
drwxr-xr-x 17 root root 4096 25 gen 15.43 ..
-rw------- 1 root root 7768 15 gen 00.09 .bash_history
-rw-r--r-- 1 root root 21 9 ago 18.27 .bash_logout
-rw-r--r-- 1 root root 57 9 ago 18.27 .bash_profile
-rw-r--r-- 1 root root 643 18 nov 00.27 .bashrc
drwx------ 2 root root 4096 11 dic 02.34 .cache
-rw-r--r-- 1 root root 4304 18 nov 00.31 .dircolors
drwx------ 3 root root 4096 17 nov 02.06 .gnupg
I'm gonna change the /root/ folder permissions to 750
Last edited by noreset (2021-01-25 15:41:54)
Offline
Whatever made the change seems to have done so recursively - either that or there was also a umask or related change that happened before files were created (note those dot files are world readable which is atypical). But like the directory, this on it's own is pretty trivial.
Last edited by Trilby (2021-01-25 15:38:32)
"UNIX is simple and coherent" - Dennis Ritchie; "GNU's Not Unix" - Richard Stallman
Offline
Whatever made the change seems to have done so recursively - either that or there was also a umask or related change that happened before files were created (note those dot files are world readable which is atypical). But like the directory, this on it's own is pretty trivial.
I just modified permissions to be 750 recursively for the /root folder and its content.
Last edited by noreset (2021-01-25 15:47:43)
Offline
.
Last edited by y5 (2022-12-06 22:22:16)
Offline
requesting guidance.
after a fresh install with archlinux-2022.11.01-x86_64.iso the command sudo stat -c "%a %n" /root gives me 700 /root
is that the default or should i chmod root to 750?
On my system they are 0750. However, since /root is typically owned by root:root and only root should be a member of the root group, the effective difference is probably negligible provided you've configured things in this way.
In contrast, my home directory has 0700, but I may well have changed that whereas I wouldn't have altered /root.
CLI Paste | How To Ask Questions
Arch Linux | x86_64 | GPT | EFI boot | refind | stub loader | systemd | LVM2 on LUKS
Lenovo x270 | Intel(R) Core(TM) i5-7200U CPU @ 2.50GHz | Intel Wireless 8265/8275 | US keyboard w/ Euro | 512G NVMe INTEL SSDPEKKF512G7L
Offline
.
Last edited by y5 (2022-12-06 22:22:02)
Offline
for /home 755 is normal (every user needs to be able to access their home folder), for /home/your-user-name 700 is normal .,
Disliking systemd intensely, but not satisfied with alternatives so focusing on taming systemd.
clean chroot building not flexible enough ?
Try clean chroot manager by graysky
Offline
To be clear, I was talking about /home/<myusername> and *not* /home when I said the permissions were 0700.
CLI Paste | How To Ask Questions
Arch Linux | x86_64 | GPT | EFI boot | refind | stub loader | systemd | LVM2 on LUKS
Lenovo x270 | Intel(R) Core(TM) i5-7200U CPU @ 2.50GHz | Intel Wireless 8265/8275 | US keyboard w/ Euro | 512G NVMe INTEL SSDPEKKF512G7L
Offline
.
Last edited by y5 (2022-12-06 22:21:46)
Offline
In a perfect world it wouldn't matter because the GID should *really* be 0 as well (ie. owned by root:root) and there should™ be no other user in the root group (that's kinda what wheel is for)
700 is therefore fine
grep root: /etc/group
on how ideal your world is.
Offline
.
Last edited by y5 (2022-12-06 22:21:34)
Offline
700 is the stricter variant anyway, but since the only user in GID 0 is the root user (what is normal and borderline mandatory) it is effectively equivalent to 750 (except for setgid binaries/processes that are not equivalent setuid)
Fyi only, you don't need to post the outputs:
find /usr/bin -xdev -user root -perm -2000 # SGID in /usr/bin
find /usr/bin -xdev -user root -perm -2000 # SUID in /usr/bin
Other processes might ask for credentials to elevate UID or GID.
tl;dr, you can easily leave it at 700 until you get feature problems w/ that (what is unlikely)
It is NOT an "unsafe" value.
Offline
.
Last edited by y5 (2022-12-06 22:21:20)
Offline