LinuxQuestions.org
Register a domain and help support LQ
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - General
User Name
Password
Linux - General This Linux forum is for general Linux questions and discussion.
If it is Linux Related and doesn't seem to fit in any other forum then this is the place.

Notices

Reply
 
Search this Thread
Old 12-02-2003, 04:23 PM   #1
takisd
Member
 
Registered: Dec 2003
Posts: 39

Rep: Reputation: 15
box lockout after chmod 700


Hi

in my infinite wisdom and linux experience, i attempted to restrict users seeing other users directories within the /home structure by executing chmod -R 700 home.

the result is now that no user other than root can log into the system, my email server is down, web server is down, database is non-responsive and who knows what else has dumped. either way, i'm in big trouble.

the only suggestion i have received was to start fresh with a new install, losing whatever i had (painfully i might add) set up before.

is there any other way to recover from this?

any suggestions would be greatly appreciated.

thanks.

Takis
 
Old 12-02-2003, 04:36 PM   #2
Tinkster
Moderator
 
Registered: Apr 2002
Location: in a fallen world
Distribution: slackware by choice, others too :} ... android.
Posts: 22,974
Blog Entries: 11

Rep: Reputation: 879Reputation: 879Reputation: 879Reputation: 879Reputation: 879Reputation: 879Reputation: 879
Shoot the person who suggested the re-install ... :)

This is unix, you can do everything.

chmod 755 /home
And for the individual users, do the following
cd /home
ls -1 | xargs chmod -R 700

That should do the trick :}


Cheers,
Tink
 
Old 12-02-2003, 04:55 PM   #3
takisd
Member
 
Registered: Dec 2003
Posts: 39

Original Poster
Rep: Reputation: 15
ok

i'm logged in as root.

i've done the chmod 755 to the home directory.

i then went into the home directory and ran:
ls -1 | xargs chmod -R 700

it paused for a moment then returned.

i still can't log in as any other user.

i suspect perhaps i've done something wrong with what you suggested.
should i be running the above on each individual user directory? although i think that the above did run it on all directories.

either way, still no good. i don't understand how the web server dumped. there are no pages served from user's home directories. also the database user for pgsql has no home directory, yet that user too has lost login ability. home must have some hidden bits???

anyway... anything would be appreciated.

thanks

Takis
 
Old 12-02-2003, 05:01 PM   #4
Tinkster
Moderator
 
Registered: Apr 2002
Location: in a fallen world
Distribution: slackware by choice, others too :} ... android.
Posts: 22,974
Blog Entries: 11

Rep: Reputation: 879Reputation: 879Reputation: 879Reputation: 879Reputation: 879Reputation: 879Reputation: 879
Ummm ...

post the output of
ls -ld /home
and
ls -l /home
, please



Cheers,
Tink
 
Old 12-02-2003, 05:09 PM   #5
takisd
Member
 
Registered: Dec 2003
Posts: 39

Original Poster
Rep: Reputation: 15
ok

ls -ld /home
drwxr-xr-x 14 root root 4096 Dec 2 10:29 /home

ls -l /home
drwx------ 4 admin admin 4096 Feb 24 2003 admin
drwx------ 3 courier courier 4096 Mar 10 2003 courier
drwx------ 5 isecard isecards 4096 Jul 24 03:26 isecard
drwx------ 2 jay isecards 4096 Jul 24 03:22 jay
drwx------ 3 larosa hbclient 4096 May 18 2003 larosa
drwx------ 3 markg hibrow 4096 Feb 5 2003 markg
drwx------ 3 michielm hibrow 4096 Feb 5 2003 michielm
drwx------ 2 peteb hibrow 4096 Aug 15 04:21 peteb
drwx------ 3 popuser popuser 4096 Apr 28 2003 popuser
drwx------ 3 steveb hibrow 4096 Feb 5 2003 steveb
drwx------ 4 takisd takisd 4096 Dec 2 12:13 takisd
drwx------ 2 takisd2 takisd 4096 Dec 2 10:29 takisd2

the last account, takisd2 was one i created to see if adding a new user would work for that user... unfortunately no.

thanks

Takis
 
Old 12-02-2003, 05:31 PM   #6
Tinkster
Moderator
 
Registered: Apr 2002
Location: in a fallen world
Distribution: slackware by choice, others too :} ... android.
Posts: 22,974
Blog Entries: 11

Rep: Reputation: 879Reputation: 879Reputation: 879Reputation: 879Reputation: 879Reputation: 879Reputation: 879
Looks good to me ... what else did you change,
what's the error message you get? Try to log in
from a full-screen terminal ... or as root, do a
su - takisd and see what error message you get.



