Skip to main content
Topic: Should permissions be changed when there are warnings during upgrade? (Read 1132 times) previous topic - next topic
0 Members and 3 Guests are viewing this topic.

Should permissions be changed when there are warnings during upgrade?

I have noticed this warning from time to time. Does anybody know why this would start to happen? Seems my system has in general stricter permissions still wonder should I change the permissions or not?

```
$ grep -i -A1 'directory permissions' /var/log/pacman.log
[2022-06-29T11:35:06+0300] [ALPM] warning: directory permissions differ on /var/lib/syslog-ng/
filesystem: 700  package: 755
--
[2022-09-04T14:29:50+0300] [ALPM] warning: directory permissions differ on /etc/bluetooth/
filesystem: 755  package: 555
--
[2022-10-17T14:51:43+0300] [ALPM] warning: directory permissions differ on /var/lib/syslog-ng/
filesystem: 700  package: 755
--
[2022-11-01T18:38:21+0200] [ALPM] warning: directory permissions differ on /etc/polkit-1/rules.d/
filesystem: 750  package: 700
[2022-11-01T18:38:21+0200] [ALPM] warning: directory permissions differ on /usr/share/polkit-1/rules.d/
filesystem: 750  package: 755
--
[2022-11-05T17:40:18+0200] [ALPM] warning: directory permissions differ on /var/lib/syslog-ng/
filesystem: 700  package: 755
```

Re: Should permissions be changed when there are warnings during upgrade?

Reply #1
Since nobody has commented on this post for two weeks now, I will take a shot at it. I might not get everything right, so anyone reading this can feel free to correct me.

The short answer is, it's usually nothing to worry about. The long answer is a bit more complicated...

This warning is usually caused by one of these situations:

1) The user has changed the permissions on a directory, whether intentionally or accidentally.

2) A new version of the package specifies different permissions than the previous version.

3) Two packages share a common directory, but disagree on its permissions.

4) The package specifies one set of permissions, but a program or script on the system changes the permissions at run time.


In the case of syslog-ng, it appears that the problem is (4). The package wants a permission of 755, but as soon as the program starts (or restarts) it resets the permissions back to 700. So even if you manually change the permissions to 755 to match the package, as soon as you reboot the system or restart syslog-ng, the program itself will change them back to 700. I would consider this a packaging bug, but not really a high-priority bug.

For reference, see:

Line 61 of syslog-ng/PKGBUILD:
  install -dm755 "$pkgdir/var/lib/syslog-ng" "$pkgdir/etc/syslog-ng/patterndb.d"

Line 145 of syslog-ng-3.38.1/lib/file-perms.c:
  self->dir_perm = 0700;



Re: Should permissions be changed when there are warnings during upgrade?

Reply #2
Thanks, appreciate it. I can just ignore it then.

Re: Should permissions be changed when there are warnings during upgrade?

Reply #3
One has to judge the actual message at the time to determine if one should just ignore the message.
A rolling distribution does change the default file permissions over time in my experience.
I do recall a couple of permission changes that were recommended to tighten security in the past.
If I see a tightening of permissions I usually changed them unless I have customized them myself.

Of course the system is yours to use and configure as you see fit.
Most file permissions changes will not destroy the universe so it is not something critical.
But since any system that is connected to the Internet or any other network, then security is something to be viewed very closely.
Permissions are part of the parcel to have as secure system as possible and still get email, video or what have you online.