[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Bullseye - who and users return nothing

On Tue 25 Jan 2022, at 04:50, David Wright <deblis@lionunicorn.co.uk> wrote:
> On Tue 25 Jan 2022 at 04:22:39 (+0000), Gareth Evans wrote:
>> On Tue 25 Jan 2022, at 04:10, Polyna-Maude Racicot-Summerside <debian@polynamaude.com> wrote:
>> > On 2022-01-24 23:03, Gareth Evans wrote:
>> >> Jan 25 01:46:52 qwerty systemd-tmpfiles[1340]: Detected unsafe path transition / → /var during canonicalization of /var/log/journal/7f684579096949909ba2bfac31e8423e/sy>
>> >> Jan 25 01:46:52 qwerty systemd[1]: Finished Create Volatile Files and Directories.
>> >> 
>> >> Googling "Detected unsafe path transition during canonicalization" led me to 
>> >> 
>> >> https://bbs.archlinux.org/viewtopic.php?id=260924
>> >> 
>> >> where a user sees this error because / is owned by the user rather than root.
>> >> 
>> >> Lo and behold
>> >> 
>> >> $ stat /
>> >> 
>> >> shows this is what has somehow happened.
>> >> 
>> >> $ sudo chown root:root /
>> >> 
>> >> solves the disappearing /var/run/utmp problem (and fixes who/users) 
>> >> 
>> >> There is nothing in bash history to suggest I did this - can/should it happen any other way?
>> 
>> > No one other than you know the whole story behind what happened with
>> > your computer.
>> >
>> > Is it a new clean install
>> > How did you partition the hard drive
>> > etc..
>> 
>> The last clean installation was of Buster and it's since been upgraded to Bullseye.
>> 
>> An unfinished and accidentally-executed 
>> 
>> sudo chown /[some/file] 
>> 
>> doesn't seem impossible, but the lack of any such thing in bash history seems curious.  Perhaps a leading space crept in too, which would exclude the command from the history.
>> 
>> I was just wondering about other ways that could happen, if any.
>
> A frequent way, sometimes narrated in Operator Horror Stories from
> years ago, was untarring an archive. Gnu tar does its best to protect
> you, but can be overridden.
>

> But my Q1 is always "What were the ownerships and permissions before
> you reverted them?" That's often the best clue. 

As of now:

$ ls -ld /
drwxr-xr-x 23 root root 33 Jan 21 14:48 /

The only difference was my username in the owner position.

There is nothing in my [timestamped] bash history at 14:48 on 21 Jan.  Just before that time I had used engrampa from the command line. Use of other scripts around the time suggests the archive concerned may have been a file in /var/www/html - I do sometimes have to change permissions and ownership there, so perhaps (cough mumble mumble).

Thanks all.
G






> Eg, from just yesterday:
> https://lists.debian.org/debian-user/2022/01/msg00874.html
> caused by restoring backups from amanda.
>
> Cheers,
> David.
Reply to: