That is a good question. I am new to Debian (but not Linux-based systems) and your question interests me at a practical level.
I browsed the web looking for a straightforward answer. The common smart-ass answer is to reinstall all packages. Sheesh.
Apparently the RPM system provides a method to accomplish much of what you seek. I have not found anything for Debian, which I thought surprising. I suspect somebody well-versed in Debian package management could write a shell script to search all packages containing files in the /etc directory and grab/parse that information to restore the original permissions.
I have inadvertently modified file permissions as you describe. First thing is take a break and calm down.
Fortunately, you are dealing with the /etc directory, which is mostly configuration files.
Don't reboot until reasonably certain the file permissions have been restored.
Do you have any backups? That would be a nice way to restore file permissions. Even if the backup is old, you can use the list as a cross-reference.
I started looking at all the various files in /etc. I decided to take a snapshot of /etc in a Debian system I have in a virtual machine. I am attaching that file for you.
Using that list will be tedious so before inspecting each individual file and directory, try the following steps to get close to some semblance of order.
1. Run
chmod -R 644 /etc. Being that the /etc directory is for configuration files, that command should restore about 80% of the files to the correct permissions. Do not reboot!
2. Next immediately perform
chmod 755 /etc/init.d/*. That will restore the startup scripts.
3. The next batch of executables would be in /etc/cron.hourly, /etc/cron.daily, /etc/cron.weekly, /etc/cron.monthly, /etc/ppp, /etc/network, /etc/grub.d. Most of those files will need 755 permissions, but cross-reference my attachment to be sure.
4. Next look for files with an
.sh extension:
find /etc -name *.sh ! -type l ! -perm 755. That command will find all files that are not sym links and are not 755 permissions. Should be a short list. Cross-reference the attachment for the correct permissions.
5. Next would be those files that can be modified by users in specific groups. Run
find /etc ! -group root. That command will reveal those files and directories specific to certain groups. Many or perhaps all of those files should be 640 permissions or setuid or setgid. Fortunately, you only performed a chmod and not a chgrp, so this trick should help you. The list should be small and you should be able to cross-reference your list to my attachment.
6. On my system I next ran
find /etc ! -perm 755 -type d. You won't be able to run that command usefully because of the modified permissions. The command resulted in the following list of directories, which still should help you. You can change those directory permissions to match whatever I have in my attachment. Remember that some permissions are setuid and setgid. You can search for those in my attachment by looking for the letter "s" in the file permissions.
/etc/bind
/etc/chatscripts
/etc/cups/ssl
/etc/mail
/etc/mail/m4
/etc/mail/smrsh
/etc/ppp/peers
/etc/ssl/private
7. Next I ran find
/etc ! perm 644 -type f | grep -v 'init.d'. You won't be able to run that command usefully because of the modified permissions. I ignored the files in /etc/init.d because you already have updated those permissions to 755. The command resulted in the following list of files, which still should help you. Remember that some permissions are setuid and setgid. You can search for those in my attachment by looking for the letter "s" in the file permissions.
/etc/.pwd.lock
/etc/acpi/powerbtn-acpi-support.sh
/etc/apm/event.d/20hdparm
/etc/apm/event.d/ppp
/etc/apm/scripts.d/alsa
