Page 1 of 1
[Solved] Synaptic W: Download is performed unsandboxed as root as file '/root/.synaptic/tmp//tmp_cl' couldn't be...
Posted: Tue Nov 24, 2020 3:46 am
by BitterTruth
Hi there. I'm running MX19.2_xfce at the moment. A couple of days ago, Synaptic started giving me the following warning after I perform updates/removals:
W: Download is performed unsandboxed as root as file '/root/.synaptic/tmp//tmp_cl' couldn't be accessed by user '_apt'. - pkgAcquire::Run (13: Permission denied)
A quick google search and subsequent linux mint forum tells me:
In this specific case, you may ignore the complaint. The reason is: Synaptic executed some action as user root, instead of user _apt. As a consequence, _apt does not have the needed privileges of deleting file /root/.synaptic/tmp//tmp_cl, which is owned by root.
In case you should be worried that the directory /root/.synaptic/tmp/ might be filled with junk in the course of time, you may check with root privileges, what is in there. Here it is empty. So it seems as if root does not only create /root/.synaptic/tmp//tmp_cl, but that root also deletes /root/.synaptic/tmp//tmp_cl, when it is no longer needed.
The installation will have finished correctly, although the error message gets displayed.
(https://forums.linuxmint.com/viewtopic.php?t=280054)
I WAS messing about with a PORTEUS linux live usb on that day and I remember I had to keep using 'root thunar' to move files around which seemed strange to me.
The above post advises to ignore it. However, I don't really fancy seeing that for the next 'x' number of years, every time I do an update.
Ubuntu forums give me this:
Usually apt uses the user _apt to download packages. In your case _apt doesn't have write permission to either /var/cache/apt/archives/partial/ or an existing file /var/cache/apt/archives/partial/samba-libs_2%3a4.5.8+dfsg-0ubuntu0.17.04.1_i386.deb so it downloaded the file as root.
Make sure /var/cache/apt/archives/partial/ and everything below it are writeable for _apt, e.g. by running
Code: Select all
sudo chown -Rv _apt:root /var/cache/apt/archives/partial/
sudo chmod -Rv 700 /var/cache/apt/archives/partial/
https://askubuntu.com/questions/908800 ... ed-as-root
So, should I ignore it or am I safe to change the permissions? This is my main system and I am normally very very cautious when it comes to messing around with it.
Re: Synaptic warning W: Download is performed unsandboxed as root as file '/root/.synaptic/tmp//tmp_cl' couldn't be acce
Posted: Tue Nov 24, 2020 4:04 am
by Eadwine Rose
Please also post your quick system info (run it, hit paste in a reply), that way we have all the basic data.
Re: Synaptic warning W: Download is performed unsandboxed as root as file '/root/.synaptic/tmp//tmp_cl' couldn't be acce
Posted: Tue Nov 24, 2020 7:48 am
by dolphin_oracle
I'll try the permission change tonight and let you know.
Re: Synaptic warning W: Download is performed unsandboxed as root as file '/root/.synaptic/tmp//tmp_cl' couldn't be acce
Posted: Wed Nov 25, 2020 1:21 pm
by BitterTruth
Thanks D_O. Did you get a chance to play around with the permissions?
If not, it doesn't matter because it looks like the problem has resolved itself (don't know why, don't know how).
I've just done the latest updates through synaptic and the message didn't come up
:
Commit Log for Wed Nov 25 18:08:26 2020
Upgraded the following packages:
gir1.2-javascriptcoregtk-4.0 (2.28.4-1~deb10u1) to 2.30.3-1~deb10u1
gir1.2-webkit2-4.0 (2.28.4-1~deb10u1) to 2.30.3-1~deb10u1
libjavascriptcoregtk-4.0-18 (2.28.4-1~deb10u1) to 2.30.3-1~deb10u1
libwebkit2gtk-4.0-37 (2.28.4-1~deb10u1) to 2.30.3-1~deb10u1
mx-dockmaker (20.10) to 20.11
mx-tweak (20.09.02) to 20.11.01
Re: [Solved]Synaptic W: Download is performed unsandboxed as root as file '/root/.synaptic/tmp//tmp_cl' couldn't be acce
Posted: Wed Nov 25, 2020 1:29 pm
by tony37
I've seen that message too once, I think it tends to disappear on its own.
