Warning: directory permissions differ on /etc/libvirt/secrets/

Scotty_Trees · April 2, 2022, 8:41pm

Greetings lovely community,

Anyone else get the following warning from today’s update?

warning: directory permissions differ on /etc/libvirt/secrets/
filesystem: 755 package: 700

I’m inclined to leave it alone (at least for the time being). Maybe it’s just a bug and an update for the package will fix it, but I’m not 100% certain so I’ve come here.

And here’s my full update log from today for reference:

[scott@endeavourOS ~]$ yay
[sudo] password for scott: 
:: Synchronizing package databases...
 core is up to date
 extra                1690.2 KiB  1537 KiB/s 00:01 [-----------------------] 100%
 community               6.5 MiB  1624 KiB/s 00:04 [-----------------------] 100%
 multilib is up to date
 endeavouros is up to date
:: Searching databases for updates...
:: Searching AUR for updates...
:: Checking development packages...
 -> Flagged Out Of Date AUR Packages:  gwe  minecraft-launcher
:: 8 Packages to upgrade.
8  extra/clutter              1.26.4-1               -> 1.26.4-2
7  extra/clutter-gtk          1.8.4-2                -> 1.8.4-3
6  extra/cogl                 1.22.8-1               -> 1.22.8-2
5  extra/gnome-color-manager  3.36.0+r24+ge7eb7b53-1 -> 3.36.0+r25+g4aab8b59-1
4  extra/libchamplain         0.12.20-2              -> 0.12.20-3
3  extra/libgnomekbd          3.26.1+2+g8d02ebd-2    -> 1:3.26.1+r5+g54da436-1
2  community/libvirt          1:8.2.0-1              -> 1:8.2.0-2
1  community/libxmlb          0.3.7-1                -> 0.3.8-1
==> Packages to exclude: (eg: "1 2 3", "1-3", "^4" or repo name)
==> 
:: Starting full system upgrade...
resolving dependencies...
looking for conflicting packages...

warning: insufficient columns available for table display
Packages (8) clutter-1.26.4-2  clutter-gtk-1.8.4-3  cogl-1.22.8-2
             gnome-color-manager-3.36.0+r25+g4aab8b59-1  libchamplain-0.12.20-3
             libgnomekbd-1:3.26.1+r5+g54da436-1  libvirt-1:8.2.0-2
             libxmlb-0.3.8-1

Total Download Size:   12.02 MiB
Total Installed Size:  72.37 MiB
Net Upgrade Size:       0.38 MiB

:: Proceed with installation? [Y/n] 
:: Retrieving packages...
 clutter-gtk-1.8....    48.9 KiB   119 KiB/s 00:00 [-----------------------] 100%
 libgnomekbd-1:3....   128.7 KiB   165 KiB/s 00:01 [-----------------------] 100%
 libxmlb-0.3.8-1-...   145.2 KiB   185 KiB/s 00:01 [-----------------------] 100%
 libchamplain-0.1...   215.3 KiB   266 KiB/s 00:01 [-----------------------] 100%
 cogl-1.22.8-2-x86_64  829.9 KiB   459 KiB/s 00:02 [-----------------------] 100%
 gnome-color-mana...  1063.6 KiB   514 KiB/s 00:02 [-----------------------] 100%
 clutter-1.26.4-2...  1923.7 KiB   476 KiB/s 00:04 [-----------------------] 100%
 libvirt-1:8.2.0-...     7.8 MiB  1156 KiB/s 00:07 [-----------------------] 100%
 Total (8/8)            12.0 MiB  1780 KiB/s 00:07 [-----------------------] 100%
(8/8) checking keys in keyring                     [-----------------------] 100%
(8/8) checking package integrity                   [-----------------------] 100%
(8/8) loading package files                        [-----------------------] 100%
(8/8) checking for file conflicts                  [-----------------------] 100%
(8/8) checking available disk space                [-----------------------] 100%
:: Processing package changes...
(1/8) upgrading cogl                               [-----------------------] 100%
(2/8) upgrading clutter                            [-----------------------] 100%
(3/8) upgrading clutter-gtk                        [-----------------------] 100%
(4/8) upgrading gnome-color-manager                [-----------------------] 100%
(5/8) upgrading libchamplain                       [-----------------------] 100%
(6/8) upgrading libgnomekbd                        [-----------------------] 100%
(7/8) upgrading libvirt                            [-----------------------] 100%
warning: directory permissions differ on /etc/libvirt/secrets/
filesystem: 755  package: 700
(8/8) upgrading libxmlb                            [-----------------------] 100%
:: Running post-transaction hooks...
(1/9) Creating system user accounts...
(2/9) Reloading system manager configuration...
(3/9) Applying kernel sysctl settings...
(4/9) Creating temporary files...
(5/9) Arming ConditionNeedsUpdate...
(6/9) Compiling GSettings XML schema files...
(7/9) Updating icon theme caches...
(8/9) Checking which packages need to be rebuilt
(9/9) Updating the desktop file MIME type cache...
[scott@endeavourOS ~]$

