Understanding the “Download is performed unsandboxed as root” APT Error in Ubuntu

Is it relatively common to run into the Download is performed unsandboxed as root error when using the APT package manager on Ubuntu Linux, as many users have reported seeing it from time to time. It is important to know that this message is only a warning, and APT can usually proceed with its task of installing or upgrading packages upon request. Still, many users are wondering why this message appears at all, and if there is a simple fix that can be implemented to remedy the warning.

In this tutorial, we will explain this error message and uncover the root cause of it. Then, we will go over a solution that can be used to prevent it from popping up in the future.

In this tutorial you will learn:

  • What is the meaning of the Download is performed unsandboxed as root error message on Ubuntu?
  • How to grant proper permissions to _apt user for remedying the error message
Understanding the "Download is performed unsandboxed as root" APT Error in Ubuntu
Understanding the “Download is performed unsandboxed as root” APT Error in Ubuntu
Software Requirements and Linux Command Line Conventions
Category Requirements, Conventions or Software Version Used
System Ubuntu Linux
Software apt package manager
Other Privileged access to your Linux system as root or via the sudo command.
Conventions # – requires given linux commands to be executed with root privileges either directly as a root user or by use of sudo command
$ – requires given linux commands to be executed as a regular non-privileged user

Understanding the “Download is performed unsandboxed as root” APT Error in Ubuntu




Users encounter this error message when using the command line APT package manager to install new software or upgrade existing system packages. It looks like this:

W: Download is performed unsandboxed as root as file '/var/cache/apt/archives/partial/package_name.deb' couldn't be accessed by user '_apt'. - pkgAcquire::Run (13: Permission denied)

Let’s break down what this error message is trying to tell users. First of all, the W: at the beginning is short for warning, meaning that this is a non fatal error and the APT package manager did not fail to complete its task (install or upgrade a package, etc).

NOTE
With knowing that the error message is only a warning, and does not indicate any failure with package installation, it is actually perfectly safe to ignore the message altogether, but we will continue to dig a further into the meaning of this message.

The warning is then saying that the /var/cache/apt/archives/partial/package_name.deb file was not able to be accessed by user _apt, and was therefore downloaded by the system’s root user account, in an unsandboxed (less secure) manner. This is not a cause for major concern, but not exactly an ideal scenario.

The _apt account is meant as a system only account that is used by the APT package manager to download files. It saves files to the /var/cache/apt/archives/partial directory, and therefore needs permissions on this directory to do its job. This warning message is telling us that the account did not have the proper permissions and the APT package manager instead resorted to using the root account to complete its download.

How to Fix the Error




Start by checking the /var/cache/apt/archives/partial/ directory to make sure it has the proper file permissions. The directory should be owned by the _apt user, which should be given read, write, and execute permissions.

$ ls -l /var/cache/apt/archives/partial/
Checking the permissions for the APT download directory in Ubuntu
Checking the permissions for the APT download directory in Ubuntu

In the screenshot above, our Ubuntu system is configured with the correct directory permissions to avoid the APT warning message.

To prevent the warning message from showing up in the future, use the chmod command to configure the appropriate permissions on the directory, as well as all of its contents (which should be .deb installation files):

$ sudo chown -R _apt:root /var/cache/apt/archives/partial/
$ sudo chmod -R 700 /var/cache/apt/archives/partial/

Closing Thoughts




In this tutorial, we went over the meaning behind the Download is performed unsandboxed as root APT error on an Ubuntu Linux system. With this only being a warning message, it is not a big concern. However, it is ideal for security to make sure that the _apt system account has the appropriate permissions on the software download directory, so that APT transactions can be performed smoothly and without additional security warnings.