strange file permissions in system directories

[BV206]

MX 23.6 Xfce August snapshot QSI

Code: Select all

Snapshot created on: 20250815_1122
System:
  Kernel: 6.1.0-38-amd64 [6.1.147-1] arch: x86_64 bits: 64 compiler: gcc v: 12.2.0
    parameters: quiet splasht nosplash
  Desktop: Xfce v: 4.20.0 tk: Gtk v: 3.24.38 info: xfce4-panel wm: xfwm v: 4.20.0 vt: 7
    dm: LightDM v: 1.32.0 Distro: MX-23.6_x64 Libretto April 13  2025 base: Debian GNU/Linux 12
    (bookworm)
Machine:
  Type: Virtualbox System: innotek GmbH product: VirtualBox v: 1.2 serial: <superuser required>
    Chassis: Oracle Corporation type: 1 serial: <superuser required>
  Mobo: Oracle model: VirtualBox v: 1.2 serial: <superuser required> BIOS: innotek GmbH
    v: VirtualBox date: 12/01/2006
CPU:
  Info: model: AMD Ryzen 5 3400G with Radeon Vega Graphics bits: 64 type: MCP arch: Zen/Zen+
    note: check gen: 1 level: v3 note: check built: 2019 process: GF 12nm family: 0x17 (23)
    model-id: 0x18 (24) stepping: 1 microcode: 0x8108109
  Topology: cpus: 1x cores: 2 smt: <unsupported> cache: L1: 192 KiB desc: d-2x32 KiB; i-2x64 KiB
    L2: 1024 KiB desc: 2x512 KiB L3: 4 MiB desc: 1x4 MiB
  Speed (MHz): avg: 3693 min/max: N/A cores: 1: 3693 2: 3693 bogomips: 14772
  Flags: avx avx2 ht lm nx pae sse sse2 sse3 sse4_1 sse4_2 sse4a ssse3
  Vulnerabilities:
  Type: gather_data_sampling status: Not affected
  Type: indirect_target_selection status: Not affected
  Type: itlb_multihit status: Not affected
  Type: l1tf status: Not affected
  Type: mds status: Not affected
  Type: meltdown status: Not affected
  Type: mmio_stale_data status: Not affected
  Type: reg_file_data_sampling status: Not affected
  Type: retbleed mitigation: untrained return thunk; SMT disabled
  Type: spec_rstack_overflow mitigation: safe RET, no microcode
  Type: spec_store_bypass status: Not affected
  Type: spectre_v1 mitigation: usercopy/swapgs barriers and __user pointer sanitization
  Type: spectre_v2 mitigation: Retpolines; STIBP: disabled; RSB filling; PBRSB-eIBRS: Not
    affected; BHI: Not affected
  Type: srbds status: Not affected
  Type: tsa status: Not affected
  Type: tsx_async_abort status: Not affected
Graphics:
  Device-1: VMware SVGA II Adapter driver: vmwgfx v: 2.20.0.0 ports: active: Virtual-1
    empty: Virtual-2, Virtual-3, Virtual-4, Virtual-5, Virtual-6, Virtual-7, Virtual-8
    bus-ID: 00:02.0 chip-ID: 15ad:0405 class-ID: 0300
  Display: x11 server: X.Org v: 1.21.1.7 compositor: xfwm v: 4.20.0 driver: X: loaded: vmware
    unloaded: fbdev,modesetting,vesa dri: swrast gpu: vmwgfx display-ID: :0.0 screens: 1
  Screen-1: 0 s-res: 1600x900 s-dpi: 96 s-size: 423x238mm (16.65x9.37") s-diag: 485mm (19.11")
  Monitor-1: Virtual-1 mapped: Virtual1 res: 1600x900 hz: 60 size: N/A modes: max: 1600x900
    min: 640x480
  API: OpenGL v: 4.5 Mesa 22.3.6 renderer: llvmpipe (LLVM 15.0.6 256 bits) direct-render: Yes
Audio:
  Device-1: Intel 82801AA AC97 Audio vendor: Dell driver: snd_intel8x0 v: kernel bus-ID: 00:05.0
    chip-ID: 8086:2415 class-ID: 0401
  API: ALSA v: k6.1.0-38-amd64 status: kernel-api tools: alsamixer,amixer
  Server-1: PipeWire v: 1.0.0 status: active with: 1: pipewire-pulse status: active
    2: wireplumber status: active 3: pipewire-alsa type: plugin 4: pw-jack type: plugin
    tools: pactl,pw-cat,pw-cli,wpctl
Network:
  Device-1: Advanced Micro Devices [AMD] 79c970 [PCnet32 LANCE] driver: pcnet32 v: kernel
    port: d020 bus-ID: 00:03.0 chip-ID: 1022:2000 class-ID: 0200
  IF: eth0 state: unknown speed: 100 Mbps duplex: full mac: <filter>
  Device-2: Intel 82371AB/EB/MB PIIX4 ACPI type: network bridge driver: piix4_smbus v: N/A
    modules: i2c_piix4 port: N/A bus-ID: 00:07.0 chip-ID: 8086:7113 class-ID: 0680
Drives:
  Local Storage: total: 0 KiB used: 83.04 GiB
Partition:
  Message: No partition data found.
Swap:
  Alert: No swap data was found.
Sensors:
  Src: lm-sensors+/sys Message: No sensor data found using /sys/class/hwmon or lm-sensors.
Repos:
  Packages: pm: dpkg pkgs: 2139 libs: 1065 tools: apt,apt-get,aptitude,nala,synaptic pm: rpm
    pkgs: 0 pm: flatpak pkgs: 0
  No active apt repos in: /etc/apt/sources.list
  Active apt repos in: /etc/apt/sources.list.d/debian-stable-updates.list
    1: deb http://deb.debian.org/debian bookworm-updates main contrib non-free non-free-firmware
  Active apt repos in: /etc/apt/sources.list.d/debian.list
    1: deb http://deb.debian.org/debian bookworm main contrib non-free non-free-firmware
    2: deb http://security.debian.org/debian-security bookworm-security main contrib non-free non-free-firmware
    3: deb http://deb.debian.org/debian bookworm-backports main contrib non-free non-free-firmware
  Active apt repos in: /etc/apt/sources.list.d/mx.list
    1: deb http://la.mxrepo.com/mx/repo/ bookworm main non-free
    2: deb http://la.mxrepo.com/mx/testrepo/ bookworm test
    3: deb http://la.mxrepo.com/mx/repo/ bookworm ahs
Info:
  Processes: 184 Uptime: 1m wakeups: 33 Memory: 7.76 GiB used: 1.31 GiB (16.9%) Init: SysVinit
  v: 3.06 runlevel: 5 default: graphical tool: systemctl Compilers: gcc: 12.2.0 alt: 12
  Client: shell wrapper v: 5.2.15-release inxi: 3.3.26
Boot Mode: BIOS (legacy, CSM, MBR)

