[opensuse] root-owned files being written to user space (os 13.2)
Howdy. I am getting root-owned files written to a user directory. Why is this happening and how / where do I configure to get whatever is creating these to instead write to a root-owned space? The files are: ~/.config/YaST2/y2controlcenter-qt.conf ~/.config/YaST2/YQOnlineUpdate.conf ~/.config/YaST2/YQPackageSelector.conf ~/.config/QtProject.conf My desktop is lxde (gtk) and the 13.2 os is: 3.16.7-24-desktop #1 SMP PREEMPT Mon Aug 3 14:37:06 UTC 2015 (ec183cc) x86_64 x86_64 x86_64 GNU/Linux Thanks. Ralph -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On 2015-10-27 09:37, listreader wrote:
Howdy.
I am getting root-owned files written to a user directory. Why is this happening and how / where do I configure to get whatever is creating these to instead write to a root-owned space?
The files are:
~/.config/YaST2/y2controlcenter-qt.conf ~/.config/YaST2/YQOnlineUpdate.conf ~/.config/YaST2/YQPackageSelector.conf ~/.config/QtProject.conf
You are probably using YaST via "su". This means that files are written to your home instead of to "/root". To avoid this, use "su -", with a dash. Another possibility is some variants or configs of sudo. -- Cheers / Saludos, Carlos E. R. (from 13.1 x86_64 "Bottle" at Telcontar)
On Tue, 27 Oct 2015 14:01:45 +0100 "Carlos E. R." <robin.listas@telefonica.net> wrote:
On 2015-10-27 09:37, listreader wrote:
I am getting root-owned files written to a user directory. Why is this happening and how / where do I configure to get whatever is creating these to instead write to a root-owned space?
The files are:
~/.config/YaST2/y2controlcenter-qt.conf ~/.config/YaST2/YQOnlineUpdate.conf ~/.config/YaST2/YQPackageSelector.conf ~/.config/QtProject.conf
You are probably using YaST via "su". This means that files are written to your home instead of to "/root". To avoid this, use "su -", with a dash.
Another possibility is some variants or configs of sudo.
Hello Carlos. No, I always use 'su -' when su is needed, use sudo rarely, and most times I run yast from the gui... Ok! Running yast from the gui: System > Administration > YaST YaST Control Center opens click Online Update did nothing in Online Update, this is just a test closed Online Update ==> now I have a root-owned file ~/.config/YaST2/YQOnlineUpdate.conf close YaST Control Center ==> now I have a root-owned file ~/.config/YaST2/y2controlcenter-qt.conf So these files are coming from YaST Control Center. Where do I configure where it writes its' files to? Ralph My desktop is lxde (gtk) and the 13.2 os is: 3.16.7-24-desktop #1 SMP PREEMPT Mon Aug 3 14:37:06 UTC 2015 (ec183cc) x86_64 x86_64 x86_64 GNU/Linux -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 On 2015-10-27 19:14, listreader wrote:
On Tue, 27 Oct 2015 14:01:45 +0100 "Carlos E. R." <> wrote:
Another possibility is some variants or configs of sudo.
Hello Carlos. No, I always use 'su -' when su is needed, use sudo rarely, and most times I run yast from the gui...
which is a variant of sudo, as I said. Like gnomesu, kdesu... I don't use them. Instead, I open a terminal, do "su -", then start "yast2 &"
So these files are coming from YaST Control Center. Where do I configure where it writes its' files to?
It is not a configuration problem in YaST. The problem is the design of the tool that gets your root's pasword, then elevates your privileges. - -- Cheers / Saludos, Carlos E. R. (from 13.1 x86_64 "Bottle" (Minas Tirith)) -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.22 (GNU/Linux) iF4EAREIAAYFAlYwF0sACgkQja8UbcUWM1x64QD/QFwv5HAmQRKkQJTpsHfZeTss 9iN+k10FqPOYlE0Wh5MBAIZapvFGAQIMDJrJ2kCReiLOQ3phDv/32U5H2oe7a3lM =L5o1 -----END PGP SIGNATURE----- -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 10/27/2015 5:31 PM, Carlos E. R. wrote:
It is not a configuration problem in YaST. The problem is the design of the tool that gets your root's pasword, then elevates your privileges.