Re: Synaptic warning W: Download is performed unsandboxed as root as file '/root/.synaptic/tmp//tmp_cl' couldn't be acce
Posted: Wed Nov 25, 2020 1:37 pm
by dolphin_oracle
BitterTruth wrote: Wed Nov 25, 2020 1:21 pm
Thanks D_O. Did you get a chance to play around with the permissions?
If not, it doesn't matter because it looks like the problem has resolved itself (don't know why, don't know how).
I've just done the latest updates through synaptic and the message didn't come up
:
Commit Log for Wed Nov 25 18:08:26 2020
Upgraded the following packages:
gir1.2-javascriptcoregtk-4.0 (2.28.4-1~deb10u1) to 2.30.3-1~deb10u1
gir1.2-webkit2-4.0 (2.28.4-1~deb10u1) to 2.30.3-1~deb10u1
libjavascriptcoregtk-4.0-18 (2.28.4-1~deb10u1) to 2.30.3-1~deb10u1
libwebkit2gtk-4.0-37 (2.28.4-1~deb10u1) to 2.30.3-1~deb10u1
mx-dockmaker (20.10) to 20.11
mx-tweak (20.09.02) to 20.11.01
I did, but my permissions were already set to the suggested ones.
Re: [Solved]Synaptic W: Download is performed unsandboxed as root as file '/root/.synaptic/tmp//tmp_cl' couldn't be acce
Posted: Thu Nov 26, 2020 2:42 am
by BitterTruth
Ok. I've checked the ownership and permissions for the partial directory and they are currently set to:
terminal shows:
drwx------ 2 _apt root 4096 Nov 25 18:08 partial
so it's already chmod 700.
@tony_37
I think next time it happens, I'll check the permissions to see what's happened
Re: [Solved]Synaptic W: Download is performed unsandboxed as root as file '/root/.synaptic/tmp//tmp_cl' couldn't be acce
Posted: Thu Nov 26, 2020 6:56 am
by BitterTruth
Ok guys it's back.
This time it happened when i clicked 'Reload' in synaptic (see screenshot 2)
What's stranger is when I clicked reload again, it didn't appear
Looks like it has been a bug with apt or synaptic packages going as far back as 2015:
https://bugs.launchpad.net/ubuntu/+sour ... mments=all
It is reported as being fixed on 23rd Nov 2020? (see screenshot 1). The error occured on 22nd Nov for me but by the 24th it was gone. However, I think this 'fix' was because I must have just clicked 'mark all upgrades' 'followed by 'apply' in synaptic without doing 'reload' first like I normally do.
Could it be a problem with my sources?
