Web lists-archives.com

Re: problems with _apt user privileges in upgrading from Jessie to Stretch [solved?]

On 2017-06-18 13:30 -0700, Jim McCloskey wrote:

> Posting here in case this might  help others who may be encountering the
> same problem.
> I  really appreciate the enhanced security provided for apt  in the new
> release. But  one of the changes caused me a small headache in upgrading.
> Following the upgrade,  running `apt get update'    resulted in this
> warning:
> Reading package lists... Done
> W: Download is performed unsandboxed as root as file
> '/var/lib/apt/lists/partial/deb.debian.org_debian_dists_stretch_InRelease'
> couldn't be accessed by user '_apt'. - pkgAcquire::Run (13: Permission
> denied)
> which meant,  I suppose, that I wasn't  getting all the benefits of the new
> regime.  After a bit of reading and a lot of trial and error I was able, I
> think, to resolve the issue by manually changing the owner attribute of
> the directory /var/lib/apt/lists/:
>      chown -R _apt.root   lists
> (executed in /var/lib/apt/ )
> It doesn't seem to be enough to have /var/lib/apt/lists  set to rwxr_xr_x
> if it's owned by root.
> If anyone has a different or better solution, I'd be curious to hear about

On my system, only /var/lib/apt/lists/partial is owned by the _apt user,
and it's not word-readable:

| $ LANG=C ls -ld /var/lib/apt/lists/partial 
| drwx------ 2 _apt root 16384 Jun 18 18:20 /var/lib/apt/lists/partial

All the regular files in /var/lib/apt/lists are owned by root:root and
have standard 0644 permissions.