Most files in linux system directories have permissions -rw-r--r--, are owned by root, and in the root group. MX has some file permissions that don't make sense to me, but I'm just a dummy.

MX Repo Manager changes ownership to the user and permissions of sources list files.

Code: Select all

$ ls -lah /etc/apt/sources.list.d
total 8.5K
drwxr-xr-x 1 root root  80 Aug 16 11:41 .
drwxr-xr-x 1 root root  60 Apr 12 11:32 ..
-rw------- 1 demo demo 402 Aug 16 11:41 debian.list
-rw-r--r-- 1 root root 107 Aug 15 11:22 debian-stable-updates.list
-rw------- 1 demo demo 217 Aug 16 11:41 mx.list

The sysctl configuration files that MX adds for swappiness and dirty bytes in /etc/sysctl.d are executable for some reason.

Code: Select all

$ ls -lah /etc/sysctl.d
total 2.0K
drwxr-xr-x 2 root root 119 Jun 15 18:49 .
drwxr-xr-x 1 root root 500 Aug 16 11:40 ..
-rwxr-xr-x 1 root root  19 Feb  8  2025 99-swappiness_mx.conf
lrwxrwxrwx 1 root root  14 Mar 11  2023 99-sysctl.conf -> ../sysctl.conf
-rwxr-xr-x 1 root root  26 Feb  8  2025 99-vm-dirtybytes_mx.conf
-rw-r--r-- 1 root root 798 Dec 19  2022 README.sysct

Are these intentional? mistakes? bugs? security vulnerabilities?
I'm just a dumb user. I don't think somebody like me should be finding stuff like this.

[Eadwine Rose]

Kindly make the subject line a bit more descriptive so we know what it is about, thanks :)

[j2mcgreg]

@BV206 wrote:

MX Repo Manager changes ownership to the user and permissions of sources list files.

Repo Manager only controls access to repositories. It has no effect on file ownership or permissions. You have your tools mixed up.

[BV206]

Repo Manager only controls access to repositories. It has no effect on file ownership or permissions. You have your tools mixed up.

This is a cold boot from the ISO with no changes.