I don't know about that Carlos. I don't ever get yast detritus in my directory when I use the yast2. And I never open a terminal first, and then start yast. I just click on yast in the system menu, supply root's password, and go. Even losf as root shows my user directory as the CWD for several yast processes owned by root, those processes open no files in root. In a shell, as root: lsof |grep 'root' | grep '/home/{user}/ Its very short list of processes that simply have /home/{user} as current working directory. But no real files are opened there. What would make his system different than mine? It must be some difference in yast's setup. - -- _____________________________________ - ---This space for rent--- -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 iEYEARECAAYFAlYwQIUACgkQv7M3G5+2DLJJ5wCgj8o04nMNZWOzw98p/xGJX+5k pe0Amwftpnngai+mSnbyVWG/6jEsU6qx =96YD -----END PGP SIGNATURE----- -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On 2015-10-28 04:27, John Andersen wrote:
What would make his system different than mine? It must be some difference in yast's setup.
The difference is in the desktop you and he use. He is using lxde. Each desktop uses a different method for getting you root's privileges. YaST has nothing to do with this. It is standard behaviour for any text/gui app, depending on what environment it gets. In particular, $HOME. -- Cheers / Saludos, Carlos E. R. (from 13.1 x86_64 "Bottle" at Telcontar)
On 10/27/2015 07:14 PM, listreader wrote:
Ok! Running yast from the gui:
System > Administration > YaST YaST Control Center opens click Online Update did nothing in Online Update, this is just a test closed Online Update ==> now I have a root-owned file ~/.config/YaST2/YQOnlineUpdate.conf close YaST Control Center ==> now I have a root-owned file ~/.config/YaST2/y2controlcenter-qt.conf
So these files are coming from YaST Control Center. Where do I configure where it writes its' files to?
I'd open a bug report. This behavior looks extremely strange to me - and dangerous. What if e.g. someone would prepare these file names as links to some system files? The system most probably would be corrupted. Have a nice day, Berny -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On 2015-10-28 07:52, Bernhard Voelker wrote:
I'd open a bug report. This behavior looks extremely strange to me - and dangerous. What if e.g. someone would prepare these file names as links to some system files? The system most probably would be corrupted.
But not against YaST, it will be "wontfixed" or "invalid" immediately. Again, it is the fault of whatever you use to raise root powers, that doesn't set the environment $HOME variable. YaST is doing exactly what *you* tell it to do. -- Cheers / Saludos, Carlos E. R. (from 13.1 x86_64 "Bottle" at Telcontar)
On 10/28/2015 10:59 AM, Carlos E. R. wrote:
On 2015-10-28 07:52, Bernhard Voelker wrote:
I'd open a bug report. This behavior looks extremely strange to me - and dangerous. What if e.g. someone would prepare these file names as links to some system files? The system most probably would be corrupted.
But not against YaST, it will be "wontfixed" or "invalid" immediately. Again, it is the fault of whatever you use to raise root powers, that doesn't set the environment $HOME variable.
YaST is doing exactly what *you* tell it to do.
Maybe, but I see it a bit different: a tool run as root must be extra-extra cautious about what it does and where it writes to. It's simply a no-go to overwrite files owner by a regular user. The problem or solution may well be somewhere else, of course. However, I'd expect a YaST maintainer at least to analyze what's going wrong - maybe it's only a local issue or strange/unexpected usage. Have a nice day, Berny -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
Le 28/10/2015 15:19, Bernhard Voelker a écrit :
The problem or solution may well be somewhere else, of course.
I think an user can remove any file in his owned folder: create a test folder: jdd@linux-uegt:~> cd jdd@linux-uegt:~> mkdir test go root and create a file: jdd@linux-uegt:~> su Mot de passe : linux-uegt:/home/jdd # touch test/test.txt linux-uegt:/home/jdd # ll test/ total 0 -rw-r--r-- 1 root root 0 28 oct. 15:20 test.txt exit root: linux-uegt:/home/jdd # exit remove the file jdd@linux-uegt:~> rm test/test.txt rm : supprimer fichier vide (protégé en écriture) « test/test.txt » ? o jdd@linux-uegt:~> ll test/ total 0 did I miss something? jdd -- When will a Label sign her!!? https://www.youtube.com/watch?t=94&v=BeMk3WRh8QI -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On 10/28/2015 7:25 AM, jdd wrote:
Le 28/10/2015 15:19, Bernhard Voelker a �crit :
The problem or solution may well be somewhere else, of course.
