- Platform information:
- Hardware: RPi4
- OS: Raspbian GNU/Linux 12 (bookworm)
- Java Runtime Environment: openjdk 17.0.13 2024-10-15
- openHAB version: 4.2.2
- Issue of the topic: After updating zigbee2mqtt and frontail, all files inside
/bin
and/usr/bin
are now owned byfrontail
- alsosudo
, so canät figure out way to fix this. Appreciate any tips?
UPDATE: Duplicate of this: Sudo not working any more - #2 by rlkoshak
Snippet of /bin
-rwxr-xr-x 1 frontail frontail 1984 Apr 10 2022 zcat
-rwxr-xr-x 1 frontail frontail 1678 Apr 10 2022 zcmp
-rwxr-xr-x 1 frontail frontail 6460 Apr 10 2022 zdiff
-rwxr-xr-x 1 frontail frontail 18020 Nov 6 14:48 zdump
-rwxr-xr-x 1 frontail frontail 29 Apr 10 2022 zegrep
-rwxr-xr-x 1 frontail frontail 29 Apr 10 2022 zfgrep
-rwxr-xr-x 1 frontail frontail 2081 Apr 10 2022 zforce
-rwxr-xr-x 1 frontail frontail 8103 Apr 10 2022 zgrep
-rwxr-xr-x 1 frontail frontail 173100 Feb 19 2023 zip
-rwxr-xr-x 1 frontail frontail 72392 Feb 19 2023 zipcloak
-rwxr-xr-x 1 frontail frontail 70193 Nov 25 2023 zipdetails
-rwxr-xr-x 1 frontail frontail 2959 Feb 19 2023 zipgrep
-rwxr-xr-x 2 frontail frontail 145368 Feb 19 2023 zipinfo
-rwxr-xr-x 1 frontail frontail 68112 Feb 19 2023 zipnote
-rwxr-xr-x 1 frontail frontail 72216 Feb 19 2023 zipsplit
-rwxr-xr-x 1 frontail frontail 2206 Apr 10 2022 zless
-rwxr-xr-x 1 frontail frontail 1842 Apr 10 2022 zmore
-rwxr-xr-x 1 frontail frontail 4577 Apr 10 2022 znew
openhabi-config log, at first you can see sudo
has worked, but not anymore after update.
openhabian@openhab:/usr/local/bin $ sudo openhabian-config
2024-11-20_23:00:54_EET [openHABian] Checking for root privileges... OK
2024-11-20_23:00:54_EET [openHABian] Making sure router advertisements are available...
$ sysctl --load
net.ipv6.conf.all.accept_ra = 1
net.ipv6.conf.all.accept_ra_rt_info_max_plen = 64
OK
2024-11-20_23:00:54_EET [openHABian] Loading configuration file '/etc/openhabian.conf'... OK
2024-11-20_23:00:54_EET [openHABian] openHABian configuration tool version: [openHAB]{2024-10-25T10:35:12-06:00}(7d97bd8)
2024-11-20_23:00:54_EET [openHABian] Checking for changes in origin branch openHAB... OK
2024-11-20_23:00:55_EET [openHABian] Switching to branch openHAB... OK
2024-11-20_23:00:55_EET [openHABian] Checking openHAB Signing Key expiry.
2024-11-20_23:00:55_EET [openHABian] Checking expiry date of apt keys... OK
2024-11-20_23:00:59_EET [openHABian] Updating Linux package information... OK
2024-11-20_23:01:02_EET [openHABian] Updating Zigbee2MQTT...
$ cd /opt/zigbee2mqtt
$ systemctl stop zigbee2mqtt
$ sudo -u openhabian cp -R data data-backup
$ sudo -u openhabian git pull
Already up to date.
$ sudo -u openhabian npm ci
npm WARN deprecated inflight@1.0.6: This module is not supported, and leaks memory. Do not use it. Check out lru-cache if you want a good and tested way to coalesce async requests by a key value, which is much more comprehensive and powerful.
npm WARN deprecated glob@7.2.3: Glob versions prior to v9 are no longer supported
added 649 packages, and audited 650 packages in 49s
90 packages are looking for funding
run `npm fund` for details
2 vulnerabilities (1 low, 1 high)
To address all issues, run:
npm audit fix
Run `npm audit` for details.
