flashburn flashburn - 1 month ago 30
Linux Question

Error during Ubuntu kernel source download

I needed to download the source for the Ubuntu kernel that I'm running. So I followed these instructions. The download was almost successful. Right at the end of it I got:


W: Can't drop privileges for downloading as file
'linux-hwe_4.10.0-32.36~16.04.1.dsc' couldn't be accessed by user
'_apt'. - pkgAcquire::Run (13: Permission denied)


Does anyone know what the problem is and what I should do?

Answer Source

The https://wiki.ubuntu.com/Kernel/BuildYourOwnKernel page says to run just apt, without any sudo prefix:

  apt-get source linux-image-$(uname -r)`

So, just start it without sudo prefix.

Many popular apt commands like apt install will write to some global databases and files, and should be started with sudo. But apt-get source and most apt-cache are unprivileged and runs from any user. And apt-get source will write to current directory, and It is a security feature to download file from special pseudo user when started from root...

This was reported to bugzillas many many times, and reworded in https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=813786

$ LANG=C sudo apt-get source debian-installer
W: Can't drop privileges for downloading as file 'debian-installer_20160106.dsc' couldn't be accessed by user '_apt'. - pkgAcquire::Run (13: Permission denied)

I don't get why there are bug reports about that. If you fetch in a directory _apt cannot write to, it will run the fetchers as root instead of _apt so you can do whatever foolish (no root needed here) task you are trying to do.

We could also just make it an error and say: This command does not work as root, but that won't make people happy either.

While we might want to solve this at some point, this is no huge deal, and would require a huge amount of work to fix.

Warning was reworded:

Note: This is a warning about disabling a security feature. It is
supposed to be scary as we are disabling a security feature and we
can't just be silent about it! Downloads really shouldn't happen
any longer as root to decrease the attack surface – but if a warning
causes that much uproar, consider what an error would do…

The old WARNING message:
| W: Can't drop privileges for downloading as file 'foobar' couldn't be
| accessed by user '_apt'. - pkgAcquire::Run (13: Permission denied)
is frequently (incorrectly) considered to be an error message indicating
that the download didn't happen which isn't the case, it was performed,
but without all the security features enabled we could have used if run
from some other place…