Here's the quickinfo (for my system (which I should have provided initially as E_R suggested):
Code: Select all
Snapshot created on: 20200915_1434
System:
Host: <filter> Kernel: 4.19.0-12-amd64 x86_64 bits: 64 compiler: gcc
v: 8.3.0
parameters: BOOT_IMAGE=/boot/vmlinuz-4.19.0-12-amd64
root=UUID=<filter> ro quiet hush
Desktop: Xfce 4.14.2 tk: Gtk 3.24.5 info: xfce4-panel wm: xfwm4
dm: LightDM 1.26.0 Distro: MX-19.3_x64 patito feo May 31 2020
base: Debian GNU/Linux 10 (buster)
Machine:
Type: Laptop System: LENOVO product: 2539A94 v: ThinkPad T410
serial: <filter> Chassis: type: 10 serial: <filter>
Mobo: LENOVO model: 2539A94 serial: <filter> BIOS: LENOVO
v: 6IET58WW (1.18 ) date: 04/19/2010
Battery:
ID-1: BAT0 charge: 8.1 Wh condition: 8.2/47.5 Wh (17%) volts: 12.2/10.8
model: SANYO 42T4751 type: Li-ion serial: <filter> status: Unknown
CPU:
Topology: Dual Core model: Intel Core i5 M 520 bits: 64 type: MT MCP
arch: Nehalem family: 6 model-id: 25 (37) stepping: 2 microcode: 11
L2 cache: 3072 KiB
flags: lm nx pae sse sse2 sse3 sse4_1 sse4_2 ssse3 vmx bogomips: 19152
Speed: 1385 MHz min/max: 1199/2400 MHz boost: enabled Core speeds (MHz):
1: 1294 2: 1269 3: 1303 4: 1318
Vulnerabilities: Type: itlb_multihit status: KVM: Split huge pages
Type: l1tf
mitigation: PTE Inversion; VMX: conditional cache flushes, SMT vulnerable
Type: mds status: Vulnerable: Clear CPU buffers attempted, no microcode;
SMT vulnerable
Type: meltdown mitigation: PTI
Type: spec_store_bypass
mitigation: Speculative Store Bypass disabled via prctl and seccomp
Type: spectre_v1
mitigation: usercopy/swapgs barriers and __user pointer sanitization
Type: spectre_v2 mitigation: Full generic retpoline, IBPB: conditional,
IBRS_FW, STIBP: conditional, RSB filling
Type: srbds status: Not affected
Type: tsx_async_abort status: Not affected
Graphics:
Device-1: Intel Core Processor Integrated Graphics vendor: Lenovo
driver: i915 v: kernel bus ID: 00:02.0 chip ID: 8086:0046
Display: x11 server: X.Org 1.20.4 driver: intel resolution: 1280x800~60Hz
OpenGL: renderer: Mesa DRI Intel Ironlake Mobile v: 2.1 Mesa 18.3.6
direct render: Yes
Audio:
Device-1: Intel 5 Series/3400 Series High Definition Audio vendor: Lenovo
driver: snd_hda_intel v: kernel bus ID: 00:1b.0 chip ID: 8086:3b56
Sound Server: ALSA v: k4.19.0-12-amd64
Network:
Device-1: Intel 82577LM Gigabit Network vendor: Lenovo driver: e1000e
v: 3.2.6-k port: 1820 bus ID: 00:19.0 chip ID: 8086:10ea
IF: eth0 state: down mac: <filter>
Device-2: Intel Centrino Advanced-N 6200 driver: iwlwifi v: kernel
port: 1880 bus ID: 03:00.0 chip ID: 8086:4239
IF: wlan0 state: up mac: <filter>
Drives:
Local Storage: total: 149.05 GiB used: 70.94 GiB (47.6%)
ID-1: /dev/sda vendor: Seagate model: ST9160412AS size: 149.05 GiB
block size: physical: 512 B logical: 512 B speed: 3.0 Gb/s
rotation: 7200 rpm serial: <filter> rev: LVM1 scheme: MBR
Partition:
ID-1: / raw size: 20.00 GiB size: 19.56 GiB (97.81%)
used: 7.86 GiB (40.2%) fs: ext4 dev: /dev/sda1
ID-2: /home raw size: 125.05 GiB size: 122.96 GiB (98.33%)
used: 63.08 GiB (51.3%) fs: ext4 dev: /dev/sda2
ID-3: swap-1 size: 4.00 GiB used: 0 KiB (0.0%) fs: swap
swappiness: 15 (default 60) cache pressure: 100 (default) dev: /dev/sda3
Sensors:
System Temperatures: cpu: 46.0 C mobo: 0.0 C
Fan Speeds (RPM): cpu: 3586
Repos:
No active apt repos in: /etc/apt/sources.list
Active apt repos in: /etc/apt/sources.list.d/debian-stable-updates.list
1: deb http://deb.debian.org/debian buster-updates main contrib non-free
Active apt repos in: /etc/apt/sources.list.d/debian.list
1: deb http://deb.debian.org/debian buster main contrib non-free
2: deb http://deb.debian.org/debian-security buster/updates main contrib non-free
Active apt repos in: /etc/apt/sources.list.d/mx.list
1: deb http://mxlinux.mirrors.uk2.net/packages/mx/repo/ buster main non-free
No active apt repos in: /etc/apt/sources.list.d/various.list
Info:
Processes: 206 Uptime: 2h 01m Memory: 3.66 GiB used: 1.42 GiB (38.9%)
Init: SysVinit v: 2.93 runlevel: 5 default: 5 Compilers: gcc: 8.3.0 alt: 8
Shell: quick-system-in running in: quick-system-in inxi: 3.0.36
Interestingly, one of our own, user rijnsma11111 had a problem back in dec 19:
https://www.forum.mxlinux.org/memberlis ... le&u=19516
Re: [Solved]Synaptic W: Download is performed unsandboxed as root as file '/root/.synaptic/tmp//tmp_cl' couldn't be acce
Posted: Thu Nov 26, 2020 7:04 am
by tony37
BitterTruth wrote: Thu Nov 26, 2020 6:56 am
It is reported as being fixed on 23rd Nov 2020? (see screenshot 1).
