Re: /.cache directory

To: debian-user@lists.debian.org
Subject: Re: /.cache directory
From: Greg Wooledge <greg@wooledge.org>
Date: Fri, 26 Sep 2025 07:35:52 -0400
Message-id: <[🔎] 20250926113552.GH19380@wooledge.org>
Mail-followup-to: debian-user@lists.debian.org
In-reply-to: <[🔎] 5ab59ddd-4ee8-4d05-be5e-5ba8b074a848@darac.org.uk>
References: <[🔎] CAJ9BSW-ky-7qbmbB388L2wSXfVUsQMUQgw519kyktredhGt4JQ@mail.gmail.com> <[🔎] aNV6hoOGCp3oV+Gw@mail.bitfolk.com> <[🔎] 20250925184028.29650528@acer-suse.fritz.box> <[🔎] CAH8yC8=nEc9uzj0VyBtJ_DA0icFVcfMbbuP=B=e-dsCjmERS6Q@mail.gmail.com> <[🔎] 5ab59ddd-4ee8-4d05-be5e-5ba8b074a848@darac.org.uk>

On Fri, Sep 26, 2025 at 08:16:23 +0100, Darac Marjal wrote:
> It's probably worth noting, too, that the `login` program (from util-linux)
> will use / as a home directory if it _can't_ change to $HOME. It will,
> however, print a message letting the user know this is the case:
> https://sources.debian.org/src/util-linux/2.41.2-1/login-utils/login.c#L1549

That doesn't change the HOME environment variable, though.  It just
leaves you sitting in the / directory.

If that happened, it was either because they logged in as root but the
/root directory was missing, *or* they logged in as a non-root user
whose home directory was missing.

In the first case, you'd think they would have included "Also, there
was no /root directory!" in their original message.

In the second case, they wouldn't have been able to create /.cache.
We saw the permissions on their / directory and they looked correct.
Also, the /.cache directory was owned by root.

So, for this to have been what happened, they'd have to have followed
a whole chain of unlikely events, either:

 1a) Their installation was missing /root.
 1b) They logged in as root and it dropped them in /.
 1c) They ran something which created a .cache directory (not a ~/.cache
     directory, but literally .cache relative to $PWD rather than $HOME).
 1d) At some point later, their /root directory was created, hiding the
     reason for this chain to have occurred.

or:

 2a) Their installation had broken permissions on /.
 2b) Their installation created an account with a missing or unreachable
     $HOME directory.
 2c) They logged in as the user with the broken $HOME directory, and
     didn't notice the warning message (or it was a GUI login and they
     didn't get a warning).
 2d) They ran something which created .cache relative to $PWD as in 1c.
 2e) Later, as root, they ran something which "fixed up" the permissions
     and ownership on both / and /.cache, thus hiding the identity of
     the account which created /.cache.

Chain 2 seems extraordinarily unlikely to me.  Chain 1 is at least within
the realm of reasonable possibility.

I doubt it was either of these, though.

Reply to:

References:
- /.cache directory
  - From: Avinash Sonawane <rootkea@gmail.com>
- Re: /.cache directory
  - From: Andy Smith <andy@strugglers.net>
- Re: /.cache directory
  - From: debian-user@howorth.org.uk
- Re: /.cache directory
  - From: Jeffrey Walton <noloader@gmail.com>
- Re: /.cache directory
  - From: Darac Marjal <mailinglist@darac.org.uk>

Prev by Date: Re: /.cache directory
Next by Date: Re: /.cache directory
Previous by thread: Re: /.cache directory
Next by thread: Re: /.cache directory
Index(es):
- Date
- Thread