LinuxQuestions.org
Visit Jeremy's Blog.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Distributions > Debian
User Name
Password
Debian This forum is for the discussion of Debian Linux.

Notices

Reply
 
Search this Thread
Old 11-27-2007, 12:42 PM   #1
GDX^
LQ Newbie
 
Registered: Aug 2005
Posts: 12

Rep: Reputation: 0
Reset permissions /


Hello guys,

I accidently executed a command in the wrong ssh-box, and this is bad. I executed the next command (as root, since I just have this server up):
chown -R halfleven:gameservers * (it was ment to be executed on the gameserverfiles wich I copied with the root-user to the home-directory)

I executed this on the root (/) of my harddisk, so it's messed up. Next I did a chown to root (due security issues), but this wasn't a perfect sollution (screen doesn't work anymore, lot's of my permissions are messed up, ...)

I only can access the server remotly, but I have a HP webpanel where I can enter the serverconsole (a virtual keyboard and monitor attached to the server).

Any sollutions for this problem? I hope it's possible to restore everything...

BTW, I'm working with Debian Etch (latest release)

Thanks a lot,
Wim MariŽn

//edit:
in mean time, I entered this command:
chmod -R a+rx bin/ opt/ sbin/ sys/ usr/ var/
chmod 777 /var
(the last command can be stupid; I know that; but it was my last sollution to get it work)

is it still secure enough? I will be the only person on the server (or maybe I'll give an account to a friend of me...)

Last edited by GDX^; 11-27-2007 at 01:14 PM. Reason: update
 
Old 11-27-2007, 02:18 PM   #2
forrestt
Senior Member
 
Registered: Mar 2004
Location: Cary, NC, USA
Distribution: Fedora, Kubuntu, RedHat, CentOS, SuSe
Posts: 1,288

Rep: Reputation: 99
Do you have access to another system running Debian Etch that you can get the correct permissions off of? If so, we can set you up with a small script to run on that system to collect the proper ownerships/permissions and store them in a file that you can then move to the corrupted system. The correct ownerships/permissions can then be extracted and applied to that system.

Let me know,

Forrest
 
Old 11-27-2007, 02:23 PM   #3
GDX^
LQ Newbie
 
Registered: Aug 2005
Posts: 12

Original Poster
Rep: Reputation: 0
Well I always can install a virtual machine on my desktop (My old pc near my is my home-server, but it's debian 3.1. I guess this is not good enough?).

I guess I will be able to do this with PHP, won't I? Or do you allready have this script (if not, I'll write it on my own and publish it for other stupid system administrators :-))
 
Old 11-27-2007, 03:21 PM   #4
forrestt
Senior Member
 
Registered: Mar 2004
Location: Cary, NC, USA
Distribution: Fedora, Kubuntu, RedHat, CentOS, SuSe
Posts: 1,288

Rep: Reputation: 99
Debian 3.1 would probably work ~95%. As far as the scripts go, I would use /bin/sh, but that is me.
 
Old 11-27-2007, 04:05 PM   #5
GDX^
LQ Newbie
 
Registered: Aug 2005
Posts: 12

Original Poster
Rep: Reputation: 0
Well, I created this little PHP script, which will work fine I guess.

However, the server is to important to mess up, so I will install a virtual server tomorrow (it's now 11PM, I'm back tomorrow @ 1PM or so)

Code:
<?php
if(is_file('/permissions))
	die('the file \'/permissions\' exists! Please remove/rename it!');

dir(); // execute the function

function dir ($dir='/')
{
	$cmd = shell_exec('ls -al '.$dir);
	$lines = explode("\n", $cmd);
	for ($i = 2; $i < (count($lines)-1); $i++) // start with position 2.  We don't need . and ..
	{
		$line = str_replace('  ', ' ', trim($lines[$i])); // delete whitespaces
		$p = explode("\n", $line);
		shell_exec('echo "chown -R '.$p[2].':'.$p[3].' '.$dir.$p[7].'" >> /permissions');
		if(substr($p[0], 0, 1) == 'd') //directory?
			dir($dir.$p[7].'/');
	}
}
Thanks for your advice, and it would be nice of someone takes a look at my script. It should create a file full with this syntax:
chown -R user:group /exact/path/to/file/or/dir
chown -R user:group /exact/path/to/file2/or/dir3
chown -R user:group /exact/path/to/file3/or/dir3


Wim MariŽn

Last edited by GDX^; 11-27-2007 at 04:24 PM.
 