/etc/apt/secring.gpg
/etc/apt/trustdb.gpg
/etc/apt/trusted.gpg
/etc/at.deny
/etc/bind/rndc.key
/etc/chatscripts/provider
/etc/console-tools/config.d/splashy
/etc/cron.daily/apache2
/etc/cron.daily/apt
/etc/cron.daily/aptitude
/etc/cron.daily/bsdmainutils
/etc/cron.daily/exim4-base
/etc/cron.daily/htdig
/etc/cron.daily/locate
/etc/cron.daily/logrotate
/etc/cron.daily/man-db
/etc/cron.daily/mlocate
/etc/cron.daily/ntp
/etc/cron.daily/samba
/etc/cron.daily/sendmail
/etc/cron.daily/spamassassin
/etc/cron.daily/standard
/etc/cron.monthly/rwhod
/etc/cron.monthly/scrollkeeper
/etc/cron.monthly/standard
/etc/cron.weekly/cvs
/etc/cron.weekly/man-db
/etc/cups/printers.conf
/etc/dhcp3/dhclient-enter-hooks.d/samba
/etc/dhcp3/dhclient-exit-hooks.d/sendmail
/etc/exim4/passwd.client
/etc/fuse.conf
/etc/group-
/etc/grub.d/00_header
/etc/grub.d/10_linux
/etc/grub.d/30_os-prober
/etc/grub.d/40_custom
/etc/gshadow
/etc/gshadow-
/etc/hotplug/usb/nomadjukebox
/etc/kde/kdm/backgroundrc
/etc/kde3/.kthemestylerc.lock
/etc/kde3/kdm/Xreset
/etc/kde3/kdm/Xsession
/etc/kde3/kdm/Xsetup
/etc/kde3/kdm/Xstartup
/etc/kde3/kdm/Xwilling
/etc/kernel/postinst.d/initramfs-tools
/etc/kernel/postinst.d/pm-utils
/etc/kernel/postrm.d/initramfs-tools
/etc/mail/access
/etc/mail/access.db
/etc/mail/aliases.db
/etc/mail/m4/dialup.m4
/etc/mail/m4/provider.m4
/etc/mail/Makefile
/etc/mail/tls/sendmail-client.cfg
/etc/mail/tls/sendmail-client.csr
/etc/mail/tls/sendmail-common.key
/etc/mail/tls/sendmail-common.prm
/etc/mail/tls/sendmail-server.cfg
/etc/mail/tls/sendmail-server.csr
/etc/mail/tls/starttls.m4
/etc/mc/edit.indent.rc
/etc/mc/edit.spell.rc
/etc/menu-methods/menu-xdg
/etc/menu-methods/twm
/etc/menu-methods/xdg-desktop-entry-spec-apps
/etc/menu-methods/xdg-desktop-entry-spec-dirs
/etc/menu-methods/xdg-desktop-entry-spec-sessions
/etc/network/if-down.d/bind9
/etc/network/if-down.d/sendmail
/etc/network/if-post-down.d/sendmail
/etc/network/if-post-down.d/wireless-tools
/etc/network/if-pre-up.d/ethtool
/etc/network/if-pre-up.d/wireless-tools
/etc/network/if-up.d/avahi-daemon
/etc/network/if-up.d/bind9
/etc/network/if-up.d/ethtool
/etc/network/if-up.d/mountnfs
/etc/network/if-up.d/ntpdate
/etc/network/if-up.d/openssh-server
/etc/network/if-up.d/sendmail
/etc/NetworkManager/dispatcher.d/01ifupdown
/etc/passwd-
/etc/passwd.bak
/etc/postgresql/8.3/main/pg_hba.conf
/etc/postgresql/8.3/main/pg_ident.conf
/etc/ppp/chap-secrets
/etc/ppp/ip-down
/etc/ppp/ip-down.d/0000usepeerdns
/etc/ppp/ip-down.d/bind9
/etc/ppp/ip-down.d/sendmail
/etc/ppp/ip-up
/etc/ppp/ip-up.d/0000usepeerdns
/etc/ppp/ip-up.d/bind9
/etc/ppp/ip-up.d/exim4
/etc/ppp/ip-up.d/sendmail
/etc/ppp/ipv6-down
/etc/ppp/ipv6-up
/etc/ppp/pap-secrets
/etc/ppp/peers/kppp-options
/etc/ppp/peers/provider
/etc/qt3/.qt_plugins_3.3rc.lock
/etc/qt3/.qtrc.lock
/etc/rc.local
/etc/resolvconf/update.d/dnsmasq
/etc/resolvconf/update-libc.d/avahi-daemon
/etc/resolvconf/update-libc.d/sendmail
/etc/rmt
/etc/security/namespace.init
/etc/security/opasswd
/etc/shadow
/etc/shadow-
/etc/shadow.bak
/etc/smartmontools/run.d/10mail
/etc/ssh/ssh_host_dsa_key
/etc/ssh/ssh_host_rsa_key
/etc/ssl/certs/imapd.pem
/etc/ssl/private/ssl-cert-snakeoil.key
/etc/sudoers
/etc/sudoers.d/README
/etc/wpa_supplicant/action_wpa.sh
/etc/wpa_supplicant/functions.sh
/etc/wpa_supplicant/ifupdown.sh
/etc/X11/xinit/xserverrc
/etc/X11/Xsession
/etc/X11/Xwrapper.config
Those steps should get you about 90% or more restored. From there you would have to use the attached file to restore the remaining permissions.
Of course, you wont have the exact same packages installed as me so don't worry if the file or directory is listed in my attachment but not in your system.
I hope this helps.
I am interested in a more programmatic solution from any experienced Debian guru.