I think an user can remove any file in his owned folder:
create a test folder:
jdd@linux-uegt:~> cd jdd@linux-uegt:~> mkdir test
go root and create a file:
jdd@linux-uegt:~> su Mot de passe : linux-uegt:/home/jdd # touch test/test.txt linux-uegt:/home/jdd # ll test/ total 0 -rw-r--r-- 1 root root 0 28 oct. 15:20 test.txt
exit root:
linux-uegt:/home/jdd # exit
remove the file
jdd@linux-uegt:~> rm test/test.txt rm : supprimer fichier vide (prot�g� en �criture) � test/test.txt � ? o jdd@linux-uegt:~> ll test/ total 0
did I miss something?
jdd
Yes, that is true for simple files. (Although it seems like it shouldn't be). It depend on the permissions of the containing directory. If root creates a subdirectory in a user's space, and then places files into it, the user can't delete the files OR the directory. -- _____________________________________ ---This space for rent--- -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On Wed, 28 Oct 2015 11:05:04 -0700 John Andersen <jsamyth@gmail.com> wrote:
On 10/28/2015 7:25 AM, jdd wrote:
I think an user can remove any file in his owned folder:
did I miss something?
Yes, that is true for simple files. (Although it seems like it shouldn't be).
It depend on the permissions of the containing directory. If root creates a subdirectory in a user's space, and then places files into it, the user can't delete the files OR the directory.
Yes, the subdirectory created here in ~/.config is also owned by root. drwxr-xr-x 2 root root 37 Oct 28 13:49 YaST2 Ralph -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On Wed, 28 Oct 2015 14:05:45 -0500 listreader <suselist@cableone.net> wrote:
On Wed, 28 Oct 2015 11:05:04 -0700 John Andersen <jsamyth@gmail.com> wrote:
On 10/28/2015 7:25 AM, jdd wrote:
I think an user can remove any file in his owned folder:
did I miss something?
Yes, that is true for simple files. (Although it seems like it shouldn't be).
It depend on the permissions of the containing directory. If root creates a subdirectory in a user's space, and then places files into it, the user can't delete the files OR the directory.
Yes, the subdirectory created here in ~/.config is also owned by root.
drwxr-xr-x 2 root root 37 Oct 28 13:49 YaST2
Interestingly, though, I just noticed that if the user first creates a ~/.config/YaST2 subdirectory himself, the root-owned files will be placed in that pre-existing subdirectory. The files will still be owned by root but the subdirectory's properties won't be changed, the subdirectory will still be owned by the user (and thus it and the enclosed files could be manually deleted by the user as jdd suggested) drwx------ 2 userxx users 64 Oct 28 14:18 YaST2 -rw------- 1 root root 136 Oct 28 14:18 y2controlcenter-qt.conf -rw------- 1 root root 357 Oct 28 14:18 YQOnlineUpdate.conf Seems to be a poorly thought-out arrangement... Ralph -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On 2015-10-28 20:40, listreader wrote:
Seems to be a poorly thought-out arrangement...
You are looking at it the wrong way. The "fault" is that you are using "gnomesu" or equivalent to access YaST. It is the tool that asks for your root's password (not YaST). You can find out what tool is it by clicking on the yast entry, wait for the password to appear, then in a terminal run "ps afx | less". The entry will probably be the last one. This tool is not telling YaST to use /root directory as home, simple as that. It is designed that way, it is not an error. It is intentional. Other tools may do differently. If you don't like that behaviour, use a different tool to gain root access. Like I said, I use "su -". There are others: xdg-su, kdesu... -- Cheers / Saludos, Carlos E. R. (from 13.1 x86_64 "Bottle" at Telcontar)
On Wed, 28 Oct 2015 21:46:23 +0100 "Carlos E. R." <robin.listas@telefonica.net> wrote:
On 2015-10-28 20:40, listreader wrote:
Seems to be a poorly thought-out arrangement...
You are looking at it the wrong way.
The "fault" is that you are using "gnomesu" or equivalent to access YaST. It is the tool that asks for your root's password (not YaST).
You can find out what tool is it by clicking on the yast entry, wait for the password to appear, then in a terminal run "ps afx | less". The entry will probably be the last one.
This tool is not telling YaST to use /root directory as home, simple as that. It is designed that way, it is not an error. It is intentional. Other tools may do differently.
If you don't like that behaviour, use a different tool to gain root access. Like I said, I use "su -".