Cheers,
Tink
 
Old 12-02-2003, 05:35 PM   #7
takisd
Member
 
Registered: Dec 2003
Posts: 39

Original Poster
Rep: Reputation: 15
i've been trying that all night to no avail.

su takisd or any user gives me
could not open session

if i use a system type user say apache or my qmail users i get the same thing.

accessing mail still won't work, and the web sites are dead. initially i got 403 for the sites and then i restarted apache and now all i get is 404 not found. pinging the sites still works, so dns is ok. just everything on the machine is dumped.

even tomcat which started as root won't work though ps -ef will show those pocesses running.

thanks again... anything would be great

Takis
 
Old 12-02-2003, 05:41 PM   #8
Tinkster
Moderator
 
Registered: Apr 2002
Location: in a fallen world
Distribution: slackware by choice, others too :} ... android.
Posts: 22,974
Blog Entries: 11

Rep: Reputation: 879Reputation: 879Reputation: 879Reputation: 879Reputation: 879Reputation: 879Reputation: 879
Please, do a
su - takisd
and copy and paste the output.

And again, what else (besides the permissions)
did you change?



Cheers,
Tink
 
Old 12-02-2003, 05:45 PM   #9
takisd
Member
 
Registered: Dec 2003
Posts: 39

Original Poster
Rep: Reputation: 15
ok heres the su output


[root@plain /]# su takisd
could not open session

i get the above for all users.

i didn't touch anything else - nothing at all.

what i did was: chmod -R 700 /home

thats it. after that all dumped, from mail, to ftp (gives no access obviously), web (apache and tomcat) and so forth.

i don't understand. ok, big stuff up on my part but unrecoverable!!??

thanks heaps for your help... i'll take anything.

Takis
 
Old 12-02-2003, 06:05 PM   #10
Tinkster
Moderator
 
Registered: Apr 2002
Location: in a fallen world
Distribution: slackware by choice, others too :} ... android.
Posts: 22,974
Blog Entries: 11

Rep: Reputation: 879Reputation: 879Reputation: 879Reputation: 879Reputation: 879Reputation: 879Reputation: 879
Does
su takisd
and
su - takisd
make a difference in your distro?


Also, what's the
ls -l /home/takis
look like?


Cheers,
Tink
 
Old 12-02-2003, 06:09 PM   #11
takisd
Member
 
Registered: Dec 2003
Posts: 39

Original Poster
Rep: Reputation: 15
the results of those commands is below:


[root@plain /]# su takisd
could not open session

[root@plain /]# su - takisd
su: warning: cannot change directory to /home/takisd: Permission denied
could not open session

[root@plain /]# ls -l /home/takisd
total 8
drwx------ 8 takisd takisd 4096 Mar 10 2003 Maildir
drwx------ 7 root root 4096 Jul 28 11:01 temp


i'm running redhat 7.2... sorry should have mentioned that earlier

thanks

Takis
 
Old 12-02-2003, 06:15 PM   #12
Tinkster
Moderator
 
Registered: Apr 2002
Location: in a fallen world
Distribution: slackware by choice, others too :} ... android.
Posts: 22,974
Blog Entries: 11

Rep: Reputation: 879Reputation: 879Reputation: 879Reputation: 879Reputation: 879Reputation: 879Reputation: 879
What about a
chown -R takisd:takisd /home/takisd
?
 
Old 12-02-2003, 06:17 PM   #13
takisd
Member
 
Registered: Dec 2003
Posts: 39

Original Poster
Rep: Reputation: 15
same deal...