Old 11-27-2007, 04:40 PM   #6
forrestt
Senior Member
 
Registered: Mar 2004
Location: Cary, NC, USA
Distribution: Fedora, Kubuntu, RedHat, CentOS, SuSe
Posts: 1,288

Rep: Reputation: 99
Not as good with PHP, but I can tell that you will need to output the filename with quotes around it (to handle special characters and spaces. Also, you want to avoid some top level directories (like proc and dev). The following script will make the chown changes for the server if run on a default layout (fix the list of GOODDIRs to match your system:

Code:
#!/bin/sh
cd /
cp /dev/null /tmp/fixit.sh
echo #\!/bin/sh > /tmp/fixit.sh
chmod 700 /tmp/fixit.sh

for GOODDIR in "bin" "etc" "lib" "opt" "root" "selinux" "sys" "usr" "boot" "home" "sbin" "srv" "var" ; do
    for FILE in `find $GOODDIR -name \*` ; do
        echo `ls -lad $FIlE | awk '{print "chown " $3 ":" $4}'` \'$FILE\' >> /tmp/fixit.sh
    done
done
HTH

Forrest

Last edited by forrestt; 11-28-2007 at 08:22 AM.
 
Old 11-27-2007, 06:20 PM   #7
forrestt
Senior Member
 
Registered: Mar 2004
Location: Cary, NC, USA
Distribution: Fedora, Kubuntu, RedHat, CentOS, SuSe
Posts: 1,288

Rep: Reputation: 99
I updated the script to take care of permissions. Any sticky bits will just give a warning as trying to figure out which permission it went with was a bit much (maybe a future version).

Code:
#!/bin/sh
cd /
cp /dev/null /tmp/fixit.sh
echo #\!/bin/sh > /tmp/fixit.sh
chmod 700 /tmp/fixit.sh

# Fix the below list to match your system
for GOODDIRS in "bin" "etc" "lib" "opt" "root" "selinux" "sys" "usr" "boot" "home" "sbin" "srv" "var" ; do
    for FILE in `find $GOODDIRS -name \*` ; do
        STICKY=""
        echo `ls -lad $FIlE | awk '{print "chown " $3 ":" $4}'` \'/$FILE\' >> /tmp/fixit.sh
        MODE=`ls -lad $FILE | awk '{print $1}'`
        BINMODE=`echo $MODE | sed s/-/0/g | sed s/\[rwx\]/1/g | sed s/.//`
        STICKY=`echo $BINMODE | grep [st]`
        if [ "$STICKY" = "" ] ; then
            MODE=`echo $BINMODE | awk '{print strtonum(substr($1,1,1))*4 + strtonum(substr($1,2,1))*2 + strtonum(substr($1,3,1)) strtonum(substr($1,4,1))*4 + strtonum(substr($1,5,1))*2 + strtonum(substr($1,6,1)) strtonum(substr($1,7,1))*4 + strtonum(substr($1,8,1))*2 + strtonum(substr($1,9,1))}'`
            echo chmod $MODE \'/$FILE\' >> /tmp/fixit.sh
        else
            echo "echo /$FILE has sticky bit set, manually change to $MODE" >> /tmp/fixit.sh
        fi
    done
done
HTH

Forrest

Last edited by forrestt; 11-28-2007 at 08:21 AM. Reason: Fixed erroneous line in script.
 
Old 11-27-2007, 06:51 PM   #8
Dutch Master
Senior Member
 
Registered: Dec 2005
Posts: 1,674

Rep: Reputation: 122Reputation: 122
In the GOODDIR line you have 2 empty strings (either side of "sys") in both your initial and revised script. Doesn't make sense to me, but I'm no acclaimed scriptwriter If these are correct, would you mind explaining what they are for?
 
Old 11-28-2007, 05:32 AM   #9
GDX^
LQ Newbie
 
Registered: Aug 2005
Posts: 12

Original Poster
Rep: Reputation: 0
awk: line 2: function strtonum never defined

Fixed by installing gawk.

(just a post for users who do the same stupid thing in the future and get the same error)
 
Old 11-28-2007, 08:23 AM   #10
forrestt
Senior Member
 
Registered: Mar 2004
Location: Cary, NC, USA
Distribution: Fedora, Kubuntu, RedHat, CentOS, SuSe
Posts: 1,288

Rep: Reputation: 99
Dutch Master, that was a typo on a line I never tested. I had a copy of that line with only "tmp" defined to test with. Good eye, they don't belong. I'll edit the script and leave this as proof that you weren't hallucinating about the errors.

Forrest
 
Old 11-28-2007, 08:46 AM   #11
jschiwal
Guru
 
Registered: Aug 2001
Location: Fargo, ND
Distribution: SuSE AMD64
Posts: 15,733

Rep: Reputation: 654Reputation: 654Reputation: 654Reputation: 654Reputation: 654Reputation: 654
Does the debian system have a verify option where you can compare ownerships & permissions of your system with the permissions stored in the package?

Or do you have a backup that can be listed including permissions?
such as "tar --list --verbose -f backup.tar"
 
  


Reply

Tags
permissions


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
reset default permissions for /etc tpariel Linux - General 1 08-17-2006 01:47 PM
permissions reset on reboot trempel Fedora 11 08-18-2005 02:24 AM
Reset permissions spaceballs Slackware 8 03-02-2005 02:45 PM
directory permissions keep getting reset Dcrusoe Mandriva 2 11-23-2004 10:04 PM
File permissions keep getting reset johnsmith1899 Linux - Networking 4 05-19-2003 11:02 AM


All times are GMT -5. The time now is 03:23 AM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration