SlackwareThis Forum is for the discussion of Slackware Linux.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
After posting in this thread, I remembered I had a copy of an old shell script that restores file permissions on a stock Slackware system.
Might be useful to some folks. The original author is noted in the script.
I never had to use the script and never tested. Might be a decent rainy day exercise to create a VM, chmod 777 the entire system, and test the script. Perhaps a few bored or adventurous Slackers could test the script.
On my system I named the script /usr/local/sbin/restore_fileperms_from_manifest. I think I found the script here at LQ, but many years ago.
Have fun.
Code:
#!/bin/bash
# Copyright 2005, 2006 CTSMacon LLC., Macon, GA, USA
# All rights reserved.
#
# Redistribution and use of this script, with or without modification, is
# permitted provided that the following conditions are met:
#
# 1. Redistributions of this script must retain the above copyright
# notice, this list of conditions and the following disclaimer.
#
# THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR IMPLIED
# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
# MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO
# EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
# SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
# PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS;
# OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
# OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
# ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
#
# Howdy folks!
#
# Some one on IRC had their box completely hosed due to someone running a
# "chmod -R 777 /" like a newb, so I banged up this script to fix it.
# Hope y'all enjoy.
# Alan Hicks
# ----------------------------------------------------------------------------
# This script will restore all default permissions on a Slackware box
# This may work with other UNIXs as well, but you'll need a file
# in the same way as a massaged MANIFEST file in Slackware
# You MUST have a file called MANIFEST in the directory you are calling
# this script from that contains a list of all the files you want
# changed and their correct permissions and ownership. This is easily
# done in Slackware by removing all lines that begin with "+" or "|"
# in the file.
#
# The following works fine on Slackware.
#
# bunzip2 MANIFEST.bz2
# mv MANIFEST file
# egrep "^[d-]" file > MANIFEST
(while read line; do
# Tag the filename
PATH_NAME="$( echo $line | awk '{print $6}' )"
# Tag the permissions
FULL_PERM="$(echo $line | cut -c 2-10 )"
OWNER_GROUP="$( echo $line | awk '{print $2}' | sed -e s+/+:+ )"
OWN_PERMS="$(echo $FULL_PERM | cut -c 1-3 )"
GROUP_PERMS="$(echo $FULL_PERM | cut -c 4-6 )"
ALL_PERMS="$(echo $FULL_PERM | cut -c 7-9 )"
# Read in owner permissions (and the suid bit!)
if [ "$( echo $OWN_PERMS | cut -c 1)" = "r" ]; then
READ=4
else
READ=0
fi
if [ "$( echo $OWN_PERMS | cut -c 2)" = "w" ]; then
WRITE=2
else
WRITE=0
fi
if [ "$( echo $OWN_PERMS | cut -c 3)" = "x" ]; then
EXE=1
else
EXE=0
fi
if [ "$( echo $OWN_PERMS | cut -c 3)" = "s" ]; then
SUID=4
EXE=1
else
SUID=0
EXE=0
fi
OWN=$(( $READ + $WRITE + $EXE ))
# Read in group permissions (and the sgid bit!)
if [ "$( echo $GROUP_PERMS | cut -c 1)" = "r" ]; then
READ=4
else
READ=0
fi
if [ "$( echo $GROUP_PERMS | cut -c 2)" = "w" ]; then
WRITE=2
else
WRITE=0
fi
if [ "$( echo $GROUP_PERMS | cut -c 3)" = "x" ]; then
EXE=1
else
EXE=0
fi
if [ "$( echo $GROUP_PERMS | cut -c 3)" = "s" ]; then
EXE=1
SGID=2
else
SGID=0
EXE=0
fi
GROUP=$(( $READ + $WRITE + $EXE ))
# Read in world permissions (and the sticky bit!)
if [ "$( echo $ALL_PERMS | cut -c 1)" = "r" ]; then
READ=4
else
READ=0
fi
if [ "$( echo $ALL_PERMS | cut -c 2)" = "w" ]; then
WRITE=2
else
WRITE=0
fi
if [ "$( echo $ALL_PERMS | cut -c 3)" = "x" ]; then
EXE=1
else
EXE=0
fi
if [ "$( echo $ALL_PERMS | cut -c 3)" = "t" ]; then
STICKY=1
EXE=1
else
STICKY=0
EXE=0
fi
ALL=$(( $READ + $WRITE + $EXE ))
OTHER=$(( $SUID + $SUID + $STICKY ))
echo chmod -R $OTHER$OWN$GROUP$ALL /$PATH_NAME
echo chgrp $OWNER_GROUP /$PATH_NAME
done) < MANIFEST
it won't work, no need to test it you only have to read it
Code:
egrep "^[d-]" file > MANIFEST
is grabbing all the files and dirs
./ will be listed many times, the chmod -R is going to reset things to 755
Code:
egrep "^[d-]" -a file | sort -u -d -k6 > MANIFEST
should help. If I were to use it, I'd remove the -R from the chmod in the script (I wouldn't care to have my non-root users to have their home directories suddenly owned by root) and add some .new detection as well.
