search

IceWhaleTech / CasaOS

CasaOS - A simple, easy-to-use, elegant open-source Personal Cloud system.
https://casaos.io
Apache License 2.0
26.17k stars 1.42k forks source link

[Bug] OS file permissions break after upgrade from portal/UI #1987

Open besmirzanaj opened 2 months ago

besmirzanaj commented 2 months ago

Describe the bug

OS file permissions break after upgrade from portal/UI

A clear and concise description of what the bug is. Whenever an upgrade is performed on the portal for a new CasaOS release, all the systems files, including /usr/, /, /opt, /, etc/, boot/ etc, are chowned by the user who installed casaos. This breaks the system functionalities and the user cannot sudo anymore

Steps to reproduce the behavior:

Scenario: OS: Debian12, User:

Install casaos with .

perform an upgrade from the GUI.

Try to login with and sudo. you will be prompted with the following since all permissions are messed up.

$ sudo -i
sudo: /usr/bin/sudo must be owned by uid 0 and have the setuid bit set

files after upgrade

 ls -lah /
total 81K
drwxr-xr-x  20 <user_with_sudo>     <user_with_sudo>     4.0K Aug 30 05:07 .
drwxr-xr-x  20 <user_with_sudo>     <user_with_sudo>     4.0K Aug 30 05:07 ..
lrwxrwxrwx   1 <user_with_sudo>     <user_with_sudo>        7 Feb 26  2024 bin -> usr/bin
drwxr-xr-x   4 <user_with_sudo>     <user_with_sudo>     1.0K Aug 12 03:19 boot
drwxr-xr-x   7 <user_with_sudo> <user_with_sudo> 4.0K Feb 26  2024 DATA
drwxr-xr-x  18 root     root     3.3K Sep  3 14:12 dev
-rw-r--r--   1 <user_with_sudo> <user_with_sudo>    0 Aug 26 19:36 errors
drwxr-xr-x 106 <user_with_sudo>     <user_with_sudo>  12K Aug 30 01:34 etc
drwxr-xr-x   3 <user_with_sudo>     <user_with_sudo>     4.0K Feb 26  2024 home
drwxr-xr-x   2 <user_with_sudo> <user_with_sudo> 4.0K Aug 30 05:07 index
lrwxrwxrwx   1 root     root       30 Jul 19 14:46 initrd.img -> boot/initrd.img-6.1.0-23-amd64
lrwxrwxrwx   1 root     root       30 Jul 19 14:46 initrd.img.old -> boot/initrd.img-6.1.0-22-amd64
lrwxrwxrwx   1 <user_with_sudo>     <user_with_sudo>        7 Feb 26  2024 lib -> usr/lib
lrwxrwxrwx   1 <user_with_sudo>     <user_with_sudo>        9 Jul 25 16:31 lib32 -> usr/lib32
lrwxrwxrwx   1 <user_with_sudo>     <user_with_sudo>        9 Feb 26  2024 lib64 -> usr/lib64
drwx------   2 <user_with_sudo>     <user_with_sudo>      16K Feb 26  2024 lost+found
drwxr-xr-x   3 <user_with_sudo>     <user_with_sudo> 4.0K Aug 30 01:31 media
drwxr-xr-x   3 <user_with_sudo>     <user_with_sudo> 4.0K Jul 26 19:15 mnt
drwxr-xr-x   3 <user_with_sudo>     <user_with_sudo> 4.0K Feb 26  2024 opt
dr-xr-xr-x 210 root     root        0 Sep  3 14:12 proc
drwx------  16 root     root     4.0K Sep  3 14:15 root
drwxr-xr-x  26 root     root      780 Sep  3 14:53 run
lrwxrwxrwx   1 root     root        8 Feb 26  2024 sbin -> usr/sbin
drwxr-xr-x   2 <user_with_sudo>     <user_with_sudo> 4.0K Feb 26  2024 srv
dr-xr-xr-x  13 root     root        0 Sep  3 14:12 sys
drwxrwxrwt   5 root     root     4.0K Sep  3 14:55 tmp
drwxr-xr-x  13 <user_with_sudo>     <user_with_sudo> 4.0K Aug 30 01:34 usr
drwxr-xr-x  12 <user_with_sudo>     <user_with_sudo> 4.0K Aug 30 01:34 var

Expected behavior

Root file system and crucial paths should not be touched by casaos

System Time

Run timedatectl and share the output

$ timedatectl
               Local time: Tue 2024-09-03 14:58:00 UTC
           Universal time: Tue 2024-09-03 14:58:00 UTC
                 RTC time: Tue 2024-09-03 14:58:00
                Time zone: Etc/UTC (UTC, +0000)
System clock synchronized: yes
              NTP service: active
          RTC in local TZ: no

Logs

Run following command to collect corresponding logs:

sudo journalctl -xef -u casaos-gateway
sudo journalctl -xef -u casaos-user-service
sudo journalctl -xef -u casaos-local-storage
sudo journalctl -xef -u casaos-app-management
sudo journalctl -xef -u casaos.service

The sudo command cannot be run anymore. the permissions are broken:

<user_with_sudo>@casaos_hostname:~$ sudo journalctl -xef -u casaos-gateway
sudo: /usr/bin/sudo must be owned by uid 0 and have the setuid bit set
<user_with_sudo>@casaos_hostname:~$ sudo journalctl -xef -u casaos-user-service
sudo: /usr/bin/sudo must be owned by uid 0 and have the setuid bit set
<user_with_sudo>@casaos_hostname:~$ sudo journalctl -xef -u casaos-local-storage
sudo: /usr/bin/sudo must be owned by uid 0 and have the setuid bit set
<user_with_sudo>@casaos_hostname:~$ sudo journalctl -xef -u casaos-app-management
sudo: /usr/bin/sudo must be owned by uid 0 and have the setuid bit set
<user_with_sudo>@casaos_hostname:~$ sudo journalctl -xef -u casaos.service
sudo: /usr/bin/sudo must be owned by uid 0 and have the setuid bit set
besmirzanaj commented 2 months ago

If someone is on the same boat, I did this to fix system permissions.

  1. First try to login on the server with root, either SSH or console.
  2. Then fix folder permissions with: for i in /opt/ /media/ /mnt/ /srv/ /usr/ /etc/ /var/ /boot/ / ; do echo $i; chown -R root $i; done
  3. Finally reinstall all installed packages to fix files permissions with aptitude reinstall '~i'