There are others: xdg-su, kdesu...
I think what you call this 'tool' setup is exactly what shipped with 13.2, I don't think I've changed it from what is normal openSuSe lxde. ps afx 9365 ? S 0:00 /bin/sh /usr/bin/xdg-su -c /sbin/yast2 9368 ? Sl 0:00 \_ /usr/bin/gnomesu -c /sbin/yast2 9370 ? S 0:00 \_ /usr/lib/libgnomesu/gnomesu-pam-backend 11 10 root /sbin/yast2 -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On 10/28/2015 2:49 PM, listreader wrote:
On Wed, 28 Oct 2015 21:46:23 +0100 "Carlos E. R." <robin.listas@telefonica.net> wrote:
On 2015-10-28 20:40, listreader wrote:
Seems to be a poorly thought-out arrangement...
You are looking at it the wrong way.
The "fault" is that you are using "gnomesu" or equivalent to access YaST. It is the tool that asks for your root's password (not YaST).
You can find out what tool is it by clicking on the yast entry, wait for the password to appear, then in a terminal run "ps afx | less". The entry will probably be the last one.
This tool is not telling YaST to use /root directory as home, simple as that. It is designed that way, it is not an error. It is intentional. Other tools may do differently.
If you don't like that behaviour, use a different tool to gain root access. Like I said, I use "su -".
There are others: xdg-su, kdesu...
I think what you call this 'tool' setup is exactly what shipped with 13.2, I don't think I've changed it from what is normal openSuSe lxde.
ps afx
9365 ? S 0:00 /bin/sh /usr/bin/xdg-su -c /sbin/yast2 9368 ? Sl 0:00 \_ /usr/bin/gnomesu -c /sbin/yast2 9370 ? S 0:00 \_ /usr/lib/libgnomesu/gnomesu-pam-backend 11 10 root /sbin/yast2
I think you should submit a bug report regardless of what Carlos says. You shouldn't have to identify which part of the system is failing, just the desktop you've chosen. Let those guys sort it out. -- _____________________________________ ---This space for rent--- -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On 2015-10-28 22:49, listreader wrote:
On Wed, 28 Oct 2015 21:46:23 +0100 "Carlos E. R." <> wrote:
I think what you call this 'tool' setup is exactly what shipped with 13.2, I don't think I've changed it from what is normal openSuSe lxde.
I know you have not changed it. It is working as intended, thus a bug report will be ignored. But try if you wish. What you have to tell them is to use something different from gnomesu by default. -- Cheers / Saludos, Carlos E. R. (from 13.1 x86_64 "Bottle" at Telcontar)
Le 28/10/2015 19:05, John Andersen a écrit :
If root creates a subdirectory in a user's space, and then places files into it, the user can't delete the files OR the directory.
yes? can't delete the file because he don't own the folder and the folder because it's not empty :-( jdd -- When will a Label sign her!!? https://www.youtube.com/watch?t=94&v=BeMk3WRh8QI -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On 2015-10-28 20:21, jdd wrote:
Le 28/10/2015 19:05, John Andersen a écrit :
If root creates a subdirectory in a user's space, and then places files into it, the user can't delete the files OR the directory.
yes? can't delete the file because he don't own the folder and the folder because it's not empty :-(
Rather be he has no write permission on the folder (g+ or o+). If the file is on a user owned directory, then he can delete it. -- Cheers / Saludos, Carlos E. R. (from 13.1 x86_64 "Bottle" at Telcontar)
On 2015-10-28 15:19, Bernhard Voelker wrote:
On 10/28/2015 10:59 AM, Carlos E. R. wrote:
Maybe, but I see it a bit different: a tool run as root must be extra-extra cautious about what it does and where it writes to. It's simply a no-go to overwrite files owner by a regular user. The problem or solution may well be somewhere else, of course.
However, I'd expect a YaST maintainer at least to analyze what's going wrong - maybe it's only a local issue or strange/unexpected usage.
They don't need to analyze anything. This is known, documented, and working as intended. It is standard unix/linux behaviour. Again, *you* are telling YaST to write everything under /home/user/ directory. YaST does nothing but obey your orders. -- Cheers / Saludos, Carlos E. R. (from 13.1 x86_64 "Bottle" at Telcontar)
participants (5)
-
Bernhard Voelker -
Carlos E. R. -
jdd -
John Andersen -
listreader