I don't see any screenshots...
Re: [Solved]Synaptic W: Download is performed unsandboxed as root as file '/root/.synaptic/tmp//tmp_cl' couldn't be acce
Posted: Thu Nov 26, 2020 1:23 pm
by BitterTruth
sorry tony, don't know why they didn't get added. They are on now. i'm marking it as unsolved again.
Re: Synaptic warning W: Download is performed unsandboxed as root as file '/root/.synaptic/tmp//tmp_cl' couldn't be acce
Posted: Thu Nov 26, 2020 1:43 pm
by tony37
The fix was for apt (and actually dates from 2016), not synaptic. It's no doubt irritating to get these messages, but they are completely harmless.
Re: Synaptic warning W: Download is performed unsandboxed as root as file '/root/.synaptic/tmp//tmp_cl' couldn't be acce
Posted: Thu Nov 26, 2020 1:52 pm
by BitterTruth
I thought it was for both in the end?(see screenshot3 - 16th No 2020) because people were getting really confused with apt, aptitude, synaptic and _apt user and reporting it in the same bug report so i think the devs solved a few issues relating to it.
Re: Synaptic warning W: Download is performed unsandboxed as root as file '/root/.synaptic/tmp//tmp_cl' couldn't be acce
Posted: Thu Nov 26, 2020 2:14 pm
by tony37
2020-11-16 is just when the last Synaptic release was, nothing to do with the bug.
Re: Synaptic warning W: Download is performed unsandboxed as root as file '/root/.synaptic/tmp//tmp_cl' couldn't be acce
Posted: Thu Nov 26, 2020 3:01 pm
by BitterTruth
2020-11-16 is just when the last Synaptic release was, nothing to do with the bug.
Very interesting tony. Did we get that synaptic update because I can't see it in my history?
I see mx-packageinstaller-pkglist on the 16th and mx-packageinstaller on 20th:
Commit Log for Mon Nov 16 10:07:31 2020
Upgraded the following packages:
lo-main-helper (20.11.04) to 20.11.05
mx-packageinstaller-pkglist (20.11.04) to 20.11.05
Commit Log for Fri Nov 20 09:15:48 2020
Upgraded the following packages:
mx-packageinstaller (20.11.01) to 20.11.02
Are they related?
Also, I understand what you mean about being able to just ignore the warnings since they're somewhat 'cosmetic' but like I said before this is my daily driver. I use it about 10-12 hours a day so really need it to be glitch free. Anyway since the issue started only a few days ago, I really want to know what changed.
Thanks for the help anyway
Re: Synaptic warning W: Download is performed unsandboxed as root as file '/root/.synaptic/tmp//tmp_cl' couldn't be acce
Posted: Fri Nov 27, 2020 7:47 am
by tony37
BitterTruth wrote: Thu Nov 26, 2020 3:01 pm
Did we get that synaptic update because I can't see it in my history?
