[SOLVED] help ! mass change_owner happend to my root file system in fedora

anas · 11-21-2010, 12:35 PM

hi,
I have a fedora 14 system. I booted a suse installation that existed on an external harddisk and wanted to access my original fedora user home directory using non-root preveliges(so that i can use the gui file manager), so I searched on the internet and made a command to (chown -R mysuseUser:Users *) thinking that it will only affect the current mount permissions (not permenantly) put it did change the file system... i realized and cut it in the middle but some corruption was done. and then my fedora gui login screen was missing any username.
i tried to fix that by going to my fedora and executing chown (once using --from , and once without --from) and changed all root file system recursively to be owned by root and then changed my /home/myuserName ownerships all recursively to be owned by myUserName ....

after that... still the system is corrupted..... when i login to genome i have several crash messages (gdiskutility is one of them) and networking is disabled (i cannot connect to neither wireless nor wired nor wireless broadband). also when i plug USB/esata harddisks nothing happens

now i can only do work from my external harddisk`s suse linux.
what can i do to restore my system ? I have a previous dd image of my entire harddrive, but it is more than one month old and also I don`t want to do a restore to my entire harddrive.. can i clone some ownerships from files in dd image to their corresponding ones in my fedora system ? if so, how can i even mount a dd image ?
thanks in advance !

side note: my user name is derived from a non-english word, don`t be suspecious

Tinkster · 11-21-2010, 05:11 PM

Hi, welcome to LQ!

As FC is an rpm based distro you may be able to recover from
your little accident via

Code:

for i in $(rpm -qa)
do
  rpm --setugids $i
done

Cheers,
Tink

pupok · 11-21-2010, 05:17 PM

Quote:

Originally Posted by anas

chown -R mysuseUser:Users *
...
and then my fedora gui login screen was missing any username
i tried to fix that by going to my fedora and executing chown (once using --from , and once without --from) and changed all root file system recursively to be owned by root
...

I'm afraid this is generaly bad idea. Not all system files should be owned by root. And changing ownership also clears SETUID and SETGID bits of files in question.

Quote:

Originally Posted by anas

...
now i can only do work from my external harddisk`s suse linux.
what can i do to restore my system ? I have a previous dd image of my entire harddrive
...

As Tinkster said Fedora uses rpm based package manager, so I would try commands like this rpm --setugids <packagename>, rpm --setperms <packagename>. In this order.
More at http://www.cyberciti.biz/tips/reset-...ermission.html

As you are unable to login to your Fedora system, you have to boot to Suse and use proper options with rpm command. E.g. database path (dbpath) and root path (root).

As for dd'ed imade. It's AFAIK unusable without restoring first in this case.

anas · 11-22-2010, 06:10 AM

hello,
thank you pupok and Tinkster,
>pupok :

Quote:

As you are unable to login to your Fedora system,

thanks but i can login through console as root, (i meaned that i cannot do my ordinary work on my system

> Tinkster: thank you, I tried it but it didn`t work , actually it transferred my gui login from crashy to unable_to_login

as I have a (some-how old) dd backup, I followed some tutorials on the net that uses losetup to mount the image using suse, then I used getfacl and setfacl --restore to restore the system file pemissions. however, it had no effect

some services are still failing to start (including HAL daemon and auditd) . my home/userName/.IECauthority is reported not accissible when i try to login even after i did a chmod a+rw to it.

when X starts it reports that (/var/gdm/.ICEauthority) is not accessible (it is not there, maybe one of my restoration trials deleted it in some way.. so i will try to restore it from my backup)

thank you all, I will keep trying until I am so desperate that I will restore my old backup ., will update you if god permits.

anas · 11-22-2010, 09:51 AM

hi all

finally i solved the problem, I am now posting here from my fedora, but i think i solved it with a security disaster ! (i had to , i am on a hurry)

I made a chmod -R a+rw * in the root file system
edit:warning : after this step , i couldn`t login with root to console, but i was already logged in and doing the next step solved everything (together with this step)
then i restored the access control list from an old backup(using getfacl & setfacl) into the root file system (at least to prevent some of the security disaster made during point 1) , (but before that , i manually changed some of the folder names in the access control list of the backup to reflect the new locations (i did this only to lib/modules/onlyOneOfKernelNumbers_notAllOfThem ), after i realized that there are many file/folder names to change ; i ignored the rest (there are many changed locations due to the fact that system updates change folder names to match package versions)
after that i manually copied the var/lib/gdm/.ICEauthority permissions from the backup using setfacl from the old backup just to make sure (it was a main problem for gui login),it is now owned by gdm:gdm and have a+rwx permissions
i restored the access control list of the /home directory from a more recent backup done only to the home

that's all, all problems disappeared, (but maybe many problems to come in future because of the a+rw thing on the /, although i hope not ... i am thinking of doing the rpm loop thing suggested by Tinkster again later.. or maybe gradually with system updates permissions will get to normal (anybody can confirm this ?))

anas · 11-22-2010, 11:36 AM

hi , i tried again what tinkster said withone added command and i think now all my permissions are fixed./ i did the following :

Quote:

for i in $(rpm -qa)
do
rpm --setugids $i
rpm --setperms $i
done

I hope everything in my system is back to normal by now, (thanks Tinkster)

Tinkster · 11-22-2010, 12:13 PM

Quote:

Originally Posted by anas

hi , i tried again what tinkster said withone added command and i think now all my permissions are fixed./ i did the following :

I hope everything in my system is back to normal by now, (thanks Tinkster)

Congratulations, nice work. :}

Cheers,
Tink