I can't understand how any command but chown could change the ownership of a preexisting directory (/usr/bin) unless it was deleted and recreated. That didn't happen: the same files are still inside, even though their ownership has changed.
cp -PR /tmp/nodejs/* /usr
would do it, but only if run without sudo and if the user pi had permission to write to /usr, which doesn't make sense. It is almost as if sudo, when run after sudo ownership has been messed up, elevates the users permissions, but doesn't set the user to root, which also doesn't make sense.
If it were a call of chown
that did it then how are the folders that are not included in nodejs (games, local, sbin, src) left at root?
Also, how is it that node-red seems to have been installed as root in /usr/bin (post 58) but this is presumably after sudo has been compromised?
None of this makes any sense.
That looks harmless, and does install nodejs to /usr/sbin, so it does fit that aspect of the problem at least.
Could you test that please @henrik1 if possible?
sudo cp /home/pi/.node-red/settings.js /
which should show the error, then
ls -l /
and see if settings.js has been copied to /
pi@homeautomatic:~ $ sudo cp /home/pi/.node-red/settings.js /
sudo: /usr/bin/sudo must be owned by uid 0 and have the setuid bit set
pi@homeautomatic:~ $ ls -l /
total 60
lrwxrwxrwx 1 root root 7 Jan 11 2021 bin -> usr/bin
drwxr-xr-x 4 root root 4096 Jan 1 1970 boot
drwxr-xr-x 16 root root 3560 Oct 31 01:00 dev
drwxr-xr-x 81 root root 4096 Oct 31 15:10 etc
drwxr-xr-x 3 root root 4096 Jan 11 2021 home
lrwxrwxrwx 1 root root 7 Jan 11 2021 lib -> usr/lib
drwx------ 2 root root 16384 Jan 11 2021 lost+found
drwxr-xr-x 2 root root 4096 Jan 11 2021 media
drwxr-xr-x 2 root root 4096 Jan 11 2021 mnt
drwxr-xr-x 4 root root 4096 Oct 30 19:38 opt
dr-xr-xr-x 135 root root 0 Jan 1 1970 proc
drwx------ 6 root root 4096 Nov 2 20:59 root
drwxr-xr-x 25 root root 760 Nov 4 18:07 run
lrwxrwxrwx 1 root root 8 Jan 11 2021 sbin -> usr/sbin
drwxr-xr-x 3 root root 4096 Aug 11 2021 srv
dr-xr-xr-x 12 root root 0 Jan 1 1970 sys
drwxrwxrwt 10 root root 4096 Nov 4 14:51 tmp
drwxr-xr-x 10 root root 4096 Feb 6 2021 usr
drwxr-xr-x 11 root root 4096 Jan 11 2021 var
I can wait until next weekend to do the re-install, so you not need to be in a hurry for testing before I re-install.
So it didn't do the copy, which isn't surprising, but doesn't get us anywhere.
drwx------ 6 root root 4096 Nov 2 20:59 root
That is interesting, note the timestamp. I wonder what is in there. We can't see because you would need to use sudo to look there!
I presume you don't actually logon as root.
Since you are going to use a new SD card (I think you said that didn't you?) you can get back to the old one any time just by plugging it in and powering up.
I can't think of anything else to do.
This topic was automatically closed 60 days after the last reply. New replies are no longer allowed.