[root@plain /]# chown -R takisd:takisd /home/takisd
[root@plain /]# su takisd
could not open session

its as if something has become horribly corrupted.

i'm really pulling my hair out, i'm hosting a couple of small sites and email accounts. i think they want my blood....

anything.....


thanks

Takis
 
Old 12-02-2003, 06:22 PM   #14
Tinkster
Moderator
 
Registered: Apr 2002
Location: in a fallen world
Distribution: slackware by choice, others too :} ... android.
Posts: 22,974
Blog Entries: 11

Rep: Reputation: 879Reputation: 879Reputation: 879Reputation: 879Reputation: 879Reputation: 879Reputation: 879
*sigh*

ls -lad /home
ls -la /home
ls -lad /home/takisd
ls -la /home/takisd

Look at both users and permissions.



Cheers,
Tink
 
Old 12-02-2003, 06:26 PM   #15
takisd
Member
 
Registered: Dec 2003
Posts: 39

Original Poster
Rep: Reputation: 15
tried that results below:

[root@plain /]# ls -lad /home
drwxr-xr-x 14 root root 4096 Dec 2 10:29 /home
[root@plain /]# ls -la /home
total 56
drwxr-xr-x 14 root root 4096 Dec 2 10:29 .
drwx------ 21 root root 4096 Dec 2 17:15 ..
drwx------ 4 admin admin 4096 Feb 24 2003 admin
drwx------ 3 courier courier 4096 Mar 10 2003 courier
drwx------ 5 isecard isecards 4096 Jul 24 03:26 isecard
drwx------ 2 jay isecards 4096 Jul 24 03:22 jay
drwx------ 3 larosa hbclient 4096 May 18 2003 larosa
drwx------ 3 markg hibrow 4096 Feb 5 2003 markg
drwx------ 3 michielm hibrow 4096 Feb 5 2003 michielm
drwx------ 2 peteb hibrow 4096 Aug 15 04:21 peteb
drwx------ 3 popuser popuser 4096 Apr 28 2003 popuser
drwx------ 3 steveb hibrow 4096 Feb 5 2003 steveb
drwx------ 4 takisd takisd 4096 Dec 2 12:13 takisd
drwx------ 2 takisd2 takisd 4096 Dec 2 10:29 takisd2
[root@plain /]# ls -lad /home/takisd
drwx------ 4 takisd takisd 4096 Dec 2 12:13 /home/takisd
[root@plain /]# ls -la /home/takisd
total 40
drwx------ 4 takisd takisd 4096 Dec 2 12:13 .
drwxr-xr-x 14 root root 4096 Dec 2 10:29 ..
-rwx------ 1 takisd takisd 1460 Nov 6 08:28 .bash_history
-rwx------ 1 takisd takisd 24 May 14 2002 .bash_logout
-rwx------ 1 takisd takisd 191 May 14 2002 .bash_profile
-rwx------ 1 takisd takisd 124 Dec 2 12:13 .bashrc
-rwx------ 1 takisd takisd 99 May 19 2002 .fetchmailrc
drwx------ 8 takisd takisd 4096 Mar 10 2003 Maildir
-rwx------ 1 takisd takisd 11 Feb 4 2003 .qmail
drwx------ 7 takisd takisd 4096 Jul 28 11:01 temp
[root@plain /]#

i had changed the .bash_profile and the others .bash_ files to 644 as they were before, but that didn't work either.

should i be considering scrubbing and starting again... i'm just desperartely trying to avoid this - it will take forever.

thanks

Takis
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
vsftpd - new directories are chmod:ed 700 samel_tvom Linux - Software 2 05-23-2005 11:27 AM
What can we do if we type chmod ugo-x /bin/chmod ?????? bunny123 Linux - Software 3 02-01-2005 08:53 PM
CHMOD in shell : chmod 777 /usr/ <---is that right? cpanelskindepot Programming 5 07-16-2004 05:37 AM
How to type "box" used in chmod cmd dark_light Linux - Newbie 4 03-30-2003 03:43 PM
Lockout Problem! sanju2k Linux - General 1 12-01-2002 08:33 AM


All times are GMT -5. The time now is 11:33 AM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration