Directory permissions differ

I’m getting some logs during update, what to do about this?

(494/726) upgrading libvirt                                                                                                                   [#######################################################################################] 100%
warning: directory permissions differ on /var/lib/libvirt/swtpm/
filesystem: 755  package: 711
(704/726) upgrading sudo                                                                                                                      [#######################################################################################] 100%
warning: directory permissions differ on /etc/sudoers.d/
filesystem: 755  package: 750
(724/726) upgrading zfs-utils                                                                                                                 [#######################################################################################] 100%
warning: directory permissions differ on /etc/sudoers.d/
filesystem: 755  package: 750

Currently permissions are:

stat -c "%a %n" /var/lib/libvirt/swtpm/
755 /var/lib/libvirt/swtpm/

stat -c "%a %n" /etc/sudoers.d/
755 /etc/sudo

Those are the permissions the new package brings - different from what they where before.

Leave it be.
These are warnings, no need to do anything.

or
research what the difference is:
755 → owner can do everything, group and others can read and execute the file
711 → owner can do everything, group and others can’t read nor write, but can execute

… essentially: more secure, more restrictive

1 Like

But the permissions were not changed, should I do it manually? If it were a fresh Manjaro install probably will have the newer ones…

I’d leave it alone.
But you can do that.
I don’t know what a fresh install would look like …

It’s unclear if you know how to do this, and other people reading this may not, so…

To change permissions you use chmod.

chmod 750 /path/to/file

# for root owned files
sudo chmod 750 /path/to/file

However as @Nachlese said, there’s no need to do it unless it actually causes an issue (for instance, if a program checks the permissions and refuses to work with them as they are).

https://wiki.archlinux.org/title/File_permissions_and_attributes#Changing_permissions

I’ve uninstalled libvirt and reinstalled it, and the permissions are changed. Maybe you are not giving a good recommendation, or you have not idea how it works.

Maybe …

I’m sure I know how it works.
Maybe you don’t know what the difference is and what (non) consequences it has - I’m actually quite sure about that. :man_shrugging:

1 Like

Actually is a poor design that the update does not automatically change these permissions. i can see old installs of Manjaro being plagued with security issues because of this.

Yeah, well, you know, that’s just like, your opinion, man.

sorry, could not resist :sunglasses:

2 Likes

An update should only update the system, not make changes that the user potentially doesn’t want.

If it did change the permissions during an update, and the user wanted different permissions then they’d have to change them every time the owning package is updated. This way they only have to change them once, if they want to.

2 Likes

I guess that’s the trouble with tribbles… :vulcan_salute:

I couldn’t resist the compulsory Star Trek reference.

3 Likes

@Tribble I’ve edited your topic title to be a little more clear about the subject. :wink:

Thanks @Nachlese for always being so helpful! I couldn’t have answered better myself. :+1:


@soundofthunder :rofl: :grinning:

  1. The package-suggested permissions are not always correct, which is unfortunately a consequence of the fact that many — if not most — of today’s packagers grew up on Microsoft Windows instead of on UNIX. An example of this is a directory that is owned root:root and has 555 permissions, which is nonsensical, because the root account bypasses all write restrictions anyway.

  2. As already explained, the package suggests the permissions, instead of forcing them. This is intentional, because the local system admin may have changed the permissions for good reasons.

  3. You’re barking up the wrong tree. Manjaro is an Arch derivative. Most of our packages are literally taken over from Arch “as is”, and Manjaro uses Arch’s libalpm package management system. Therefore, your expert objections and criticisms — yes, I am being sarcastic here — should be directed at Arch, not at the Manjaro developers.


I’ve heard that the Klingons don’t like them much… :stuck_out_tongue:

1 Like

NOT if chattr +i is set for that directory.
Also the fact that there’s the possibility to have 2 “separate” permissions, one as text user:group (they have their numeric representation) and other numeric 777 must be for a reason: you can change the owner without changing the permissions and any other combination.

It can also have implications if you mount different filesystems with no or other uid=/gid=, I’m sure there are edge cases where each setting does matter.