Code: Select all

$ ls -lah /etc/apt/sources.list.d/
total 1.5K
drwxr-xr-x 2 root root  83 Apr 12 11:35 .
drwxr-xr-x 8 root root 168 Apr 12 11:32 ..
-rw-r--r-- 1 root root 403 Aug 15 11:22 debian.list
-rw-r--r-- 1 root root 107 Aug 15 11:22 debian-stable-updates.list
-rw-r--r-- 1 root root 291 Aug 15 11:22 mx.list

This is after running MX Repo Manager and changing the main repo and adding the backports, test and ahs repos.

Code: Select all

$ ls -lah /etc/apt/sources.list.d/
total 8.5K
drwxr-xr-x 1 root root  80 Aug 16 12:46 .
drwxr-xr-x 1 root root  60 Apr 12 11:32 ..
-rw------- 1 demo demo 402 Aug 16 12:46 debian.list
-rw-r--r-- 1 root root 107 Aug 15 11:22 debian-stable-updates.list
-rw------- 1 demo demo 211 Aug 16 12:46 mx.list

How can MX Repo Manager enable, disable or change repos without editing sources list files? If MX Repo Manager doesn't change the file permissions and ownership then what did? Maybe apt does it then.

[kmathern]

This is what I'm seeing for permissions in a MX-23.6_ahs_x64 live session.

Original permissions

Code: Select all

demo@mx1:~
$ ls -l /etc/apt/sources.list.d/
total 2
-rw-rw-r-- 1 root root 403 Apr 12 13:09 debian.list
-rw-rw-r-- 1 root root 107 Apr 12 13:02 debian-stable-updates.list
-rw-rw-r-- 1 root root 212 Apr 12 13:02 mx.list
demo@mx1:~

After using MX Repo Manager to make a change to the mx.list repo

Code: Select all

demo@mx1:~
$ ls -l /etc/apt/sources.list.d/
total 5
-rw-rw-r-- 1 root root 403 Apr 12 13:09 debian.list
-rw-rw-r-- 1 root root 107 Apr 12 13:02 debian-stable-updates.list
-rw-rw-r-- 1 root root 290 Aug 16 12:44 mx.list
demo@mx1:~
$ 

Before & after -rw-rw-r-- root root

[Nokkaelaein]

After using MX Repo Manager to make a change to the mx.list repo

Hmm, test with everything mentioned, i.e. "changing the main repo and adding the backports, test and ahs repos."

Not that I'm particularly alarmed :) but I can confirm... I took a peek at my sources.list.d on an installed system I'm currently at, and something has indeed changed the owner of those two files, to that of my user account. On a running installed system, not live.

[kmathern]

@Adrian
@fehlix
Did another test, it does change permissions & ownership if you make changes in the "Individual sources" tab. (I clicked checkbox to enable testrepo)

Code: Select all

$ ls -l /etc/apt/sources.list.d/
total 5
-rw-rw-r-- 1 root root 403 Apr 12 13:09 debian.list
-rw-rw-r-- 1 root root 107 Apr 12 13:02 debian-stable-updates.list
-rw------- 1 demo demo 283 Aug 16 12:58 mx.list
demo@mx1:~
$ 

[j2mcgreg]

Repo Manager only controls access to repositories. It has no effect on file ownership or permissions. You have your tools mixed up.

This is a cold boot from the ISO with no changes.

Code: Select all

$ ls -lah /etc/apt/sources.list.d/
total 1.5K
drwxr-xr-x 2 root root  83 Apr 12 11:35 .
drwxr-xr-x 8 root root 168 Apr 12 11:32 ..
-rw-r--r-- 1 root root 403 Aug 15 11:22 debian.list
-rw-r--r-- 1 root root 107 Aug 15 11:22 debian-stable-updates.list
-rw-r--r-- 1 root root 291 Aug 15 11:22 mx.list

This is after running MX Repo Manager and changing the main repo and adding the backports, test and ahs repos.

Code: Select all

$ ls -lah /etc/apt/sources.list.d/
total 8.5K
drwxr-xr-x 1 root root  80 Aug 16 12:46 .
drwxr-xr-x 1 root root  60 Apr 12 11:32 ..
-rw------- 1 demo demo 402 Aug 16 12:46 debian.list
-rw-r--r-- 1 root root 107 Aug 15 11:22 debian-stable-updates.list
-rw------- 1 demo demo 211 Aug 16 12:46 mx.list

How can MX Repo Manager enable, disable or change repos without editing sources list files? If MX Repo Manager doesn't change the file permissions and ownership then what did? Maybe apt does it then.

Is this on hard metal or in a live session?

[Nokkaelaein]

Is this on hard metal or in a live session?

Hmm, the OP says it's a boot from ISO, and the username is "demo", so it's very unlikely it's something else than a live session. A live session, in turn, can run on hard metal or in a virtual machine.

[Melber]

@kmathern I think you meant @Adrian