[Aptitude-devel] Bug#806595: aptitude: Changelog download throws warning: "W: Can't drop privileges for downloading as file =?UTF-8?Q?=E2=80=A6?="

Ben Finney ben+debian at benfinney.id.au
Thu Feb 11 22:21:30 UTC 2016 

Control: found -1 aptitude/0.7.5-3
Control: retitle -1 aptitude: Changelog download throws warning: "W: Can't drop privileges for downloading as file …"

On 05-Dec-2015, Manuel A. Fernandez Montecelo wrote:

> That's because libapt attempts to drop privileges and perform
> operations as "_apt" user, but since the directory is owned by root,
> it cannot drop them (otherwise it would fail to write) and emits the
> warning.

That seems to imply that one solution is to set the ownership of the
temporary directory to “_apt:root”. Yes?

=====
$ sudo aptitude changelog apt > /dev/null
W: Can't drop privileges for downloading as file '/tmp/aptitude-root.1524:QANJmE/aptitudeDownload6J+8J:+PsVGmTNm^.^::Lz:%.Hi55VKA' couldn't be accessed by user '_apt'. - pkgAcquire::Run (13: Permission denied)
=====

> >% aptitude changelog apt > /dev/null
> >W: chmod 0700 of directory /var/lib/apt/lists/partial failed - SetupAPTPartialDirectory (1: Operation not permitted)
> >W: chmod 0700 of directory /var/cache/apt/archives/partial failed - SetupAPTPartialDirectory (1: Operation not permitted)
> 
> I suppose that as normal user, libapt doesn't do the check mentioned
> above (perhaps because uid!=root and assumes that it's "_apt").
> 
> In my system, both dirs' permissions are 700 and owned by _apt:root, it
> doesn't emit any error and changelog works fine, no warnings.

On this system, both directories are permissions 700 and owned by
“_apt:root”, just as you describe. Yet on this system the warnings occur:

=====
$ ls -ld /var/lib/apt/lists/partial/ /var/cache/apt/archives/partial/
drwx------ 2 _apt root 20480 Feb 12 09:07 /var/cache/apt/archives/partial/
drwx------ 2 _apt root 12288 Feb 12 08:55 /var/lib/apt/lists/partial/

$ aptitude changelog apt > /dev/null
W: chmod 0700 of directory /var/lib/apt/lists/partial failed - SetupAPTPartialDirectory (1: Operation not permitted)
W: chmod 0700 of directory /var/cache/apt/archives/partial failed - SetupAPTPartialDirectory (1: Operation not permitted)
=====

There must be some extra difference, more than the ownership or
permission of those directories.

-- 
 \       “As far as the laws of mathematics refer to reality, they are |
  `\    not certain, and as far as they are certain, they do not refer |
_o__)                              to reality.” —Albert Einstein, 1983 |
Ben Finney <ben at benfinney.id.au>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: not available
URL: <http://lists.alioth.debian.org/pipermail/aptitude-devel/attachments/20160212/e323619f/attachment.sig>

More information about the Aptitude-devel mailing list