Hi ,
I use Fedora Core 2 linux. I accidentally changed ownerships all of the entire unix directories and files to my local account(not root) and then I changed again the ownership to root except that I issued local account ownership only to my /home/xxxx directories. Now my mail server is not working and I cannot do a "su -" to login as root.

Can any one help me to restructure the entire permissions back. This is very critical to me.

thanks in advance.

s

Try a live distro and edit fstab so you can write to your hdd then change things back

Can you explain me a little clearly as to how to do that?

thanks,
s

I don't know how changing the fstab file would resolve your problem.. muddshark could you be a little bit more clear? Being able to write to your drive via a livecd only involves mounting it. You would have to take a look at your fstab file (possible without root) and use that while in the livecd to mount your drives to folders (all this as root possible with the livecd). Then you could chroot to the mounted folder, and just change all the permissions. Or simply change permissions without doing that, whichever seems easiest.

Can you log onto your computer as root (not as a normal user then use 'su')? That would be the first thing I would try to do. If you can just change them back that way. If not, you could try logging into your computer as root via ssh if it is enabled and try that way.

Do you know how to mount filesystems? If not, or you're a little shaky with it, post the contents of your fstab file, so that I might come up with the procedure.

And I'm slightly confused as to what the permissions are set at right now for which folders/files on your computer. Permissios on everything in the tree below and including your home directory have been altered?

yes I can login as root using ssh and here are the contents of my /etc/fstab file:

LABEL=/ / ext3 defaults 1 1
none /dev/pts devpts gid=5,mode=620 0 0
none /dev/shm tmpfs defaults 0 0
none /proc proc defaults 0 0
none /sys sysfs defaults 0 0
/dev/hda5 swap swap defaults 0 0
/dev/cdrom /mnt/cdrom udf,iso9660 noauto,owner,kudzu,ro 0 0
/dev/hdb3 /mnt/hrd2 ext2 defaults 0 0

yes all of the permissions have been altered.

thanks,
S

Well, then. If you can login as root in some way, then there's no preventing you from changing permissions, right? I am not very good with shell scripting, though to change permissions and ownership you would simply apply the chown and chmod commands. For example (the --recursive just goes into the file tree, down the branches of each folder and all its contents):
That would take care of the ownership, then just apply a chmod to change the permissions:
The only problem I have is that if you use --recursive on a folder and add the execute permissions, they'll be added to the containing files as well. I don't know how to make sure that the directories get x and the files are not touched with those permissions. But that should suffice, as to let you as your normal user to modify the files and permissions further.

Did this help?

My problem is not with changing permissions but when I do "su -" and give the root password, I cannot login as root whereas I can login using ssh using the same password. Also I cannot check mymail.

Ooohh I see, I'm sorry. For a solution, the only thing I can come up with is to add the username to the wheel group to allow the use of 'su'. Here is where it is stated.
Other than that I do not know. (No idea what to do about the mail, either)

yes I've added the account to the wheel group but still I cannot login usng su. Can anyone please help me on this?

thanks,
s

Not all files will have root ownership or root group, some files and directories will have different users and groups. For example, mysql will have a user called 'mysql' and group named 'mysql', if you changed ownership back to root on the directory structure, the daemons will not have the right permissions to function. Your mail server will have a user and group which now has changed to 'root', the mail daemon will not have the permissions to function. The only thing I can think of is change the permissions on the postfix or sendmail directories, depending on which one is installed, may fix the mail problem.

Also some file under /usr need SUID and SGID bit set or they don't work.

You might want to google or ask someone with a RH system to show the output of:
find /usr -type f -perm -04000 -ls
find /usr -type f -perm -02000 -ls

I would set at least:
chmod u+s /usr/bin/gpasswd /usr/bin/newgrp /usr/bin/passwd /usr/bin/procmail /usr/bin/sudo /usr/sbin/masqmail
chmod g+s /usr/bin/crontab /usr/bin/dotlockfile /usr/bin/kdesud /usr/bin/lockfile /usr/bin/procmail

Make sure your /etc/pam.d directory is owned by root.

make sure the T bit is set on /var/spool/mail ('chmod +t /var/log/mail') and that the files in there are owned by each individual owner and the 'mail' group.

Make sure the /bin/su has the sticky bit set ('chmod +s /bin/su').

That should make you able to log in as root. if not, check the /var/log/secure for error messages.
check the /var/log/messages for any additional info, if provided there..

Here's what you can do to debug the thing.

Open one terminal to follow the log files (physically on the machine without X? open more terminals with ALT-F1 through ALT-F6. Remotely, just log in as root more often).

in one terminal you type 'tail -f /var/log/messages '. In the second you type 'tail -f /var/log/secure '. Also possible: in just one terminal type 'tail -f /var/log/messages & tail -f /var/log/secure'.

Then try to log in in the third terminal and try different things, like 'su'. For mail error messages, also 'tail -f /var/log/maillog' to track errors too.

If you have vital rights back to be able to use your system, you may want to verify things.
'RPM -Va >~/rpmoutput.txt' to verify on files on your system. Use 'man rpm' to check what the lines mean.

If rights on directories are lost (the x bit), you can restore them, without putting the x bit on files as well by:
'chmod +x `find . -type d`'
This looks for directories from the '.' directory (or any other you provide) and does this recursively (the whole tree underneath) and adds the x bit to those files.

Let us know how you progress.


---------------

Ultimately, if you don't want much hassle, a reinstall is an option. Once, I messed up my machine with such command (thinking to chown to my user account from my homedir down, but I was in the / dir . . .). I ended up in reinstalling the whole thing.

It is a road of much learning if you want to restore everything by hand... depends what you want

Good luck.

Did you change the ownership only, or the permissions as well?


I think if you can get the help of someone with the same distro and a default full install you can come close to fixing it.

This command run on a system like yours will show all of the files that would need to be changed on your system..


ls -lR / | grep -v "root"

Once you have a list of files you could use chown and grep and the list to change the files one user or group at the time, or make a script that can do it all. If you look in /etc/passwd and /etc/group you'll see the users and groups you'll be working with.

Hi

After issuing the following commands, eureka! I can now login as root using "su -"

$: chmod u+s /usr/bin/gpasswd /usr/bin/newgrp /usr/bin/passwd /usr/bin/procmail /usr/bin/sudo

$: chmod g+s /usr/bin/crontab /usr/bin/dotlockfile /usr/bin/kdesud /usr/bin/lockfile /usr/bin/procmail

$: chmod g+s /usr/bin/crontab /usr/bin/dotlockfile /usr/bin/kdesud /usr/bin/lockfile /usr/bin/procmail

$: chmod g+s /usr/bin/crontab /usr/bin/dotlockfile /usr/bin/kdesud /usr/bin/lockfile /usr/bin/procmail


I ran the commands "rpm -Va >~/rpmoutput.txt" and trying to understand the output.

BTW i cahnged only the ownerships not the permissions on files.


thanks
S

I have postfix with cyrus-imapd installed with authentication using saslauthd. One thing I observed in the /var/log/messages when I tried to retrive my mails was,
unable to open Berkeley db /etc/sasldb2:Permission denied

I think I need to change the permissions on /etc/sasldb2.


any suggestions on this?


thanks,
S