When running the following command…
sudo ufw enable
…I’m now greeted by the following errors:
WARN: uid is 0 but ‘/lib’ is owned by 1000
WARN: uid is 0 but ‘/usr’ is owned by 1000
Firewall is active and enabled on system startup
I have not had any particular issues or done anything unusual to my OS, just ran an update after 2 weeks absent and started getting those 2 errors right after.
How to correct it?
My system:
Ubuntu 25.04 x86_64
Kernel: 6.14.0-33-generic
DE: GNOME 48.0
Many thanks.
The uid is the user ID, which is a numeric number indicating who the user is.
In Ubuntu, root has user ID 0. By default, your own user ID is 1000.
So, the warning message is telling you that /lib and /usr are currently owned by you, whereas they should be owned by root.
This is a serious security vulnerability.
Do you have any idea why their ownership changed?
Please post the result of running these two commands:
ls -lA / /usr
Most probably, the solution will be to run the following command, but I’d like to know why this problem occurred in the first place.
sudo chown root:root /lib /usr
The ls command should help to decide what to do next, because the problem might lie deeper than just those two directories.
Thanks in advance for your help. Here it goes:
rick@K410:~$ ls -lA / /usr
/:
total 88
drwxr-xr-x 3 root root 4096 Jun 2 09:07 .ICAClient
drwxr-xr-x 2 root root 4096 Mar 5 2023 .config
-rw-r–r-- 1 root root 0 Jun 20 01:48 1
lrwxrwxrwx 1 root root 7 Mar 4 2023 bin → usr/bin
drwxr-xr-x 6 root root 4096 Oct 12 20:08 boot
drwxrwxr-x 2 root root 4096 Mar 4 2023 cdrom
-rw-r----- 1 root root 1490 Sep 7 15:45 debug
drwxr-xr-x 22 root root 5320 Oct 14 15:39 dev
drwxr-xr-x 175 root root 12288 Oct 14 11:57 etc
drwxr-xr-x 3 root root 4096 Mar 4 2023 home
lrwxrwxrwx 1 root root 7 Mar 4 2023 lib → usr/lib
lrwxrwxrwx 1 root root 9 Mar 4 2023 lib32 → usr/lib32
lrwxrwxrwx 1 root root 9 Mar 4 2023 lib64 → usr/lib64
lrwxrwxrwx 1 root root 10 Mar 4 2023 libx32 → usr/libx32
drwx------ 2 root root 16384 Mar 4 2023 lost+found
drwxr-xr-x 5 root root 4096 Mar 6 2023 media
drwxr-xr-x 3 root root 4096 Mar 5 2023 mnt
drwxr-xr-x 4 root root 4096 Sep 16 18:44 opt
dr-xr-xr-x 409 root root 0 Oct 14 12:11 proc
drwx------ 12 root root 4096 Oct 12 20:16 root
drwxr-xr-x 45 root root 1200 Oct 14 13:00 run
lrwxrwxrwx 1 root root 8 Mar 4 2023 sbin → usr/sbin
drwxr-xr-x 38 root root 4096 Sep 7 15:43 snap
drwxr-xr-x 2 root root 4096 Feb 23 2023 srv
dr-xr-xr-x 13 root root 0 Oct 14 12:11 sys
drwxr-xr-x 9 root root 4096 Oct 12 19:33 timeshift
drwxrwxrwt 31 root root 740 Oct 14 16:07 tmp
drwxr-xr-x 14 rick rick 4096 Mar 30 2022 usr
drwxr-xr-x 15 root root 4096 Aug 22 13:16 var/usr:
total 220
drwxr-xr-x 2 root root 106496 Oct 14 11:56 bin
drwxr-xr-x 2 root root 4096 Sep 7 14:56 games
drwxr-xr-x 62 root root 20480 Sep 25 22:58 include
drwxr-xr-x 124 rick rick 4096 Mar 30 2022 lib
drwxr-xr-x 2 root root 4096 Feb 23 2023 lib32
drwxr-xr-x 2 root root 4096 Sep 23 00:46 lib64
drwxr-xr-x 24 root root 12288 Sep 21 15:12 libexec
drwxr-xr-x 2 root root 4096 Feb 23 2023 libx32
drwxr-xr-x 10 root root 4096 Feb 23 2023 local
drwxr-xr-x 2 root root 36864 Oct 14 11:56 sbin
drwxr-xr-x 312 rick rick 12288 Oct 14 11:56 share
drwxr-xr-x 9 root root 4096 Oct 14 11:56 src
Proceed with sudo chown root:root /lib /usr ?
No clue. Returned after 2 weeks (zero chance anyone touched my workstation), ran sudo apt update && sudo apt upgrade, installed a couple of flatpaks and manually installed Citrix Workspace app for Linux 2508- Technology Preview. That was it.
Not related to your actual problem, but it looks like someone created a very broken citrix client install on your machine (it should never be installed as root into /, it is not designed that way and might overwrite system bits when you do it in / instead of /opt as designed …)
While this will indeed quieten the error at hand, you should really find out how you got there, did you run chown yourself or was it invoked by some script you ran … if so, what parameters were used for chown (has it been used recursively, were there special other parameters used that would affect directories further down the tree, etc …) …
The error you see might only be the tip of the iceberg and without doing some forensics you will not find out if there are other hidden insecurities …
Ouch! 
Never. I did install Citrix Workspace app for Linux 2508- Technology Preview from https://www.citrix.com/downloads/workspace-app/ using sudo apt install.
Any chance (ie command) to reset/restore to defaults without resorting to Timeshift?
Looking at your post (by the way, in future please format code and terminal output by placing three backticks (```) on the line before and again after the output), and at the other comments:
It might well be that the installation of Citrix was somehow incorrectly done. As @ogra says, it’s virtually impossible to say with any certainty. However, three of the files in root are warning signs (.ICAClient, .config, 1). They don’t belong there.
I suggest the following command to find all files that have incorrectly been set to the wrong ownership:
sudo find / -xdev '(' -path /home -o -path /tmp -o -path /var -o -path /media ')' -prune -o -user rick -printf '%u:%g %p\n'
This will list all files and directories in your file system, excluding certain directories, that belong to you.
I cannot be certain, but I believe that all files listed by that command should belong to root. Maybe post the results here for us to check before trying to correct it.
Ah, might be a packaging error on their side then, I have only worked with their tarballs in the past and they would not install anything in / if properly used (but put everything in /opt or into your homedir, depending how you installed it) …
As I said, not relevant for the actual problem, just an observation …
Unless you have a trace of all command actions since your machine was installed (bash history is unlimited, not set to a finite number of lines), for both root and your default login ID, you may never know how the change occured.
Stating the obvious, changes appear limited to:
While, on the surface, it seems that the items were changed from root:root to rick:rick, it might be interesting to specifically confirm that determination. To do that, you may wish to perform the following sequence of commands:
impactList=~root/alteredProps
find /usr \( ! -uid 0 \) \( ! -gid 0 \) | sort -r >"${impactList}.txt"
### To generate a report for later study and follow-up:
xargs -I '{}' stat --format "|%w|%z|%y|%a|%U|%G|%n|" '{}' <"${impactList}.txt" >"${impactList}_snapshot.txt"
### Only after you decided that you have no need to leave those files in their "tampered" state, or you removed the references which should remain untouched, proceed.
### You may wish to skip the -v in this one, unless you want to follow the proceedings
### Reset ownerships back to expected defaults for that set of files:
xargs -I '{}' chown -v root:root '{}' <"${impactList}.txt"
This topic was automatically closed after 30 days. New replies are no longer allowed.