Locked myself out of my home

NotionCommotion · 11-23-2016, 11:30 AM

Well, this is embarrassing. I was trying to give Apache access to a directory in my home, and did a recursive chmod and chown command on my home directory. Now I can't even access it after recursively setting everything back to 664 and as my user/group.

Questions:

Why can't I access it? What do I need to do to access it?
What is the best "default" permission to set things back to? 664? What about directories such as .ssh?

Code:

[Michael@devserver home]$ pwd
/home
[Michael@devserver home]$ sudo chmod 0664 -R Michael
[sudo] password for Michael:
[Michael@devserver home]$ sudo chown Michael:Michael -R /home/Michael
[Michael@devserver home]$ ls -l
total 40
drwx------.  9 git     git      4096 Apr 19  2014 git
drwx------.  2 root    root    16384 Apr 19  2014 lost+found
drw-rw-r--. 21 Michael Michael  4096 Nov 23 09:04 Michael
drwxrwxrwx.  2 root    root     4096 Dec 23  2014 mysql_log
drwx------.  4 phped   phped    4096 Apr 21  2014 phped
drwxr-xr-x.  3 root    root     4096 May 29  2014 public
drwxrwxr-x.  9 vbox    vbox     4096 May 28  2015 vbox
[Michael@devserver home]$ cd Michael
-bash: cd: Michael: Permission denied
[Michael@devserver home]$ su -
Password:
[root@devserver ~]# cd /home/Michael
[root@devserver Michael]#

szboardstretcher · 11-23-2016, 11:32 AM

Have to have the execute bit set on directories. So usually 0755 or 0775 for directories.

suicidaleggroll · 11-23-2016, 11:36 AM

Code:

chmod -R u+X /home/Michael

The capital X means it will only add execute permissions for directories or if the file already has execute permission for some user. This is convenient for times like this where you need to add execute permissions to all directories recursively, but not the files. Keeps you from having to do a "find -type d -exec chmod" or similar.

Also if there are any executables anywhere in your home directory, you'll need to manually re-add execute permissions on each and every one of them individually.

Manually setting the octal permissions recursively for an entire directory structure is very rarely the right course of action. It usually causes far more problems than it potentially solves. Use the ugo +/- rwxX arguments to chmod instead.

NotionCommotion · 11-23-2016, 11:37 AM

Thanks szboardstretcher, Well I feel silly.

To set things back to right, should I first make /home/Michael 700 recursively, then make /home/Michael 770 not recursive, and then make subdirectories either 750 or 770 on a as needed basis?

szboardstretcher · 11-23-2016, 11:41 AM

Yeah. To start you can 'chmod 0775 /home/Michael'... then if you want to start to fix the Michael directory and its contents,..

As root you could chmod directories, files and scripts correctly with the commands below. You might still have some outliers to fix - like .ssh as mentioned.

Code:

find /home/Michael -type d -exec chmod 0755 {} \;
find /home/Michael -type f -exec chmod 0644 {} \;
find /home/Michael -type f -name '*.sh' -exec chmod 0774 {} \;

notKlaatu · 11-23-2016, 11:41 AM

Quote:

Originally Posted by NotionCommotion

What about directories such as .ssh?

From `man ssh` :

Code:

     ~/.ssh/
             This directory is the default location for all user-specific configuration and authentication
             information.  There is no general requirement to keep the entire contents of this directory
             secret, but the recommended permissions are read/write/execute for the user, and not accessible
             by others.
     [...]
     ~/.ssh/id_rsa
             Contains the private key for authentication.  These files contain sensitive data and should be
             readable by the user but not accessible by others (read/write/execute).  ssh will simply ignore
             a private key file if it is accessible by others.

So

Code:

$ chmod 700 ~/.ssh 
$ chmod 400 ~/.ssh/id_rsa