MrToddarama · April 2, 2022, 9:02pm

Technically, you should change the permission to align with the package. If it were me, I’d make the change to the 700 permissions, basically taking away read rights from group and world. The libvirt secrets would only affect your virtual machines, and if you run into any problems it’s easy enough to change that permissions back to 755.

You can leave it as is if you aren’t worried about hackers using the contents of /etc/libvirt/secrets/ as a backdoor to gain access to your VMs to steal all of your bitcoin

dalto · April 2, 2022, 9:03pm

I am not sure what exactly is in that because I am not in front of my machine but it seems like a directory called “secrets” shouldn’t be world readable.

jonathon · April 2, 2022, 9:13pm

Packaged directory permissions will change from time-to-time; unless you know otherwise it’s always a good idea to match the packaged permissions - there’s a reason the packager set those permission values.

https://forum.endeavouros.com/search?q=permissions%20differ

(Apart from when they change them and then change them back with the next package update… )

ExDebianuser · April 2, 2022, 11:49pm

Yep—that is what I just did /secrets is now at 700 permissions…So, let’s see how long it takes to go back to 755…

manuel · April 3, 2022, 10:27am

These potentially important warnings are a great example of things you do not see when updating with the pamac GUI.

Scotty_Trees · April 3, 2022, 4:03pm

So is the solution to run?

sudo chmod 700 /etc/libvirt/secrets/

AND/OR maybe any of these too?

sudo chmod go-rw /etc/libvirt/secrets/

sudo chmod g-w /etc/libvirt/secrets/

This is only my second time or so dealing with these, so not yet familiar with the whole process since it doesn’t happen very often. Thanks again for any help

dalto · April 3, 2022, 4:09pm

That would work

No, I think you would want

sudo chmod go-wrx /etc/libvirt/secrets

or

sudo chmod go-rx /etc/libvirt/secrets

Scotty_Trees · April 3, 2022, 4:27pm

Thanks for the quick reply. So do I need to do two of those commands to correct the warning message or will just the first command you mentioned be enough for the job?

dalto · April 3, 2022, 4:28pm

Any of the 3 commands should work. You only need one of them.

Scotty_Trees · April 3, 2022, 4:37pm

This one makes the most sense to me for some reason, so I’ll go with this one then. Thanks again for the help on these little issues and hope ya have a good rest of your weekend, thank you

pebcak · April 3, 2022, 8:22pm

In my system /etc/libvirt/secrets had the right permissions (700) already. But I got:

warning: directory permissions differ on /var/lib/libvirt/images/
filesystem: 711  package: 755

jonathon · April 3, 2022, 9:21pm

Something to update then.

system · April 5, 2022, 9:22pm

This topic was automatically closed 2 days after the last reply. New replies are no longer allowed.