[Aptitude-devel] Bug#806595: aptitude: Changelog download throws warning: "W: Can't drop privileges for downloading as file '/tmp/aptitude-root.15442:qGi6mn/aptitudeDownload6J+8J:+PsVGmTNm^.^::Lz:%.Hi55VKA' couldn't be accessed by user '_apt'. - pkgAcquire::Run (13: Permission denied)"

[Manuel A. Fernandez Montecelo]

Hi,

2015-11-29 13:29 Axel Beckert:
>Package: aptitude
>Version: 0.7.4-2
>
>Hi,
>
>on the commandline as well in the TUI, aptitude throws a warning when
>trying to download and display a changelog as root as well as user:
>
>As root:
>
># aptitude changelog apt > /dev/null
>W: Can't drop privileges for downloading as file '/tmp/aptitude-root.15442:qGi6mn/aptitudeDownload6J+8J:+PsVGmTNm^.^::Lz:%.Hi55VKA' couldn't be accessed by user '_apt'. - pkgAcquire::Run (13: Permission denied)
>#

That's because libapt attempts to drop privileges and perform operations
as "_apt" user, but since the directory is owned by root, it cannot drop
them (otherwise it would fail to write) and emits the warning.

So

>As user:
>
>% aptitude changelog apt > /dev/null
>W: chmod 0700 of directory /var/lib/apt/lists/partial failed - SetupAPTPartialDirectory (1: Operation not permitted)
>W: chmod 0700 of directory /var/cache/apt/archives/partial failed - SetupAPTPartialDirectory (1: Operation not permitted)

I suppose that as normal user, libapt doesn't do the check mentioned
above (perhaps because uid!=root and assumes that it's "_apt").

In my system, both dirs' permissions are 700 and owned by _apt:root, it
doesn't emit any error and changelog works fine, no warnings.


>It is though able to display the changelog in all cases I tested.

Yes, specially in the case of root it shouldn't stop from actually
showing the changelog.  It's just a warning that will not drop the
privileges, to avoid failing with the operation.


Cheers.
-- 
Manuel A. Fernandez Montecelo <manuel.montezelo at gmail.com>