No, that update was for the Debian Sid package.
Maybe a solution to the problem (inspired by message #84 on that bug tracker) is to change ownership of /root/.synaptic/tmp to _apt:root, so:
Code: Select all
sudo chown -R _apt:root /root/.synaptic/tmp
I'm not sure this is a fully professional solution, but I tried installing a package with Synaptic after changing permissions and it worked fine.
_apt:root is the same ownership as /var/cache/apt/archives/partial and /var/lib/apt/lists/partial have, so I'm not just inventing something
Re: Synaptic warning W: Download is performed unsandboxed as root as file '/root/.synaptic/tmp//tmp_cl' couldn't be acce
Posted: Fri Nov 27, 2020 11:20 am
by BitterTruth
I'll give that a try the next time it shows up.
It's really wierd. I just opened synaptic, did 'reload' followed by 'mark all upgrades'...... no message.
_apt:root is the same ownership as /var/cache/apt/archives/partial and /var/lib/apt/lists/partial have
yeah. I looked into it a bit. i read that you can delete stuff under archives and lists directories since the system will refresh the data once you do apt update so I deleted everything under /var/cache/apt/archive directory using plain old clean command:
(never knew this command did this)
I also deleted everything under var/lib/apt/lists/ to be sure. I was hoping to reset permissions/ownership to default in case they got changed along the way.
You have to do an apt update afterwards otherwise you get errors:
Unfortunately this didn't fix things as the warning was still there. I might just raise a bug of my own with debian.
Incidentally, do you think updating from the mx updater/command line is better/safer over using synaptic? I only recently changed to using synaptic for updates because of the history log it keeps. I'm thinking I should go back to using the apt-notifier (or MX updater as it's called now). It was way faster and I never had any issues.
Does mx updater also use _apt user and reduced privileges or does it execute as 'root'?
Re: Synaptic warning W: Download is performed unsandboxed as root as file '/root/.synaptic/tmp//tmp_cl' couldn't be acce
Posted: Fri Nov 27, 2020 1:45 pm
by tony37
BitterTruth wrote: Fri Nov 27, 2020 11:20 am
Incidentally, do you think updating from the mx updater/command line is better/safer over using synaptic? I only recently changed to using synaptic for updates because of the history log it keeps. I'm thinking I should go back to using the apt-notifier (or MX updater as it's called now). It was way faster and I never had any issues.
Does mx updater also use _apt user and reduced privileges or does it execute as 'root'?
If you just use Synaptic for the history log: the MX updater also has a history log and it's more comprehensive than the Synaptic one, just right-click on the Updater icon and then 'History'. Or you can use
in a terminal.
The mx-updater (and MX Package Installer) uses apt, which (sometimes) uses the _apt user, but that doesn't cause the bug, it's just that _apt doesn't have access to /root/.synaptic/tmp (which is only a problem in Synaptic of course). But I think it's just wrong programming that the _apt user should have anything to do in /root/.synaptic (see also comment #18 on the bug tracker).
Re: Synaptic warning W: Download is performed unsandboxed as root as file '/root/.synaptic/tmp//tmp_cl' couldn't be acce
Posted: Fri Nov 27, 2020 6:26 pm
by BitterTruth
I agree with you. I don't know what caused synaptic to suddenly start behaving like that but at least we have a few solutions now and thankfully, the message hasn't appeared all day either (maybe deleting the files did fix the permissions and the system just needed a reboot?)
For now, I've switched back to mx updater and I'll change the ownership of /root/.synaptic/tmp if the message pops up again,so I'll mark it solved.
Thanks for sticking with me tony
Re: Synaptic warning W: Download is performed unsandboxed as root as file '/root/.synaptic/tmp//tmp_cl' couldn't be acce
Posted: Fri Nov 27, 2020 7:07 pm
by tony37
BitterTruth wrote: Fri Nov 27, 2020 6:26 pm
(maybe deleting the files did fix the permissions and the system just needed a reboot?)
I don't think so, just the bug being unpredictable in showing up