On 2017-06-18 13:30 -0700, Jim McCloskey wrote:
> Posting here in case this might help others who may be encountering the
> same problem.
>
> I really appreciate the enhanced security provided for apt in the new
> release. But one of the changes caused me a small headache in upgrading.
> Following the upgrade, running `apt get update' resulted in this
> warning:
>
> Reading package lists... Done
> W: Download is performed unsandboxed as root as file
> '/var/lib/apt/lists/partial/deb.debian.org_debian_dists_stretch_InRelease'
> couldn't be accessed by user '_apt'. - pkgAcquire::Run (13: Permission
> denied)
>
> which meant, I suppose, that I wasn't getting all the benefits of the new
> regime. After a bit of reading and a lot of trial and error I was able, I
> think, to resolve the issue by manually changing the owner attribute of
> the directory /var/lib/apt/lists/:
>
> chown -R _apt.root lists
>
> (executed in /var/lib/apt/ )
>
> It doesn't seem to be enough to have /var/lib/apt/lists set to rwxr_xr_x
> if it's owned by root.
>
> If anyone has a different or better solution, I'd be curious to hear about
On my system, only /var/lib/apt/lists/partial is owned by the _apt user,
and it's not word-readable:
,----
| $ LANG=C ls -ld /var/lib/apt/lists/partial
| drwx------ 2 _apt root 16384 Jun 18 18:20 /var/lib/apt/lists/partial
`----
All the regular files in /var/lib/apt/lists are owned by root:root and
have standard 0644 permissions.
Cheers,
Sven
