Results 1 to 6 of 6

Thread: updatedb - incorrect permissions on /var/lib/mlocate after zypper dup

  1. #1

    Default updatedb - incorrect permissions on /var/lib/mlocate after zypper dup

    HI

    If you try to run

    sudo updatedb you get the following response:

    Code:
    updatedb: can not open a temporary file for `/var/lib/mlocate/mlocate.db'
    Looking at the folder it's owned by nobody root (or the other way round)

    There is a temporary fix - until the next reboot where it gets reset


    Code:
    sudo chown root: /var/lib/mlocate

    I think this happened at the DUP to 20180613


    As I say, I have a workaround - haven't really looked at fixing it

    i see that /etc/sysconfig/locate has

    Code:
    RUN_UPDATEDB_AS=nobody
    Does that change the ownership of the folder?

    I note the timestamp on that file is approx the time I was running a zypper dup by the way...


    regards

  2. #2
    Join Date
    Jun 2008
    Location
    Groningen, Netherlands
    Posts
    20,037
    Blog Entries
    14

    Default Re: updatedb - incorrect permissions on /var/lib/mlocate after zypper dup

    Quote Originally Posted by iDominic42 View Post
    HI

    If you try to run

    sudo updatedb you get the following response:

    Code:
    updatedb: can not open a temporary file for `/var/lib/mlocate/mlocate.db'
    Looking at the folder it's owned by nobody root (or the other way round)

    There is a temporary fix - until the next reboot where it gets reset


    Code:
    sudo chown root: /var/lib/mlocate

    I think this happened at the DUP to 20180613


    As I say, I have a workaround - haven't really looked at fixing it

    i see that /etc/sysconfig/locate has

    Code:
    RUN_UPDATEDB_AS=nobody
    Does that change the ownership of the folder?

    I note the timestamp on that file is approx the time I was running a zypper dup by the way...


    regards
    I see the same thing. I don't chown it, but run
    Code:
    su
    sudo -u nobody updatedb
    It has been reported on the mailing lists and in bugzilla.
    ° Appreciate my reply? Click the star and let me know why.

    ° Perfection is not gonna happen. No way.

    https://en.opensuse.org/openSUSE:Board#Members
    http://en.opensuse.org/User:Knurpht
    http://nl.opensuse.org/Gebruiker:Knurpht

  3. #3

    Default Re: updatedb - incorrect permissions on /var/lib/mlocate after zypper dup

    Quote Originally Posted by Knurpht View Post
    I see the same thing. I don't chown it, but run
    Code:
    su
    sudo -u nobody updatedb
    It has been reported on the mailing lists and in bugzilla.
    Ah, OK.

    That's two workarounds.

    I note that changing the line in

    Code:
    /etc/sysconfig/locate
    to

    Code:
    RUN_UPDATEDB_AS=root
    persists the folder ownership as root:root over a reboot

    However, I wonder if there was a specific reason for having it owned by nobody:root?

  4. #4
    Join Date
    Jun 2008
    Location
    Groningen, Netherlands
    Posts
    20,037
    Blog Entries
    14

    Default Re: updatedb - incorrect permissions on /var/lib/mlocate after zypper dup

    Quote Originally Posted by iDominic42 View Post
    Ah, OK.

    That's two workarounds.

    I note that changing the line in

    Code:
    /etc/sysconfig/locate
    to

    Code:
    RUN_UPDATEDB_AS=root
    persists the folder ownership as root:root over a reboot

    However, I wonder if there was a specific reason for having it owned by nobody:root?
    No idea, it's even nobody:nobody.
    ° Appreciate my reply? Click the star and let me know why.

    ° Perfection is not gonna happen. No way.

    https://en.opensuse.org/openSUSE:Board#Members
    http://en.opensuse.org/User:Knurpht
    http://nl.opensuse.org/Gebruiker:Knurpht

  5. #5
    Join Date
    Aug 2010
    Location
    Chicago suburbs
    Posts
    12,873
    Blog Entries
    3

    Default Re: updatedb - incorrect permissions on /var/lib/mlocate after zypper dup

    Quote Originally Posted by iDominic42 View Post
    However, I wonder if there was a specific reason for having it owned by nobody:root?
    Yes, probably.

    I expect that it is so that it only looks at files that are readable by everyone. You really would not want it adding user passwords (and similar) into its database.
    openSUSE Leap 15.1; KDE Plasma 5;
    testing Leap 15.2Alpha

  6. #6
    Join Date
    Oct 2008
    Location
    Glasgow, Scotland
    Posts
    1,151

    Default Re: updatedb - incorrect permissions on /var/lib/mlocate after zypper dup

    Updatedb runs as “nobody:nobody” for similar reasons to apache2 running as “wwwrun:wwwrun” etc. It is intended to enable an unprivileged process to access the data files without the risk of privilege escalation via suid tactics.

    There is a daily cron job that runs updatedb as nobody. The time of day is set in sysconfig -- the default is 15 minutes after the last boot.

    The updatedb database is an index of file-paths, not file contents. Therfore non-admins do not have read or write access to /etc/shadow, etc.
    ~Thank you for sharing an interesting problem.
    --
    slàinte mhath,
    rayH

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •