Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Bug] OS file permissions break after upgrade from portal/UI #1987

Open
besmirzanaj opened this issue Sep 3, 2024 · 1 comment
Open

[Bug] OS file permissions break after upgrade from portal/UI #1987

besmirzanaj opened this issue Sep 3, 2024 · 1 comment
Labels
bug Something isn't working

Comments

@besmirzanaj
Copy link

Describe the bug

OS file permissions break after upgrade from portal/UI

A clear and concise description of what the bug is.
Whenever an upgrade is performed on the portal for a new CasaOS release, all the systems files, including /usr/, /, /opt, /, etc/, boot/ etc, are chowned by the user who installed casaos. This breaks the system functionalities and the user cannot sudo anymore

Steps to reproduce the behavior:

Scenario: OS: Debian12, User: <user_with_sudo>

Install casaos with <user_with_sudo>.

perform an upgrade from the GUI.

Try to login with <user_with_sudo> and sudo. you will be prompted with the following since all permissions are messed up.

$ sudo -i
sudo: /usr/bin/sudo must be owned by uid 0 and have the setuid bit set

files after upgrade

 ls -lah /
total 81K
drwxr-xr-x  20 <user_with_sudo>     <user_with_sudo>     4.0K Aug 30 05:07 .
drwxr-xr-x  20 <user_with_sudo>     <user_with_sudo>     4.0K Aug 30 05:07 ..
lrwxrwxrwx   1 <user_with_sudo>     <user_with_sudo>        7 Feb 26  2024 bin -> usr/bin
drwxr-xr-x   4 <user_with_sudo>     <user_with_sudo>     1.0K Aug 12 03:19 boot
drwxr-xr-x   7 <user_with_sudo> <user_with_sudo> 4.0K Feb 26  2024 DATA
drwxr-xr-x  18 root     root     3.3K Sep  3 14:12 dev
-rw-r--r--   1 <user_with_sudo> <user_with_sudo>    0 Aug 26 19:36 errors
drwxr-xr-x 106 <user_with_sudo>     <user_with_sudo>  12K Aug 30 01:34 etc
drwxr-xr-x   3 <user_with_sudo>     <user_with_sudo>     4.0K Feb 26  2024 home
drwxr-xr-x   2 <user_with_sudo> <user_with_sudo> 4.0K Aug 30 05:07 index
lrwxrwxrwx   1 root     root       30 Jul 19 14:46 initrd.img -> boot/initrd.img-6.1.0-23-amd64
lrwxrwxrwx   1 root     root       30 Jul 19 14:46 initrd.img.old -> boot/initrd.img-6.1.0-22-amd64
lrwxrwxrwx   1 <user_with_sudo>     <user_with_sudo>        7 Feb 26  2024 lib -> usr/lib
lrwxrwxrwx   1 <user_with_sudo>     <user_with_sudo>        9 Jul 25 16:31 lib32 -> usr/lib32
lrwxrwxrwx   1 <user_with_sudo>     <user_with_sudo>        9 Feb 26  2024 lib64 -> usr/lib64
drwx------   2 <user_with_sudo>     <user_with_sudo>      16K Feb 26  2024 lost+found
drwxr-xr-x   3 <user_with_sudo>     <user_with_sudo> 4.0K Aug 30 01:31 media
drwxr-xr-x   3 <user_with_sudo>     <user_with_sudo> 4.0K Jul 26 19:15 mnt
drwxr-xr-x   3 <user_with_sudo>     <user_with_sudo> 4.0K Feb 26  2024 opt
dr-xr-xr-x 210 root     root        0 Sep  3 14:12 proc
drwx------  16 root     root     4.0K Sep  3 14:15 root
drwxr-xr-x  26 root     root      780 Sep  3 14:53 run
lrwxrwxrwx   1 root     root        8 Feb 26  2024 sbin -> usr/sbin
drwxr-xr-x   2 <user_with_sudo>     <user_with_sudo> 4.0K Feb 26  2024 srv
dr-xr-xr-x  13 root     root        0 Sep  3 14:12 sys
drwxrwxrwt   5 root     root     4.0K Sep  3 14:55 tmp
drwxr-xr-x  13 <user_with_sudo>     <user_with_sudo> 4.0K Aug 30 01:34 usr
drwxr-xr-x  12 <user_with_sudo>     <user_with_sudo> 4.0K Aug 30 01:34 var

Expected behavior

Root file system and crucial paths should not be touched by casaos

System Time

Run timedatectl and share the output

$ timedatectl
               Local time: Tue 2024-09-03 14:58:00 UTC
           Universal time: Tue 2024-09-03 14:58:00 UTC
                 RTC time: Tue 2024-09-03 14:58:00
                Time zone: Etc/UTC (UTC, +0000)
System clock synchronized: yes
              NTP service: active
          RTC in local TZ: no

Logs

Run following command to collect corresponding logs:

sudo journalctl -xef -u casaos-gateway
sudo journalctl -xef -u casaos-user-service
sudo journalctl -xef -u casaos-local-storage
sudo journalctl -xef -u casaos-app-management
sudo journalctl -xef -u casaos.service

The sudo command cannot be run anymore. the permissions are broken:

<user_with_sudo>@casaos_hostname:~$ sudo journalctl -xef -u casaos-gateway
sudo: /usr/bin/sudo must be owned by uid 0 and have the setuid bit set
<user_with_sudo>@casaos_hostname:~$ sudo journalctl -xef -u casaos-user-service
sudo: /usr/bin/sudo must be owned by uid 0 and have the setuid bit set
<user_with_sudo>@casaos_hostname:~$ sudo journalctl -xef -u casaos-local-storage
sudo: /usr/bin/sudo must be owned by uid 0 and have the setuid bit set
<user_with_sudo>@casaos_hostname:~$ sudo journalctl -xef -u casaos-app-management
sudo: /usr/bin/sudo must be owned by uid 0 and have the setuid bit set
<user_with_sudo>@casaos_hostname:~$ sudo journalctl -xef -u casaos.service
sudo: /usr/bin/sudo must be owned by uid 0 and have the setuid bit set
@besmirzanaj besmirzanaj added the bug Something isn't working label Sep 3, 2024
@besmirzanaj
Copy link
Author

besmirzanaj commented Sep 3, 2024
edited
Loading

If someone is on the same boat, I did this to fix system permissions.

  1. First try to login on the server with root, either SSH or console.
  2. Then fix folder permissions with: for i in /opt/ /media/ /mnt/ /srv/ /usr/ /etc/ /var/ /boot/ / ; do echo $i; chown -R root $i; done
  3. Finally reinstall all installed packages to fix files permissions with aptitude reinstall '~i'

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug Something isn't working
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@besmirzanaj