/usr ownership issues
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
Linux Mint |
New
|
Undecided
|
Unassigned |
Bug Description
I have a recently installed Mint 12 32-bit, and I got surprised while installing openssh-server package, which complained with the following:
WARN: uid is 0 but '/usr' is owned by 501
WARN: /usr is group writable!
Checking it carefully:
bruno@dynabook-
total 84K
drwxr-xr-x 2 root root 4.0K 2011-12-07 00:17 bin
drwxr-xr-x 3 root root 4.0K 2011-12-07 09:39 boot
drwxr-xr-x 15 root root 4.1K 2012-02-08 19:51 dev
drwxr-xr-x 148 root root 12K 2012-02-08 21:17 etc
drwxr-xr-x 3 root root 4.0K 2011-12-06 23:31 home
lrwxrwxrwx 1 root root 32 2011-12-06 23:33 initrd.img -> boot/initrd.
drwxr-xr-x 19 root root 4.0K 2011-12-07 00:21 lib
drwx------ 2 root root 16K 2011-12-06 23:25 lost+found
drwxr-xr-x 2 root root 4.0K 2012-02-01 22:59 media
drwxr-xr-x 2 root root 4.0K 2011-10-09 17:29 mnt
drwxr-xr-x 4 root root 4.0K 2012-02-08 20:21 opt
dr-xr-xr-x 159 root root 0 2012-02-08 19:51 proc
drwx------ 7 root root 4.0K 2011-12-11 17:49 root
drwxr-xr-x 23 root root 840 2012-02-08 21:17 run
drwxr-xr-x 2 root root 4.0K 2011-12-07 00:21 sbin
drwxr-xr-x 2 root root 4.0K 2011-06-22 04:43 selinux
drwxr-xr-x 2 root root 4.0K 2011-10-13 00:27 srv
drwxr-xr-x 12 root root 0 2012-02-08 19:51 sys
drwxrwxrwt 17 root root 4.0K 2012-02-08 21:17 tmp
drwxrwxr-x 10 501 501 4.0K 2011-11-01 17:58 usr
drwxr-xr-x 13 root root 4.0K 2012-02-06 08:09 var
lrwxrwxrwx 1 root root 29 2011-12-06 23:33 vmlinuz -> boot/vmlinuz-
bruno@dynabook-
total 156K
drwxrwxr-x 2 501 501 44K 2012-02-08 21:17 bin
drwxr-xr-x 2 root root 4.0K 2011-12-28 10:20 games
drwxr-xr-x 49 root root 4.0K 2011-12-06 23:53 include
drwxrwxr-x 233 501 501 68K 2012-02-08 21:17 lib
drwxr-xr-x 10 root root 4.0K 2011-10-13 00:27 local
drwxr-xr-x 2 root root 12K 2012-02-08 21:17 sbin
drwxrwxr-x 315 501 501 12K 2012-02-08 20:50 share
drwxr-xr-x 5 root root 4.0K 2011-11-02 00:40 src
It is really weird that, not only it is group writable, but also the user 501 does not even exist in the system:
bruno@dynabook-
root:x:
daemon:
bin:x:2:
sys:x:3:
sync:x:
games:x:
man:x:6:
lp:x:7:7:lp:/var/spool/lpd:/bin/sh
mail:x:
news:x:
uucp:x:
proxy:x:
www-data:
backup:
list:x:
irc:x:39:
gnats:x:41:41:Gnats Bug-Reporting System (admin)
nobody:
libuuid:
syslog:
colord:
messagebus:
lightdm:
avahi-autoipd:
avahi:x:
usbmux:
kernoops:
pulse:x:
rtkit:x:
speech-
hplip:x:112:7:HPLIP system user,,,
saned:x:
bruno:x:
mysql:x:
sshd:x:
I hope this did not come from another package installer that I have executed, but if it is reproduced in other machines, it might be something to look at, as it imposes a possible security risk.
Additional details:
bruno@dynabook-
Linux dynabook-laptop 3.0.0-12-generic #20-Ubuntu SMP Fri Oct 7 14:50:42 UTC 2011 i686 i686 i386 GNU/Linux
Update: VirtualBox does not allow to run virtual machines if the /usr/* does not belong to root, for security reasons.
I had to manually fix this with the command:
find / -group 501 -exec chown root:root {} \; 2>/dev/null