Unable to change immutable attributes

krazybob · 02-11-2018, 07:35 AM

Somehow the attributes of .ssh were changed and I am unable to change them back. I need 700 permissions and it only allows 000.

Code:

[root@clss06 /]# chattr -i /root/.ssh
[root@clss06 /]# lsattr -a /root/.ssh
-------------e- /root/.ssh/authorized_keys
-------------e- /root/.ssh/known_hosts
-------------e- /root/.ssh/..
-----a-------e- /root/.ssh/.

I never changed this to begin with. It is a hosting server under Virtuozzo. Even logging in as root from the hardware node of Virtuozzo refuses to allow me to chnage to attr's.

Any thoughts?

Thank you in advance.

MensaWater · 02-12-2018, 08:59 AM

You're using the wrong commands for viewing and setting "permissions" (a/k/a "mode") on a file/directory:

ls -ld /root/.ssh

Should show something like:
drwx------. 3 root root 4096 Jan 16 16:27 /root/.ssh

d = directory
r = (4) read access (for owner)
w = (2)write access (for owner)
x = (1) execute access (for owner - for a directory x is required for directory access).
--- = (0) No permissions for group
--- = (0) No permissions for other

Adding 4 + 2 + 1 = 7.

To change the directory to 700:
chmod 700 /root/.ssh

Habitual · 02-12-2018, 11:01 AM

~/.ssh = 700 and
~/.ssh/{authorized_keys,known_hosts} = 600

Code:

ls -ld ~/.ssh && ls -lF $_
drwx------ 2 root root 4096 Jan 15 09:45 .ssh
total 16
-rw------- 1 root root 1192 Jan 15 09:45 authorized_keys
-rw------- 1 root root 1347 Jan 15 09:44 authorized_keys.bak
-rw------- 1 root root 1679 May 24  2017 db
-rw-r--r-- 1 root root 1426 May 24  2017 known_hosts

ls -ld is List Directory
ls -lF is List Files only

Generic References
https://help.ubuntu.com/community/SSH/OpenSSH/Keys
https://wiki.archlinux.org/index.php/SSH_keys
Both excellent, esp #2. Ask if you are unsure.
The ssh-keygen command below side-steps most of the interactive questions asked by ssh-keygen if you ran it w\out the options.
Don't freak out or panic.

Make strong keys quickly No password.. (or it may prompt you to use one on the created ssh key you are making), been awhile.

Code:

ssh-keygen -f /path/to/file_rsa -t rsa -N '' -b 4096 -q

I believe I mis-spoke, if you hit the "-q" you should prompted for password.
Definately, maybe!

krazybob · 02-12-2018, 04:02 PM

I was actually using the exact commands provided by Plesk. Hmm... I know how to create keys but since the directory was not writable any attempt would fail. Persons Unknown and by unknown means entered the server that I am trying to my great customers off of and change permissions on the directory. I don't know why. I know I didn't change the permissions. I had no reason to change the permissions. But I use the exact commands plesk provided to me. Isn't it amazing how many different ways there are to accomplish the same thing?

Code:

  972  lsattr -a /root/.ssh 
  973  ls -la /root/.ssh/
  974  chmod 700 /root/.ssh
  975  ls -la /root/.ssh/
  976  chattr -a /root/.ssh
  977  ls -la /root/.ssh/
  978  lsattr -a /root/.ssh 
  979  chmod 700 /root/.ssh
  980  chmod 600 /root/.ssh/authorized_keys
  981  chmod 644 /root/.ssh/known_hosts
  982  history
  983  hostname
  984  cd /root
  985  ls -lah
  986  chattr -i .ssh
  987  chmod 700 .ssh
  988  lsattr .ssh
  989  cd ..
  990  lsattr .ssh
  991  lsattr /root/.ssh
  992  pwd
  993  chattr -i /root/.ssh
  994  lsattr /root/.ssh
  995  lsattr -a /root/.ssh
  996  chattr -i /root/.ssh
  997  lsattr -a /root/.ssh

It seems that the +a attribute was also set and not allowing me to set the permissions to 700 or anything else for that matter. Plesk resolved the issue but I'm going to remember your ways as well. There's more than one ways to skin a cat as they say. What I do when I get helpful information like you provided as I copy it in Notepad and I have built up quite a knowledge base for myself. That way when someone down the road has a similar problem I may be able to provide them with the answers just as you folks have tried to help me. I wonder what the difference between the commands is though?