[arch-dev-public] [pacman-dev] pacman screws up permissions

Eric Belanger belanger at ASTRO.UMontreal.CA
Wed Jun 20 16:58:49 EDT 2007

On Wed, 20 Jun 2007, Dan McGee wrote:

> On 6/20/07, Thomas Bächler <thomas.baechler at gmx.de> wrote:
>> I just installed the ntfs-3g package with pacman 3.0.5-1:
>> $ /bin/ls -lhF /bin/ntfs-3g /usr/man/man8/ntfs-3g.8.gz
>> -rwxrwxrwx 1 root root  36K 20. Jun 01:45 /bin/ntfs-3g*
>> -rwxrwxrwx 1 root root 3,0K 20. Jun 01:44 /usr/man/man8/ntfs-3g.8.gz*
>> The permissions in the tarfile are 755 for /bin/ntfs-3g (and I suppose
>> they are 644 for the manpage, didn't check that). This behaviour can
>> cause critical bugs and in this case is security-relevant, as a user
>> could change the ntfs-3g binary, which is executed at boot time on many
>> systems. This has to be fixed FAST.
> Has anyone read my recent emails? I've said the same thing, and I
> think it is due to a "fix" that didn't get tested well in pacman
> 3.0.5. I think I'm going to roll back that fix tonight unless someone
> else can come up with a solution.
> Relevant stuff:
> http://archlinux.org/pipermail/arch-dev-public/2007-June/001048.html
> http://archlinux.org/pipermail/pacman-dev/2007-June/008567.html
> http://archlinux.org/pipermail/pacman-dev/2007-June/008567.html
> http://bugs.archlinux.org/task/7461
> http://bugs.archlinux.org/task/7323
> -Dan

There was a related problem with a previous version of pacman. I haven't 
check if it's still there in pacman 3.05. 
REF: http://archlinux.org/pipermail/tur-users/2007-May/005205.html

When doing chown and chmod on a file to add it to a group (with rw 
permissions) like so:
-rw-rw-r-- root:adesklets

the file was installed with the permissions/ownership of:
-rw-r--r-- root:root

even if doing tar -tzvf on the package would should the correct 
permission/ownership like Thomas said above.  I wanted to test with a git 
checkout of pacman but haven't done it yet.

There's definitely a problem with file permission/ownership that was 
introduced before the 3.05 release.  Maybe the latest fixes made it 

This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

More information about the arch-dev-public mailing list