[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
bug#36508: GDM files have incorrect owner after temporarily removing ser
|
From: |
Mark H Weaver |
|
Subject: |
bug#36508: GDM files have incorrect owner after temporarily removing service |
|
Date: |
Tue, 13 Apr 2021 16:51:35 -0400 |
Hi Brendan,
Brendan Tildesley via Bug reports for GNU Guix <bug-guix@gnu.org>
writes:
> I recently encountered what is likely the same bug. The directory /var/lib/gdm
> had the correct permissions gdm:gdm, but all the files inside had something
> like
> 973:gdm
The underlying problem here, which I've also experienced, is that if you
reconfigure your system with fewer users/groups, and then later add
those users/groups back, there is no guarantee that they will be
assigned the same UIDs and GIDs.
This problem is made much worse by the fact that files may be left
around, e.g. in /var, with the old UIDs and GIDs.
In your case, I guess that the 'gdm' user was previously assigned UID
973, but now it has been given a different UID.
In my case, after reconfiguring to a minimal system and later switching
back to a full GNOME-based desktop system, I found that many files and
directories in /var had the wrong owner or group. Here's what I saw
before I cleaned things up:
--8<---------------cut here---------------start------------->8---
root@jojen ~# ls -l /var/lib/
total 4
drwxr-xr-x 1 colord colord 40 Mar 28 2017 colord
drwx------ 1 995 978 56 Sep 3 02:10 gdm
drwx------ 1 root root 30400 Dec 25 01:55 NetworkManager
-rw------- 1 root root 512 Dec 25 01:35 random-seed
drwxr-xr-x 1 colord colord 164 Dec 28 2017 sddm
drwx------ 1 tor tor 178 Dec 19 21:28 tor
drwx------ 1 root root 20 Sep 5 01:32 udisks2
drwxr-xr-x 1 root root 274 Dec 25 01:55 upower
drwxr-xr-x 1 root root 86 Mar 28 2017 wicd
root@jojen ~# ls -la /var/lib/gdm/
total 4
drwx------ 1 995 978 56 Sep 3 02:10 .
drwxr-xr-x 1 root root 750 Dec 25 01:59 ..
drwxr-xr-x 1 994 colord 64 Sep 3 02:10 .cache
drwx------ 1 994 colord 54 Sep 3 02:10 .config
-rw------- 1 994 colord 16 Sep 3 02:10 .esd_auth
drwxr-xr-x 1 994 colord 10 Sep 3 02:10 .local
root@jojen ~#
--8<---------------cut here---------------end--------------->8---
Given the fact that existing files and directories in /var can
*effectively* have their ownership changed, I think that this issue
could be a security risk.
There's some discussion of this issue at <https://bugs.gnu.org/44944>,
although I'm not sure that Danny's suggested solution is practical.
Here's one idea: when activating a system, *never* delete users or
groups if files still exist that are owned by those users/groups.
Checking all filesystems would likely be too expensive, but perhaps it
would be sufficient to check certain directories such as /var, /etc, and
possibly the top directory of /home.
What do you think?
Mark
- bug#36508: GDM files have incorrect owner after temporarily removing service, Brendan Tildesley, 2021/04/13
- bug#36508: GDM files have incorrect owner after temporarily removing service,
Mark H Weaver <=
- bug#36508: GDM files have incorrect owner after temporarily removing service, Brendan Tildesley, 2021/04/14
- bug#36508: GDM files have incorrect owner after temporarily removing service, Ludovic Courtès, 2021/04/14
- bug#36508: GDM files have incorrect owner after temporarily removing service, Mark H Weaver, 2021/04/15
- bug#36508: GDM files have incorrect owner after temporarily removing service, Ludovic Courtès, 2021/04/15
- bug#36508: GDM files have incorrect owner after temporarily removing service, Mark H Weaver, 2021/04/15
- bug#36508: GDM files have incorrect owner after temporarily removing service, Ludovic Courtès, 2021/04/16
- bug#36508: GDM files have incorrect owner after temporarily removing service, Mark H Weaver, 2021/04/17