Permission Issues

turbo_acura · 02-20-2006, 06:24 AM

Hello.. I had problems with the Veritas Netbackup Agent, so I followed Veritas' fix of installing the app manually changing some of the permissions..this is what i typed..

# chown -R 0 etc opt var
# chgrp -R 0 etc opt var
# chmod -R 0500 opt
# chmod -R 0600 etc var

I'm not able to send emails now from the server, I then did a '#chmod -R 777 etc var'
but now i can't SSH!!! its all gone crazy now!!

- Just wondering if i'm screwed by setting all the files under /etc and /var to 777??? Anyway to get SSH back?

gilead · 02-20-2006, 01:29 PM

I wouldn't say screwed, but certainly in danger of being ravished...

Start off with chmod -R o-wx /etc to stop ordinary users changing files under /etc. Here is the listing for my /etc/ssh directory. Changing yours to something like that should fix the ssh permissions:

Code:

$ ls -l /etc/ssh
total 164
-rw-r--r-- 1 root root 132839 2006-02-07 12:16 moduli
-rw-r--r-- 1 root root   1348 2006-02-18 06:13 ssh_config
-rw------- 1 root root   1192 2006-01-05 09:04 ssh_host_dsa_key
-rw-r--r-- 1 root root   1113 2006-01-05 09:04 ssh_host_dsa_key.pub
-rw------- 1 root root    974 2006-01-05 09:04 ssh_host_key
-rw-r--r-- 1 root root    638 2006-01-05 09:04 ssh_host_key.pub
-rw------- 1 root root   1675 2006-01-05 09:04 ssh_host_rsa_key
-rw-r--r-- 1 root root    393 2006-01-05 09:04 ssh_host_rsa_key.pub
-rw-r--r-- 1 root root   2892 2006-02-18 06:15 sshd_config

Here are my /etc /opt and /var directories:

Code:

$ ls -ld /etc /opt /var
drwxr-xr-x 47 root root 4192 2006-02-18 11:31 /etc/
drwxr-xr-x  5 root root  136 2006-01-18 13:25 /opt/
drwxr-xr-x 17 root root  464 2006-01-15 05:33 /var/

I'drun the following (some of the files may need to be executable by the group so you may still get an occasional error after this):

Code:

find /opt -type d -exec chmod 0755 {} \;
find /opt -type f -exec chmod go+r {} \;

Here are the contents of my /var:

Code:

$ ls -l /var
total 2
drwxr-xr-x  2 root root   72 2006-01-05 05:31 X11R6/
lrwxrwxrwx  1 root root    3 2006-01-09 19:19 adm -> log/
drwxr-xr-x  5 root root  120 2006-02-03 11:23 cache/
drwxr-xr-x  2 root root   48 2006-02-07 12:16 empty/
drwxr-xr-x 12 root root  296 2006-02-18 10:53 lib/
drwxrwxrwt  4 root root   96 2006-02-20 06:21 lock/
drwxr-xr-x 12 root root 1952 2006-02-21 04:40 log/
lrwxrwxrwx  1 root root   10 2006-01-09 19:19 mail -> spool/mail/
drwxr-xr-x 12 root root  288 1993-11-25 12:29 man/
drwxr-xr-x  3 root root  232 2006-02-19 07:15 named/
drwxr-xr-x  9 root root  976 2006-02-21 03:00 run/
lrwxrwxrwx  1 root root   15 2006-01-09 19:19 rwho -> /var/spool/rwho/
drwxr-xr-x 13 root root  328 2004-06-07 14:40 spool/
drwxr-xr-x  3 root root   80 2005-07-25 10:11 state/
drwxrwxrwt  7 root root  232 2006-02-19 20:35 tmp/
drwxr-xr-x  8 root root  208 2005-06-25 23:48 www/

and /var/spool (for mail, others will definitely need tweaking as well):

Code:

$ ls -l /var/spool
total 0
drwx------ 2 daemon daemon  72 2006-01-05 05:31 atjobs/
drwx------ 2 daemon daemon  48 2003-11-24 10:22 atspool/
drwxrwx--- 2 smmsp  smmsp   80 2006-02-21 03:00 clientmqueue/
drwxr-x--- 3 root   wheel   72 2006-02-21 04:47 cron/
drwx--x--- 3 root   sys    216 2006-02-19 20:45 cups/
drwxrwxrwt 2 root   mail   144 2006-02-21 05:24 mail/
drwx------ 2 root   bin     48 2006-02-21 05:23 mqueue/
drwxr-xr-x 2 root   root    48 2005-07-14 15:37 pop/
drwxr-xr-x 2 root   root    48 1994-02-13 04:53 rwho/
drwxrwxrwt 2 root   root    48 2006-02-19 20:45 samba/
drwxrwxr-x 4 root   root    96 2005-06-26 21:55 squirrelmail/

Keep posting the errors you're getting so people here can tackle them as they happen... and good luck!

turbo_acura · 02-20-2006, 03:54 PM

I really appreciate all your help. I was in a critical situation where the issue had to be solved ASAP and I had another workaround. We had an identical server with build, so i tar each directory and copied it to my PC, burned on to CD, and then copied it from the CD to the server. Deleted all of /etc /var /opt and now its ALL back to normal. *PHEW*!! I just had to change /etc/ to chmod 644 I believe i had it set to. It looks the same as what you have below. That was probably the quickest way to do it. I couldnt imagine doing ALL the files and directories. Would've taken hours!!

Thanks again!
Cheers!

gilead · 02-20-2006, 04:24 PM

A good case study for the benefits of having a backup that's readily available like yours was - you're right, it would have taken much longer to do it manually