Hi! I am trying to upgrade my server, but permission hardener failed. Here is the error message:
permission-hardener: [ERROR]: File has unexpected hardlinks, cannot handle.
File name: '/etc/group'
File name from stat: '/etc/group'
line: '/usr/sbin/ nosuid'
/var/lib/dpkg/info/security-misc.postinst: ERROR: Permission hardening failed.
What should I do?
Something uncommon about your file /etc/group.
For debugging:
ls -la /etc/group
And.
realpath /etc/group
And.
chmod-calc /etc/group
Ideally, compare that to system without that issue.
The result of the server with problem:
# chmod-calc /etc/group
Permissions for: '/etc/group'
Type: Hardlink
Owner: root
Group: root
Octal Permissions: 644
File Size: 815 bytes
Link Count: 2
Hidden File: No
ACLs: none
Extended Attributes: none
Capabilities: None
Immutable (chattr +i): No
Symlink: No
Parent Folder Symlink: No
Category Read Write Execute
Owner Yes Yes No
Group Yes No No
Public Yes No No
Special Attributes:
SUID: Not Set
SGID: Not Set
Sticky Bit: Not Set
After I did:
# cp -ra /etc/group ~ && rm -rf /etc/group && cp -ra ~/group /etc/group
The `chmod-calc` output between the problematic server and normal server are the same:
# chmod-calc /etc/group
Permissions for: '/etc/group'
Type: Regular File
Owner: root
Group: root
Octal Permissions: 644
File Size: 815 bytes
Link Count: 1
Hidden File: No
ACLs: none
Extended Attributes: none
Capabilities: None
Immutable (chattr +i): No
Symlink: No
Parent Folder Symlink: No
Category Read Write Execute
Owner Yes Yes No
Group Yes No No
Public Yes No No
Special Attributes:
SUID: Not Set
SGID: Not Set
Sticky Bit: Not Set
But after I install a random package with apt, the old issue pops up and /etc/group become a hardlink again.
What’s the realpath?
/etc/group normally isn’t a hard link. And without knowing the realpath, I have no idea how to investigate what’s causing that.
# realpath /etc/group
/etc/group