Windows uses are just used to be the user and admin into a single account, and do everything as root, because computers were never designed in the first place for regular people. This is why now smartphones don’t even allow you to login as root, perform downgrades, so on, and eventually will happen in Windows and MAC too.

root (or the current owner - I’m not 100% on this) can of course change that any time …

1 Like

Correct — nor if the filesystem is mounted read-only, as I am doing with several filesystems on my system — but as @Nachlese says, the root account can of course change this.

However, in the case of the directory I was referencing higher up — specifically, /etc/bluetooth — there is no immutable attribute set, nor would that be desirable. And yet the bluez package — which is developed by either IBM or Intel, I’m not sure — installs that directory with 555 permissions. It’s not even an Arch thing. :man_shrugging:

Well, it’s rather that Windows was never designed to be an operating system. It was designed as a graphical user interface for MS-DOS, a single-user, single-tasking operating system for computers without a network connection. And then later versions of Windows began working around the DOS memory limitations and the restrictions of a single-tasking environment.

Windows, and indeed also Android, and even macOS — even though that one does at least have a UNIX base — are consumerist appliances. They’re not meant to be used as computers, even though — ironically — that’s exactly what they are under the hood, and they even have far more raw computing power than those early MS-DOS and CP/M machines.

It’s an upside-down world, ruled by the illusion that life should not hold any higher value than the purchase — and ultimately, disposal — of consumable goods. Even human beings are already being regarded as disposable consumption articles nowadays — a trend which we here in Europe began adopting in the 1980s, but which already existed for much longer in the USA. It’s very sad.

But this kind of deeply philosophical considerations is actually off-topic for a technical support forum. :stuck_out_tongue: :face_with_hand_over_mouth:

4 Likes

You’d know the reason if you’d read the link I posted. The owning user/group and permissions work together to decide who can do what.

I’ll post this again because you seem to need it:

https://wiki.archlinux.org/title/File_permissions_and_attributes

That’s for windows filesystems, because they don’t have owner/group or permissions, they have to be faked.

Windows doesn’t even have root. The reason people use one account is convenience and because it seems like that’s the way it was designed. They added UAC to try to help with that.

It was designed the way it was for “regular” people, because apparently it’s too difficult to learn how to use a computer.

That’s because the companies want control. It’s their phone not yours.

Lets look forward to the day that companies control everything on all our computers. :facepalm:

Owner r/w are just there to facilitate if you use later on chattr, otherwise they are redundant and can be modified by any value (only for the root). These permissions are exactly the same and are interchangeable:
11x-xxx-xxx
10x-xxx-xxx
01x-xxx-xxx
00x-xxx-xxx

Because the owner if it’s the root will always have read and write access to things he’s owner, otherwise could lock himself out forever by removing either the read or write of his own stuff.

The only flag that applies to himself even being root unless changed is the owner execute flag, which is always enforcer even if you are root, but relies that can be changed because you can write to yourself even if the write flag is disabled:

# touch simplefile
# ./simplefile
-bash: ./simplefile: Permission denied
# ls -l simplefile
-rw-r--r--. 1 root root 0 Sep 22 10:50 simplefile

Maybe in some flavour of UNIX the root can lock himself out by removing the read or write flag.
In Android, /etc/bluetooth is 751.

The owner flags could also be used in good faith, if some root scripts check beforehand all permissions before committing changes, so even if the script is running as root, they check for all permissions for al files and directories, instead of doing the operations directly. This is like having some kind of metadata which relies on good faith to be observed.

That’s completely wrong. You can stop the owner from reading and writing, and they can still edit the permissions.

% touch /tmp/test
% chmod u-w /tmp/test
% ls -l /tmp/test                                                                                                                                                                                                              
-r--r--r-- 1 dmt dmt 0 Sep 23 12:56 /tmp/test
% echo hello > /tmp/test
zsh: permission denied: /tmp/test
% cat /tmp/test
% chmod u+w /tmp/test
% ls -l /tmp/test
-rw-r--r-- 1 dmt dmt 0 Sep 23 12:56 /tmp/test
% echo hello > /tmp/test
% cat /tmp/test
hello
2 Likes