Hi

in my infinite wisdom and linux experience, i attempted to restrict users seeing other users directories within the /home structure by executing chmod -R 700 home.

the result is now that no user other than root can log into the system, my email server is down, web server is down, database is non-responsive and who knows what else has dumped. either way, i'm in big trouble.

the only suggestion i have received was to start fresh with a new install, losing whatever i had (painfully i might add) set up before.

is there any other way to recover from this?

any suggestions would be greatly appreciated.

thanks.

Takis

Shoot the person who suggested the re-install ... :)

This is unix, you can do everything.

chmod 755 /home
And for the individual users, do the following
cd /home
ls -1 | xargs chmod -R 700

That should do the trick :}


Cheers,
Tink

ok

i'm logged in as root.

i've done the chmod 755 to the home directory.

i then went into the home directory and ran:
ls -1 | xargs chmod -R 700

it paused for a moment then returned.

i still can't log in as any other user.

i suspect perhaps i've done something wrong with what you suggested.
should i be running the above on each individual user directory? although i think that the above did run it on all directories.

either way, still no good. i don't understand how the web server dumped. there are no pages served from user's home directories. also the database user for pgsql has no home directory, yet that user too has lost login ability. home must have some hidden bits???

anyway... anything would be appreciated.

thanks

Takis

Ummm ...

post the output of
ls -ld /home
and
ls -l /home
, please



Cheers,
Tink

ok

ls -ld /home
drwxr-xr-x 14 root root 4096 Dec 2 10:29 /home

ls -l /home
drwx------ 4 admin admin 4096 Feb 24 2003 admin
drwx------ 3 courier courier 4096 Mar 10 2003 courier
drwx------ 5 isecard isecards 4096 Jul 24 03:26 isecard
drwx------ 2 jay isecards 4096 Jul 24 03:22 jay
drwx------ 3 larosa hbclient 4096 May 18 2003 larosa
drwx------ 3 markg hibrow 4096 Feb 5 2003 markg
drwx------ 3 michielm hibrow 4096 Feb 5 2003 michielm
drwx------ 2 peteb hibrow 4096 Aug 15 04:21 peteb
drwx------ 3 popuser popuser 4096 Apr 28 2003 popuser
drwx------ 3 steveb hibrow 4096 Feb 5 2003 steveb
drwx------ 4 takisd takisd 4096 Dec 2 12:13 takisd
drwx------ 2 takisd2 takisd 4096 Dec 2 10:29 takisd2

the last account, takisd2 was one i created to see if adding a new user would work for that user... unfortunately no.

thanks

Takis

Looks good to me ... what else did you change,
what's the error message you get? Try to log in
from a full-screen terminal ... or as root, do a
su - takisd and see what error message you get.



Cheers,
Tink

i've been trying that all night to no avail.

su takisd or any user gives me
could not open session

if i use a system type user say apache or my qmail users i get the same thing.

accessing mail still won't work, and the web sites are dead. initially i got 403 for the sites and then i restarted apache and now all i get is 404 not found. pinging the sites still works, so dns is ok. just everything on the machine is dumped.

even tomcat which started as root won't work though ps -ef will show those pocesses running.

thanks again... anything would be great

Takis

Please, do a
su - takisd
and copy and paste the output.

And again, what else (besides the permissions)
did you change?



Cheers,
Tink

ok heres the su output


[root@plain /]# su takisd
could not open session

i get the above for all users.

i didn't touch anything else - nothing at all.

what i did was: chmod -R 700 /home

thats it. after that all dumped, from mail, to ftp (gives no access obviously), web (apache and tomcat) and so forth.

i don't understand. ok, big stuff up on my part but unrecoverable!!??

thanks heaps for your help... i'll take anything.

Takis

Does
su takisd
and
su - takisd
make a difference in your distro?


Also, what's the
ls -l /home/takis
look like?


Cheers,
Tink

the results of those commands is below:


[root@plain /]# su takisd
could not open session

[root@plain /]# su - takisd
su: warning: cannot change directory to /home/takisd: Permission denied
could not open session

[root@plain /]# ls -l /home/takisd
total 8
drwx------ 8 takisd takisd 4096 Mar 10 2003 Maildir
drwx------ 7 root root 4096 Jul 28 11:01 temp


i'm running redhat 7.2... sorry should have mentioned that earlier

thanks

Takis

What about a
chown -R takisd:takisd /home/takisd
?

same deal...

[root@plain /]# chown -R takisd:takisd /home/takisd
[root@plain /]# su takisd
could not open session

its as if something has become horribly corrupted.

i'm really pulling my hair out, i'm hosting a couple of small sites and email accounts. i think they want my blood....

anything.....


thanks

Takis

*sigh*

ls -lad /home
ls -la /home
ls -lad /home/takisd
ls -la /home/takisd

Look at both users and permissions.



Cheers,
Tink

tried that results below:

[root@plain /]# ls -lad /home
drwxr-xr-x 14 root root 4096 Dec 2 10:29 /home
[root@plain /]# ls -la /home
total 56
drwxr-xr-x 14 root root 4096 Dec 2 10:29 .
drwx------ 21 root root 4096 Dec 2 17:15 ..
drwx------ 4 admin admin 4096 Feb 24 2003 admin
drwx------ 3 courier courier 4096 Mar 10 2003 courier
drwx------ 5 isecard isecards 4096 Jul 24 03:26 isecard
drwx------ 2 jay isecards 4096 Jul 24 03:22 jay
drwx------ 3 larosa hbclient 4096 May 18 2003 larosa
drwx------ 3 markg hibrow 4096 Feb 5 2003 markg
drwx------ 3 michielm hibrow 4096 Feb 5 2003 michielm
drwx------ 2 peteb hibrow 4096 Aug 15 04:21 peteb
drwx------ 3 popuser popuser 4096 Apr 28 2003 popuser
drwx------ 3 steveb hibrow 4096 Feb 5 2003 steveb
drwx------ 4 takisd takisd 4096 Dec 2 12:13 takisd
drwx------ 2 takisd2 takisd 4096 Dec 2 10:29 takisd2
[root@plain /]# ls -lad /home/takisd
drwx------ 4 takisd takisd 4096 Dec 2 12:13 /home/takisd
[root@plain /]# ls -la /home/takisd
total 40
drwx------ 4 takisd takisd 4096 Dec 2 12:13 .
drwxr-xr-x 14 root root 4096 Dec 2 10:29 ..
-rwx------ 1 takisd takisd 1460 Nov 6 08:28 .bash_history
-rwx------ 1 takisd takisd 24 May 14 2002 .bash_logout
-rwx------ 1 takisd takisd 191 May 14 2002 .bash_profile
-rwx------ 1 takisd takisd 124 Dec 2 12:13 .bashrc
-rwx------ 1 takisd takisd 99 May 19 2002 .fetchmailrc
drwx------ 8 takisd takisd 4096 Mar 10 2003 Maildir
-rwx------ 1 takisd takisd 11 Feb 4 2003 .qmail
drwx------ 7 takisd takisd 4096 Jul 28 11:01 temp
[root@plain /]#

i had changed the .bash_profile and the others .bash_ files to 644 as they were before, but that didn't work either.

should i be considering scrubbing and starting again... i'm just desperartely trying to avoid this - it will take forever.

thanks

Takis