FS#67844 - [dhcpcd] warning: directory permissions differ on /var/lib/dhcpcd/
Attached to Project:
Arch Linux
Opened by David C. Rankin (drankinatty) - Monday, 07 September 2020, 19:09 GMT
Last edited by Giancarlo Razzolini (grazzolini) - Friday, 23 October 2020, 11:57 GMT
Opened by David C. Rankin (drankinatty) - Monday, 07 September 2020, 19:09 GMT
Last edited by Giancarlo Razzolini (grazzolini) - Friday, 23 October 2020, 11:57 GMT
|
Details
Description:
On update of dhcpcd pacman complains the there are incorrect permissions for /var/lib/dhcpcd, e.g. :: Processing package changes... (1/4) upgrading dhcpcd [######################################] 100% warning: directory permissions differ on /var/lib/dhcpcd/ filesystem: 700 package: 755 Which permissions are correct? (multiple Arch installs give same warning) I have not manually changed the permissions on anything in /var/lib Checking forums recommends filing a bug report: https://bbs.archlinux.org/viewtopic.php?id=42314 Steps to reproduce: pacman -Syu with dhcpcd installed. |
This task depends upon
Closed by Giancarlo Razzolini (grazzolini)
Friday, 23 October 2020, 11:57 GMT
Reason for closing: Fixed
Additional comments about closing: dhcpcd-9.3.1-1 fixes this issue
Friday, 23 October 2020, 11:57 GMT
Reason for closing: Fixed
Additional comments about closing: dhcpcd-9.3.1-1 fixes this issue
In the source code I can only find that DBDIR=/var/lib/dhcpcd/ should be 750 an RUNDIR=/run/dhcp 755
https://github.com/rsmarples/dhcpcd/blob/master/src/dhcpcd.c#L2242
if (mkdir(DBDIR, 0750) == -1 && errno != EEXIST)
if (mkdir(RUNDIR, 0755) == -1 && errno != EEXIST)
[1] https://github.com/rsmarples/dhcpcd/blob/master/src/Makefile#L85
https://github.com/archlinux/svntogit-packages/blob/0dd530a20f81b2c5652738d71a9a2f781a3b2900/trunk/PKGBUILD#L42
And dhcpcd (make) creates the dir since 9.2.0:
https://github.com/rsmarples/dhcpcd/commit/bb7d64877674bd90b84c18364436d26351805a7e#diff-f57f2991a6aa25fe45d8036c51bf8b4dR85
It didn't do so in >= 9.0.0, < 9.2.0:
https://github.com/rsmarples/dhcpcd/commit/5f275b7bd1ed4d1f830b7a60ba253a98f7ef6127#diff-f57f2991a6aa25fe45d8036c51bf8b4dL85
Most likely owing to privilege separation (the daemon part running under a separate user?) being added in 9.0.0:
https://bugs.archlinux.org/task/66191
https://github.com/archlinux/svntogit-packages/commit/25dbad7bad390e40adb136cce37182e491f0dbed
And dhcpcd.tmpfiles was added in 9.0.0. Before that /var/lib/dhcpcd existed as a directory in the package.
I installed it before 9.0.0. The directory was created by copying from the package. The permissions in the package were 0755, since it's the default `install`'s permissions.
In 9.0.0 the directory was no longer in the package, but tmpfiles.d updated the permissions to 0700 on the filesystem.
As such before installing 9.2.0 I had /var/lib/dhcpcd with 0700 on the filesystem, but the directory reappeared in the package with 0755.
Regarding which is better. If it works with 0700 (I haven't been using dhcpcd for a while now), then that is better. And that is what the patch supplied by loqs does.
https://roy.marples.name/cgit/dhcpcd.git/commit/?id=e523ba082b71b22ac03a736fd82f05810606fdca
https://roy.marples.name/cgit/dhcpcd.git/tree/src/dhcpcd.c#n2251
Infact the dhcpcd user shouldn't own anything on the disk.
a) owned by dhcpcd
b) have 700 permission
Also, the dhcpcd user owns the /run/dhcpcd directory. You've mentioned that must not be the case anymore, and those directories should be owned by root. I can use a .install file that sets this permissions on the user's directories, matching things with what upstream delivers. What do you think?
I would also change the home directory of dhcpcd to an empty directory - the unpriv user should not read anything in the chroot.
/run/dhcpcd should be owned by root. And what about permissions? 755?
/var/lib/dhcpcd should also be owned by root and with permission 755, as per upstream.
dhcpcd remains as a privsep user, with /var/empty as home folder.
Yes
/var/lib/dhcpcd should also be owned by root and with permission 755, as per upstream.
No, upstream is 750
> dhcpcd remains as a privsep user, with /var/empty as home folder.
Yes. /var/empty should be owned by root:root as 755
root:root 750 /var/lib/dhcpcd
root:root 755 /run/dhcpcd
root:root 755 /var/empty (home dir of dhcpcd user)
A given program may or may not have the permissions necessary to create directories in /run, so it's often useful, and unlike /var such directories cannot be packaged in "make install" since /run is after all a tmpfs.
I doubt it makes a difference one way or another for a program that is already capable of creating the needed directory.