Yep, that thing is for bash.
It's quite cryptic to read, basically it looks for permissions differ ...
in pacman.log
, and uses sed
to generate chmod
commands into fixem
from those lines.
Then fixem
is made executable, and then executed.
I'm not really sure what the pacman log format is and if the thing is correct, I think so but it seems to me that the log may not include all of the "broken" files. Then again I don't know pacman too well.
But I fear there's a bigger problem: does /usr/bin/sudo
still have the setuid
? Likely not...
If not, I think you could boot from install media and chmod
it from there (after mounting the HD partition if necessary). Then reboot normally.
It would be sudo chmod 4755 /mountpoint/usr/bin/sudo
-- you see, it takes a functioning sudo
to do that.
Then, hopefully you have pacutils
installed (for the paccheck
command), else hopefully you can install it normally with pacman -S pacutils
, else we'll see what to do about it.
OK, now let's see how to fix.
Note: I have removed the setuid
from my /usr/bin/cdrecord
for testing.
Also notice that sudo
is needed to check some of the system directories (but not for /usr/bin/
).
fish❯ ll /usr/bin/cdrecord
.rwx--x--x@ 574k root 25 lug 2021 /usr/bin/cdrecord # should be .rws… not .rwx…
fish❯ sudo paccheck --file-properties --quiet | grep 'permission mismatch'
cdrtools: '/usr/bin/cdrecord' permission mismatch (expected 4711)
That's all we need: the full pathname and the expected permissions.
fish❯ sudo chmod 4711 /usr/bin/cdrecord
fish❯ ll /usr/bin/cdrecord
.rws--x--x@ 574k root 25 lug 2021 /usr/bin/cdrecord # fixed!
That number is the octal representation of the file permissions, and can be passed directly to chmod
.
This is what the "fixem" thing does with that cryptic sed
command, extract the permissions and the path and stick "chmod" in front.
Backup in case of full reinstallation: /etc
, /home
, any other thing you have changed outside those two (let's say, if you put wallpapers in /usr/share
), the list of packages you installed manually.
Also write down the kernel parameters if you had to change them to make something work.
Maybe something else I forgot?
I advise using rsync
for the backup (careful with the trailing slashes). This is my backup script:
#!/bin/bash
excl=('*[Cc]ache*' old-isos) # list of home directories to exclude, just an example
rsync -aAXv "${excl[@]/#/--exclude=}" /home/username /.mnt/data/backup/
sudo rsync -aAXv /etc /.mnt/data/backup/
Of course you will need to adjust the mountpoint of the backup disk and the list of excluded folders.
(old-isos
has large .iso files I don't need to backup, the cache glob is because of vscode else it can be .cache
, probably you don't need the Firedragon crashrecovery stuff either)
The "${excl[@]/#/--exclude=}"
is bash variable expansion black magick to turn the list into --exclude=dir
options to rsync
.
Disclaimer: I'm not an expert, don't trust me and double check.