app-portage/eix-0.32.3 from the mv overlay: # eix-remote update1 mktemp: failed to create directory via template ‘/root/tmp/eix-remote.XXXXXXXX’: Permission denied Running as root with this environment: # env |grep TMP TMP=/root/tmp TMPDIR=/root/tmp drwxr-xr-x 1 root root 584 Nov 24 10:03 /root/tmp/ drwxrwxrwt 12 root root 420 Nov 24 10:03 /tmp/ Reproducible: Always
I really guess this is expected. While you change your TMP directory, you need to be sure that it is writable by everyone like /tmp is.
This has changed some while ago, my environment was always the same. Doing eix-remote as root and $TMP is writable, so if eix switches the user it should ne rely on users or roots $TMP but the global /tmp or something configurable in eix. Please ask the author mv bevor closing.
(In reply to Massimo Burcheri from comment #2) > This has changed some while ago Yes, eix now honours TMPDIR as required by POSIX. > Doing eix-remote as root and $TMP is writable eix (and all utilities like eix-remote) drop permissions as soon as possible. This is a security feature and can be prevented by setting EIX_{USER,GROUP,UID,GID} appropriately; however, I would not recommend to drop this feature in general. > should ne rely on users or roots $TMP but the global /tmp or something > configurable in eix. Unfortunately, there is no distinction between user-local and system-wide environment variables. Any assumption is false, but it seems to me that environment variables should simply always be honoured. In the current eix git master version (>=eix-0.32.4), a new variable EIX_TMPDIR is available which by default is initialized to TMPDIR via delayed substitution and which is used as a "substitute" of TMPDIR throughout eix (even a matching TMPDIR is exported). In other words: You can override your global setting of TMPDIR by setting EIX_TMPDIR in some configuration file. > Please ask the author mv No need to bother gentoo bugzilla: You can directly open a bug on github.
commit ec32266d801bed8d8e9ed57d4af1380129fae663 Author: Michael Weber <xmw@gentoo.org> Date: Wed Apr 19 13:45:17 2017 +0200 app-portage/eix: Remove old version (bug 600648, bug 597380). Package-Manager: Portage-2.3.5, Repoman-2.3.2 RepoMan-Options: --include-arches="arm arm64 ppc ppc64" app-portage/eix/Manifest app-portage/eix/eix-0.31.7-r1.ebuild app-portage/eix/metadata.xml
Perhaps the eix process should run as the portage user? I'm not sure where the root user's TMP and TMPDIR variables are declared. I assume they are set as a default within "/etc/profile.d/" or similar. In my case, for example, when systemd and selinux is in place, users' tmp directories are separated by namespace. While the root user is, obviously, able to write to /tmp/.private/root/, the eix process gets denied. [18:38][501]# env |grep -i tmp TMP=/tmp/.private/root TMPDIR=/tmp/.private/root [18:38][502]# logout [18:38][514]# ls -alh /tmp/.private/root/ total 0 drwx-----T. 2 root root 40 Aug 3 18:41 . drwx--x--x. 4 root root 80 Aug 3 18:21 .. [18:41][515]# touch /tmp/.private/root/testfile [18:42][516]# ls -alh /tmp/.private/root/ total 0 drwx-----T. 2 root root 60 Aug 3 18:42 . drwx--x--x. 4 root root 80 Aug 3 18:21 .. -rw-r--r--. 1 root root 0 Aug 3 18:42 testfile
While the workaround is a nice feature to allow sysadmins to specify arbitrary tmp directories for eix, IMHO eix should either set that by default to e.g. /tmp/eix, or--as I eluded to in my previous comment--run as the portage user. Furthermore, marking this bug as resolved or fixed is not at all correct based on the previous workaround.
(In reply to ILMostro from comment #6) > IMHO eix should either set that by default to e.g. /tmp/eix Using a predictable name in a world-writable directory would be a security hazard. If you have a special configuration which generates /tmp/eix with correct permissions at startup, you can reflect this special configuration in eix. It would not be correct to force such a special configuration with predictable names on every user. > or--as I eluded to in my previous comment--run as the portage user. eix *does* run as the portage user by default. Again, it would be a security hazard if not: eix is much too complex to be considered safe to be run by root. You can configure this nevertheless if you prefer convenience over risk. IMHO this bug is fixed from the viewpoint of eix: If you have a special setup, you need a corresponding special configuration which is possible. Any attempts to auto-configure or even to force this configuration on other users would be false.
The "/tmp/eix" was a poor example that can be adapted to provide the same "unpredictable" version of filename as "mktemp: failed to create directory via template ‘/tmp/eix/eix-remote.XXXXXXXX’". Also, if eix runs as portage user, why is it trying to create files in a different user's private tmp directory? The above failure shows that the previous security fix for bug 112061 may not be working correctly. The temporary files should be moved to the "/run" directory. See here for reference: https://danwalsh.livejournal.com/51459.html
The reference for the security fix, btw, shows that the "mktemp" call fails.
(In reply to ILMostro from comment #8) > The "/tmp/eix" was a poor example that can be adapted No, it cannot be adapted. > "unpredictable" version of filename as "mktemp: failed to create directory > via template ‘/tmp/eix/eix-remote.XXXXXXXX’". I am not sure whether you understand what the word "template" means in this output: It is not a filename; the XXXXXXX will actually be replaced by the mktemp utility/function. This template does not work unless the directory /tmp/eix was created before. And creating that directory would mean to create a predictable filename/dirname in a world-writable directory and thus be wrong. > Also, if eix runs as portage user, why is it trying to create files in a > different user's private tmp directory? Changing privileges does not magically change environment variables. > The above failure shows that the previous security fix for bug 112061 may > not be working correctly. I think you misunderstand, see above. (BTW, bug 112061 occurred long before I was maintainer of eix; I have rewritten eix-sync from ground-up since then, so nothing from this bug applies anymore). > The temporary files should be moved to the "/run" directory. No, they should not. Your private temp-dirs with predictable filenames should perhaps better be there, because they must have been generated at boot time (presumably by root) and therefore have no reason to reside in a world-writable directory. But eix does exactly *not* use predictable filenames and must be able to write with non-root permissions (which is not possible for /run). TMPDIR is exactly the correct place for this. Once more: It is completely fine, if you set up during boot local temp-dirs on /tmp or /run for every user (including portage). Just when you use such a configuration you have to tell it to eix by writing a file in /etc/eixrc which defines EIX_TMPDIR to be that directory. In other words, the solution of your problem is just to set up the correct configuration. As I said: the default of eix cannot be a guessed configuration; it must be standard POSIX behaviour since anything else would cause surprises to users who do not use such an exotic configuration.
