Re: Bullseye - who and users return nothing
On Tue 25 Jan 2022, at 04:50, David Wright <deblis@lionunicorn.co.uk> wrote:
> On Tue 25 Jan 2022 at 04:22:39 (+0000), Gareth Evans wrote:
>> On Tue 25 Jan 2022, at 04:10, Polyna-Maude Racicot-Summerside <debian@polynamaude.com> wrote:
>> > On 2022-01-24 23:03, Gareth Evans wrote:
>> >> Jan 25 01:46:52 qwerty systemd-tmpfiles[1340]: Detected unsafe path transition / → /var during canonicalization of /var/log/journal/7f684579096949909ba2bfac31e8423e/sy>
>> >> Jan 25 01:46:52 qwerty systemd[1]: Finished Create Volatile Files and Directories.
>> >>
>> >> Googling "Detected unsafe path transition during canonicalization" led me to
>> >>
>> >> https://bbs.archlinux.org/viewtopic.php?id=260924
>> >>
>> >> where a user sees this error because / is owned by the user rather than root.
>> >>
>> >> Lo and behold
>> >>
>> >> $ stat /
>> >>
>> >> shows this is what has somehow happened.
>> >>
>> >> $ sudo chown root:root /
>> >>
>> >> solves the disappearing /var/run/utmp problem (and fixes who/users)
>> >>
>> >> There is nothing in bash history to suggest I did this - can/should it happen any other way?
>>
>> > No one other than you know the whole story behind what happened with
>> > your computer.
>> >
>> > Is it a new clean install
>> > How did you partition the hard drive
>> > etc..
>>
>> The last clean installation was of Buster and it's since been upgraded to Bullseye.
>>
>> An unfinished and accidentally-executed
>>
>> sudo chown /[some/file]
>>
>> doesn't seem impossible, but the lack of any such thing in bash history seems curious. Perhaps a leading space crept in too, which would exclude the command from the history.
>>
>> I was just wondering about other ways that could happen, if any.
>
> A frequent way, sometimes narrated in Operator Horror Stories from
> years ago, was untarring an archive. Gnu tar does its best to protect
> you, but can be overridden.
>
> But my Q1 is always "What were the ownerships and permissions before
> you reverted them?" That's often the best clue.
As of now:
$ ls -ld /
drwxr-xr-x 23 root root 33 Jan 21 14:48 /
The only difference was my username in the owner position.
There is nothing in my [timestamped] bash history at 14:48 on 21 Jan. Just before that time I had used engrampa from the command line. Use of other scripts around the time suggests the archive concerned may have been a file in /var/www/html - I do sometimes have to change permissions and ownership there, so perhaps (cough mumble mumble).
Thanks all.
G
> Eg, from just yesterday:
> https://lists.debian.org/debian-user/2022/01/msg00874.html
> caused by restoring backups from amanda.
>
> Cheers,
> David.
Reply to: