Skip to content

Wrong permissions for temp files

Description:

Installing the forgejo package throws an error related to the app's config file when installing the package:

resolving dependencies...
looking for conflicting packages...

Package (1)    New Version  Net Change

extra/forgejo  1.21.4.0-1   113.38 MiB

Total Installed Size:  113.38 MiB

:: Proceed with installation? [Y/n] y
(1/1) checking keys in keyring                                           [########################################] 100%
(1/1) checking package integrity                                         [########################################] 100%
(1/1) loading package files                                              [########################################] 100%
(1/1) checking for file conflicts                                        [########################################] 100%
(1/1) checking available disk space                                      [########################################] 100%
:: Processing package changes...
(1/1) installing forgejo                                                 [########################################] 100%
Optional dependencies for forgejo
    mariadb: MariaDB support [installed]
    memcached: MemCached support
    openssh: GIT over SSH support [installed]
    pam: Authentication via PAM support [installed]
    postgresql: PostgreSQL support
    redis: Redis support
    sqlite: SQLite support [installed]
:: Running post-transaction hooks...
(1/4) Creating system user accounts...
(2/4) Reloading system manager configuration...
(3/4) Creating temporary files...
Detected unsafe path transition /etc/forgejo (owned by forgejo) → /etc/forgejo/app.ini (owned by root) during canonicalization of etc/forgejo/app.ini.
error: command failed to execute correctly
(4/4) Arming ConditionNeedsUpdate...

The package gets installed anyways, but this is just a small error related to the temporary files owned by the package.

This error can be fixed by changing the permissions in the tmpfiles.conf (taken from gitea@52f56dcb):

diff --git a/tmpfiles.conf b/tmpfiles.conf
index 4ed2371..d44d81f 100644
--- a/tmpfiles.conf
+++ b/tmpfiles.conf
@@ -6,5 +6,5 @@ d /var/lib/forgejo/repos 0750
 d /var/lib/forgejo/tmp 0750
 Z /var/lib/forgejo - forgejo forgejo
 d /var/log/forgejo 0750 forgejo forgejo
-z /etc/forgejo 0755 forgejo forgejo
-z /etc/forgejo/app.ini 0600 forgejo forgejo
+z /etc/forgejo 0755 root forgejo
+z /etc/forgejo/app.ini 0660 root forgejo

Additional info:

Steps to reproduce:

  1. Install forgejo
To upload designs, you'll need to enable LFS and have an admin enable hashed storage. More information