$ sudo -u openhabian cp -R data-backup/configuration.example.yaml data-backup/configuration.yaml data-backup/database.db data-backup/state.json data
$ rm -rf /opt/zigbee2mqtt/data-backup
$ cd /opt
$ systemctl start zigbee2mqtt
OK
2024-11-20_23:02:03_EET [openHABian] Updating Linux package information... OK
2024-11-20_23:02:03_EET [openHABian] Installing Frontail prerequsites (NodeJS)...
$ nodejs_setup
2024-11-20_23:02:03_EET [openHABian] Adding required keys to apt... OK
2024-11-20_23:02:03_EET [openHABian] Adding NodeSource repository to apt...
$ apt-get update
Hit:1 http://deb.debian.org/debian bookworm-updates InRelease
Hit:2 http://security.debian.org/debian-security bookworm-security InRelease
Hit:3 http://archive.raspberrypi.org/debian bookworm InRelease
Hit:4 http://raspbian.raspberrypi.org/raspbian bookworm InRelease
Get:5 https://deb.nodesource.com/node_18.x bookworm InRelease [4,586 B]
Hit:6 https://openhab.jfrog.io/artifactory/openhab-linuxpkg stable InRelease
Get:7 https://deb.nodesource.com/node_18.x bookworm/main armhf Packages [787 B]
Fetched 5,373 B in 2s (2,152 B/s)
Reading package lists... Done
W: http://deb.debian.org/debian/dists/bookworm-updates/InRelease: Key is stored in legacy trusted.gpg keyring (/etc/apt/trusted.gpg), see the DEPRECATION section in apt-key(8) for details.
W: http://security.debian.org/debian-security/dists/bookworm-security/InRelease: Key is stored in legacy trusted.gpg keyring (/etc/apt/trusted.gpg), see the DEPRECATION section in apt-key(8) for details.
W: http://archive.raspberrypi.org/debian/dists/bookworm/InRelease: Key is stored in legacy trusted.gpg keyring (/etc/apt/trusted.gpg), see the DEPRECATION section in apt-key(8) for details.
W: http://raspbian.raspberrypi.org/raspbian/dists/bookworm/InRelease: Key is stored in legacy trusted.gpg keyring (/etc/apt/trusted.gpg), see the DEPRECATION section in apt-key(8) for details.
OK
2024-11-20_23:02:10_EET [openHABian] Installing NodeJS...
$ apt-get install --yes -o DPkg::Lock::Timeout= nodejs
Reading package lists... Done
Building dependency tree... Done
Reading state information... Done
nodejs is already the newest version (20.18.1-1nodesource1).
The following packages were automatically installed and are no longer required:
libc-ares2 node-busboy node-cjs-module-lexer node-undici node-xtend
Use 'sudo apt autoremove' to remove them.
0 upgraded, 0 newly installed, 0 to remove and 0 not upgraded.
OK
FAILED. Provide packageName.
OK
2024-11-20_23:02:14_EET [openHABian] Installing openHAB Log Viewer (frontail)... Removing any old installations...
$ npm uninstall -g frontail
removed 153 packages, and audited 1 package in 1s
found 0 vulnerabilities
$ frontail_download /opt
2024-11-20_23:02:17_EET [openHABian] Downloading frontail...
Update...
$ update_git_repo /opt/frontail master
2024-11-20_23:02:17_EET [openHABian] Updating frontail, master branch from git...
$ git -C /opt/frontail fetch origin
$ git -C /opt/frontail fetch --tags --force --prune
$ git -C /opt/frontail reset --hard origin/master
HEAD is now at 7ff8dc5 Merge pull request #2 from Gifford47/patch-1
$ git -C /opt/frontail clean --force -x -d
Removing node_modules/
$ git -C /opt/frontail checkout master
Already on 'master'
Your branch is up to date with 'origin/master'.
$ git -C /opt/frontail submodule update --init --recursive
OK
OK
$ npm audit fix --omit=dev
npm WARN old lockfile
npm WARN old lockfile The package-lock.json file was created with an old version of npm,
npm WARN old lockfile so supplemental metadata must be fetched from the registry.
npm WARN old lockfile
npm WARN old lockfile This is a one-time fix-up, please be patient...
npm WARN old lockfile
npm WARN deprecated har-validator@5.1.5: this library is no longer supported
npm WARN deprecated uuid@3.3.2: Please upgrade to version 7 or higher. Older versions may use Math.random() in certain circumstances, which is known to be problematic. See https://v8.dev/blog/math-random for details.
