Should permissions be changed when there are warnings during upgrade? 08 November 2022, 06:01:31 I have noticed this warning from time to time. Does anybody know why this would start to happen? Seems my system has in general stricter permissions still wonder should I change the permissions or not?```$ grep -i -A1 'directory permissions' /var/log/pacman.log[2022-06-29T11:35:06+0300] [ALPM] warning: directory permissions differ on /var/lib/syslog-ng/filesystem: 700 package: 755--[2022-09-04T14:29:50+0300] [ALPM] warning: directory permissions differ on /etc/bluetooth/filesystem: 755 package: 555--[2022-10-17T14:51:43+0300] [ALPM] warning: directory permissions differ on /var/lib/syslog-ng/filesystem: 700 package: 755--[2022-11-01T18:38:21+0200] [ALPM] warning: directory permissions differ on /etc/polkit-1/rules.d/filesystem: 750 package: 700[2022-11-01T18:38:21+0200] [ALPM] warning: directory permissions differ on /usr/share/polkit-1/rules.d/filesystem: 750 package: 755--[2022-11-05T17:40:18+0200] [ALPM] warning: directory permissions differ on /var/lib/syslog-ng/filesystem: 700 package: 755```
Re: Should permissions be changed when there are warnings during upgrade? Reply #1 – 23 November 2022, 06:56:24 Since nobody has commented on this post for two weeks now, I will take a shot at it. I might not get everything right, so anyone reading this can feel free to correct me.The short answer is, it's usually nothing to worry about. The long answer is a bit more complicated...This warning is usually caused by one of these situations:1) The user has changed the permissions on a directory, whether intentionally or accidentally.2) A new version of the package specifies different permissions than the previous version.3) Two packages share a common directory, but disagree on its permissions.4) The package specifies one set of permissions, but a program or script on the system changes the permissions at run time.In the case of syslog-ng, it appears that the problem is (4). The package wants a permission of 755, but as soon as the program starts (or restarts) it resets the permissions back to 700. So even if you manually change the permissions to 755 to match the package, as soon as you reboot the system or restart syslog-ng, the program itself will change them back to 700. I would consider this a packaging bug, but not really a high-priority bug.For reference, see:Line 61 of syslog-ng/PKGBUILD: install -dm755 "$pkgdir/var/lib/syslog-ng" "$pkgdir/etc/syslog-ng/patterndb.d"Line 145 of syslog-ng-3.38.1/lib/file-perms.c: self->dir_perm = 0700; Last Edit: 23 November 2022, 07:41:12 by JPohl 2 Likes
Re: Should permissions be changed when there are warnings during upgrade? Reply #2 – 08 February 2023, 18:16:38 Thanks, appreciate it. I can just ignore it then.
Re: Should permissions be changed when there are warnings during upgrade? Reply #3 – 08 February 2023, 19:28:56 One has to judge the actual message at the time to determine if one should just ignore the message.A rolling distribution does change the default file permissions over time in my experience.I do recall a couple of permission changes that were recommended to tighten security in the past.If I see a tightening of permissions I usually changed them unless I have customized them myself.Of course the system is yours to use and configure as you see fit.Most file permissions changes will not destroy the universe so it is not something critical.But since any system that is connected to the Internet or any other network, then security is something to be viewed very closely.Permissions are part of the parcel to have as secure system as possible and still get email, video or what have you online. 1 Likes