[Bug 1522675] Re: Can't drop privileges for downloading : _apt user not allowed

dino99 1522675 at bugs.launchpad.net
Sat Sep 24 14:35:10 UTC 2016 

For the record, an other case has been fixed about _apt sandboxing

https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=806406

oem at u64:~$ getent passwd
.....
_apt:x:123:65534::/nonexistent:/bin/false


** Bug watch added: Debian Bug tracker #806406
   http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=806406

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to dpkg in Ubuntu.
https://bugs.launchpad.net/bugs/1522675

Title:
  Can't drop privileges for downloading : _apt user not allowed

Status in apt package in Ubuntu:
  New
Status in dpkg package in Ubuntu:
  Confirmed
Status in synaptic package in Debian:
  New

Bug description:
  Recently we got new versions for synaptic 0.82+build1 & apt 1.1.3, but
  now get that error when installing/upgrading some packages:

  Setting up libc6-dbg:amd64 (2.21-0ubuntu5) ...
  Processing triggers for libc-bin (2.21-0ubuntu5) ...
  W: Can't drop privileges for downloading as file '/root/.synaptic/tmp//tmp_cl' couldn't be accessed by user '_apt'. - pkgAcquire::Run (13: Permission denied)

  From nautilus, i'm seeing a /root/ folder locked (x on its icon) and
  the folder is empty (no /.synaptic/ sub-folder or file), so the above
  error.

  =======================================================================
  The real problem is : there is no _apt user on the system (see #808802 MV comments)

  grep -B2 _apt /var/lib/dpkg/info/apt.postinst

   # add unprivileged user for the apt methods
   adduser --force-badname --system --home /nonexistent  \
       --no-create-home --quiet _apt || true

   # Fixup any mistake in the home directory of the _apt user
   if dpkg --compare-versions "$2" lt-nl 1.1~exp10~; then
       usermod --home /nonexistent _apt
  ======================================================================
  and also a workaround:
  sudo chown _apt /var/lib/update-notifier/package-data-downloads/partial/

  
  ProblemType: Bug
  DistroRelease: Ubuntu 16.04
  Package: synaptic 0.82+build1
  ProcVersionSignature: Ubuntu 4.3.0-1.10-generic 4.3.0
  Uname: Linux 4.3.0-1-generic x86_64
  NonfreeKernelModules: nvidia
  ApportVersion: 2.19.2-0ubuntu8
  Architecture: amd64
  CurrentDesktop: GNOME
  Date: Fri Dec  4 05:23:25 2015
  SourcePackage: synaptic
  UpgradeStatus: No upgrade log present (probably fresh install)

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/apt/+bug/1522675/+subscriptions

More information about the foundations-bugs mailing list