Suspicious behaviour: Script requesting root password on login to X11 on Ubuntu with Dropbox installed

 

Dropbox Executing Suspicious Root Script in /tmp

After a recent system update, I began seeing a sudo prompt at login asking for permission to run a mysterious shell script from /tmp. The prompt looked like this:



Screenshot from 2025-07-23 06-05-39.png

It referred to a temporary file, /tmp/tmp8peqse64, which no longer existed by the time I checked. I managed to capture the content of a similar script later:

#!/bin/bash
chown -h -R 1000 "/home/john/Dropbox"
chmod -R u+rwX "/home/john/Dropbox"

This script forcibly resets ownership and permissions on the Dropbox folder. It executes with root privileges and deletes itself after running — a classic signature of a transient payload.

Journal Evidence

I captured journal output showing the script was run immediately after Dropbox launched:



IMG_3B4C8212-2B88-40BC-9C19-4E0E569DB0E1.jpeg

Community Reports

Searching online, I found other users reporting the same issue. For example, this Ask Ubuntu thread describes Dropbox creating a sudo prompt at login to fix sync issues by chmodding the Dropbox folder.

Conclusion

While this behaviour appears to be Dropbox's internal "repair" mechanism, it is deeply flawed. It:

  • Creates and runs a temporary root shell script
  • Self-deletes to hide its presence
  • Modifies folder ownership and permissions recursively

This is dangerous behaviour for any background service — even more so for one that syncs sensitive files to the cloud.

Recommendations

  • Manually fix Dropbox folder permissions:
    sudo chown -R $USER:$USER ~/Dropbox
chmod -R u+rwX ~/Dropbox
  • Consider reinstalling Dropbox to remove custom or damaged launchers
  • Log and inspect all /tmp scripts created at login

Until Dropbox corrects this design flaw, be cautious with any unexpected root prompts — even if they look routine.

Popular posts from this blog

Automatically Fix Song Metadata and Filenames on Linux with Beets

 🎵 Automatically Fix Song Metadata and Filenames on Linux with Beets Tired of sorting through unknown MP3s with cryptic filenames like Track01.mp3? Sick of missing album info, incorrect genres, and zero cover art? Here's a clean way to batch-fix your music collection with open source tools — no manual editing required. ✅ What You’ll Use beets — the core tool that organizes, renames, and tags your music by matching against the MusicBrainz database. libchromaprint-tools — provides fpcalc, which generates audio fingerprints to identify unlabeled tracks. ffmpeg (optional) — used by beets for transcoding or embedded cover art processing. 🔧 Installation sudo apt update sudo apt install beets libchromaprint-tools ffmpeg 🚀 One Command to Organize It All beet import /path/to/your/music/ Beets will: Fingerprint each file Query MusicBrainz for metadata Rename files (e.g., Artist - Title.mp3) Write correct ID3/metadata tag Optionally move files into organized folders 📁 Example Output Your ...
Read more

throttle traffic on apache

sudo apt install apache2-utils sudo apt install libapache2-mod-evasive vi /etc/apache2/mods-enabled/evasive.conf service apache restart edit it and set values as per below or whatever else you like, the time quantities are seconds     DOSSiteInterval     1     DOSBlockingPeriod   10     #DOSLogDir           "/var/lock/mod_evasive"
Read more

Enable Anydesk on Linux

 By default, Anydesk doesn't work on Ubuntu as it uses a different display server than what is expected by Anydesk (it expects the traditional X11 rather than Wayland). Dump this into a file, say, "fix_anydesk.sh", and then run it with sudo bash fix_anydesk.sh The script: #!/bin/bash # Check if the user has root privileges if [[ $EUID -ne 0 ]]; then    echo "This script must be run as root"     exit 1 fi # Backup the GDM configuration file GDM_CONFIG="/etc/gdm3/custom.conf" if [[ -f "$GDM_CONFIG" ]]; then     cp "$GDM_CONFIG" "$GDM_CONFIG.bak"     echo "Backup of custom.conf created." else     echo "GDM configuration file not found."     exit 1 fi # Disable Wayland by uncommenting and setting the 'WaylandEnable' option to false sed -i 's/#WaylandEnable=false/WaylandEnable=false/' "$GDM_CONFIG" # Inform the user echo "Wayland has been disabled. The system will use X11 inste...
Read more