npm WARN deprecated request@2.88.2: request has been deprecated, see https://github.com/request/request/issues/3142
added 139 packages, and audited 140 packages in 16s
1 package is looking for funding
run `npm fund` for details
# npm audit report
basic-auth-connect 1.0.0
Severity: high
basic-auth-connect's callback uses time unsafe string comparison - https://github.com/advisories/GHSA-7p89-p6hx-q4fw
fix available via `npm audit fix --force`
Will install basic-auth-connect@1.1.0, which is outside the stated dependency range
node_modules/basic-auth-connect
cookie <0.7.0
cookie accepts cookie name, path, and domain with out of bounds characters - https://github.com/advisories/GHSA-pxg6-pf52-xh8x
fix available via `npm audit fix --force`
Will install cookie@1.0.2, which is a breaking change
node_modules/cookie
node_modules/cookie-parser/node_modules/cookie
node_modules/engine.io/node_modules/cookie
node_modules/express-session/node_modules/cookie
cookie-parser 1.0.1 - 1.4.6
Depends on vulnerable versions of cookie
node_modules/cookie-parser
engine.io 0.7.8 - 0.7.9 || 1.8.0 - 6.6.1
Depends on vulnerable versions of cookie
Depends on vulnerable versions of ws
node_modules/engine.io
socket.io 3.0.0-rc1 - 4.6.1
Depends on vulnerable versions of engine.io
node_modules/socket.io
express-session 1.0.1 - 1.18.0
Depends on vulnerable versions of cookie
node_modules/express-session
request *
Severity: moderate
Server-Side Request Forgery in Request - https://github.com/advisories/GHSA-p8p7-x288-28g6
Depends on vulnerable versions of tough-cookie
fix available via `npm audit fix --force`
Will install universal-analytics@0.5.3, which is a breaking change
node_modules/request
universal-analytics <=0.4.23
Depends on vulnerable versions of request
node_modules/universal-analytics
send <0.19.0
send vulnerable to template injection that can lead to XSS - https://github.com/advisories/GHSA-m6fv-jmcg-4jfg
fix available via `npm audit fix --force`
Will install serve-static@1.16.2, which is outside the stated dependency range
node_modules/send
serve-static <=1.16.0
Depends on vulnerable versions of send
node_modules/serve-static
socket.io-parser 4.0.4 - 4.2.2
Severity: moderate
Insufficient validation when decoding a Socket.IO packet - https://github.com/advisories/GHSA-cqmj-92xf-r6r9
fix available via `npm audit fix`
node_modules/socket.io-parser
tough-cookie <4.1.3
Severity: moderate
tough-cookie Prototype Pollution vulnerability - https://github.com/advisories/GHSA-72xf-g2v4-qvf3
fix available via `npm audit fix --force`
Will install universal-analytics@0.5.3, which is a breaking change
node_modules/tough-cookie
ws 7.0.0 - 7.5.9
Severity: high
ws affected by a DoS when handling a request with many HTTP headers - https://github.com/advisories/GHSA-3h5v-q93c-6h6q
fix available via `npm audit fix --force`
Will install socket.io@4.8.1, which is a breaking change
node_modules/ws
13 vulnerabilities (5 low, 5 moderate, 3 high)
To address issues that do not require attention, run:
npm audit fix
To address all issues (including breaking changes), run:
npm audit fix --force
$ npm update --audit=false --omit=dev
added 13 packages, removed 16 packages, and changed 81 packages in 13s
2 packages are looking for funding
run `npm fund` for details
$ npm install --global --audit=false --omit=dev
added 1 package in 826ms
OK
2024-11-20_23:02:52_EET [openHABian] Setting up openHAB Log Viewer (frontail) service...
$ chmod 644 /etc/systemd/system/frontail.service
$ systemctl -q daemon-reload
$ systemctl enable --now frontail.service
$ systemctl restart frontail.service
OK
2024-11-20_23:02:57_EET [openHABian] Adding an openHAB dashboard tile for 'frontail'... Replacing...
$ sed -i -e /^frontail-link-*$/d /etc/openhab/services/runtime.cfg
OK
2024-11-20_23:03:07_EET [openHABian] Checking for default openHABian username:password combination... OK
2024-11-20_23:03:07_EET [openHABian] We hope you got what you came for! See you again soon ;)
openhabian@openhab:/usr/local/bin $ sudo nano /etc/apt/sources.list
sudo: /usr/bin/sudo must be owned by uid 0 and have the setuid bit set