Incorrect directory permissions on /root/ in package manjaro-zsh-config

Manjaro Development Packaging
1

On Arch Linux, /root has permissions 750. Your package manjaro-zsh-config sets it to 755. Please fix the permissions in manjaro-zsh-config to match. I believe it is a security risk for non-root users to be able to view the contents of /root.

3 Likes
2

It is, yes. For good measure, /root should actually be 700.

1 Like
3

And can you without entering the password as admin?
The message you get is:
permissions differ on /root/ filesystem: 750 package: 755
Chmod it if you want.

Mentioned here:

and here

@Chrysostomus - maybe there is a way to avoid all this, so people don’t panic … :slight_smile:

2 Likes
4

Have set the permission in PKGBUILD to 750, but package must be rebuilt if @Chrysostomus finds useful

5

Permission will be fixed in next version

1 Like
6

Now in Unstable

1 Like
7

Even though an Arch system has permissions rx - which I find odd - it is not possible to read any content even you know it exist - in this case .zshrc.

/srv/http >>> ls -l /
....
drwxr-x---  17 root root  4096 Jan 16 17:02 root
....

Even if .zshrc is actually readable - you will still get permission error if you try to read it

/srv/http >>> sudo ls -la /root
....
-rw-r--r--  1 root root  256 Sep 19 20:58 .zshrc
....

/srv/http >>> cat /root/.zshrc                                                 
cat: /root/.zshrc: Permission denied
2 Likes
8

It’s not easy to troubleshoot this thing, for now ignor the warning and leave /root/ at 750.

9

The root folder in the pkg directory is created with 755, to fix the warning simply chmod it in the PKGBUILD file…

chmod 750 ${pkgdir}/root
PKGBUILD 
# Maintainer: Chrysostomus @forum.manjaro.org
# Developer: pheiduck @forum.manjaro.org

pkgname=manjaro-zsh-config
pkgver=0.20
pkgrel=3
pkgdesc="Zsh configuration for manjaro"
arch=(any)
url="https://github.com/Chrysostomus/$pkgname"
_gitcommit=e19c7c5e902a3085f918fb1fc6d0c1fd43c559c8
license=('MIT')
conflicts=('grml-zsh-config')
depends=('zsh-autosuggestions'
	'zsh-syntax-highlighting'
	'zsh-completions'
	'zsh-history-substring-search'
	'zsh'
	'pkgfile'
	'nerd-fonts-noto-sans-mono'
	'zsh-theme-powerlevel10k')
source=("$pkgname.tar.gz::$url/archive/$_gitcommit.tar.gz")
install=manjaro-zsh-config.install
sha256sums=('c0818e1a95a5462e5f0b17b1455ccb009c40dd78acd285149a983df2c1b4a377')
backup=(root/.zshrc)

package() {
	cd ${srcdir}
	install -D -m644 $srcdir/$pkgname-$_gitcommit/.zshrc ${pkgdir}/etc/skel/.zshrc
	install -D -m644 $srcdir/$pkgname-$_gitcommit/manjaro-zsh-config ${pkgdir}/usr/share/zsh/manjaro-zsh-config
	install -D -m644 $srcdir/$pkgname-$_gitcommit/manjaro-zsh-prompt ${pkgdir}/usr/share/zsh/manjaro-zsh-prompt
	install -D -m644 $srcdir/$pkgname-$_gitcommit/zsh-maia-prompt ${pkgdir}/usr/share/zsh/zsh-maia-prompt
	install -D -m644 $srcdir/$pkgname-$_gitcommit/p10k.zsh ${pkgdir}/usr/share/zsh/p10k.zsh
	install -D -m644 $srcdir/$pkgname-$_gitcommit/command-not-found.zsh ${pkgdir}/usr/share/zsh/functions/command-not-found.zsh
	install -D -m640 $srcdir/$pkgname-$_gitcommit/rootzshrc ${pkgdir}/root/.zshrc
	chmod 750 ${pkgdir}/root
	mkdir -p $pkgdir/usr/share/zsh/scripts
	cp -r $srcdir/$pkgname-$_gitcommit/base16-shell $pkgdir/usr/share/zsh/scripts
	chmod a+x $pkgdir/usr/share/zsh/scripts/base16-shell/*
}

Actually it doesn’t. It just spits out a warning that the permissions in the package are different than on the file-system, but it will not amend then on the file-system. They stay at 750…

2 Likes
10

Yep, is the right way thanks @moson :slight_smile:

11

now in master on gitlab, so we have to wait until @Chrysostomus built and upload it to unstable

2 Likes