Can we just snuff the know-it-all. If you like Debian so much, kindly leave the Slackware users to their sorry self, we'll manage OK.
the script is bad, you only have to read it to know that.
And yes, I do like Debian
I'm a fairly recent Debian user.
Started with Redhat 5.2
used Slackware for a year or two
LFS for a few years after that
reluctantly Ubuntu for Android toolchain
Then Debian
bsds now and again, slackware on laptop once in a while to see if it improved
should help. If I were to use it, I'd remove the -R from the chmod in the script (I wouldn't care to have my non-root users to have their home directories suddenly owned by root) and add some .new detection as well.
yeap
the scenario according to the script is someone chmod 777 -R ./
so everything needs to be fixed, home dirs and block/char
had a little look at it,
right now I have the script doing the exact same thing, only much faster
so add the sort and do dirs first ( ^d )
then do files/block/char ( ^[bc-] )
Code:
#!/bin/bash
declare -A perms=( [r]="4" [w]="2" [x]="1" [-]="0" [s]="1" [t]="1" )
(while read line
do
LINE=($line)
# [0]="Permisions" [1]="Owner/Group [2]="Size/Major/Minor"
# [3]="Date" [4]="Time" [5]="Path/file"
NAME="${LINE[5]}"
PERM="${LINE[0]:1}"
OWNER_GROUP="${LINE[1]%/*}:${LINE[1]#*/}"
unset SPERM
[[ ${PERM:2:1} == s ]] && SPERM=$(( ${SPERM:-0} + 4 ))
[[ ${PERM:5:1} == s ]] && SPERM=$(( ${SPERM:-0} + 2 ))
[[ ${PERM} =~ t ]] && SPERM=$(( ${SPERM:-0} + 1 ))
#printf "%s" ${NAME}
#printf " %s" ${PERM}
for p in r w x - s t
do
PERM=${PERM//${p}/${perms[${p}]}}
done
#printf " %s" ${SPERM}${PERM}
CHMOD=$(
printf "%d" $(( ${PERM:0:1} + ${PERM:1:1} + ${PERM:2:1} ))
printf "%d" $(( ${PERM:3:1} + ${PERM:4:1} + ${PERM:5:1} ))
printf "%d" $(( ${PERM:6:1} + ${PERM:7:1} + ${PERM:8:1} ))
)
#printf " %s\n" ${SPERM}${CHMOD}
echo chmod -R ${SPERM}${CHMOD} ${MNTPOINT}/${NAME}
echo chgrp ${OWNER_GROUP} ${MNTPOINT}/$NAME
done) < MANIFEST
#TODO split manifest
threw a mountpoint in
like I said, it does exactly the same as original
so it is also broken
I may add touch to fix timestamps, but that may not be worth it
started this
Code:
ChkManifest () {
fileis=( $(file -i "${1}") )
case ${fileis[1]:0:(-1)} in
application/x-bzip2)
GREP="bzgrep"
;;
text/plain)
GREP="grep"
;;
*) cat <<-EOF
<tabs>"${fileis[1]:0:(-1)}" not handled yet
<tabs>only bzip2 or plain text for now
<tabs>EOF
exit 1
#TODO move error reports to trap
;;
esac
$GREP -q -m1 "|| Package:" ${1} || exit 4
# || cat <<-EOF
# "${1}" does not appear to be a valid Manifest
# EOF
#TODO move error reports to trap
}
Code:
ReadManifest () {
$GREP "^[$1]" "${2}"
# going to need to sort at some point
# might as well do it here
}
so all that is left is some checks to see if the file exists accounting for .new
maybe throw a stat in to see if we need to chmod
although, the stat may take just as long as a chmod anyway
I may have overlooked some pieces , but I'm sure you guys can figure it out and put it all together.
declare -A perms=( [r]="4" [w]="2" [x]="1" [-]="0" [s]="1" [t]="1" [T]="0" )
<snip>
[[ ${PERM} =~ [tT] ]] && SPERM=$(( ${SPERM:-0} + 1 ))
for p in r w x - s t T
FWIW, I found it necessary to add the "-a" to the egrep line due to one of the file names in the manifest containing UTF characters (it's in the kbd-1.15.3-x86_64-2.txz portion of the file); egrep would stop processing the manifest file at that point with a Binary file MANIFEST matches message.
Outside the one-off comments, has anybody created an updated script? I have a spare Current VM to test. Perhaps a chmod -R 777 / and then run the updated script.
like I said, it does exactly the same as original
so it is also broken
How productive ... Slackware would be truely lost without your "deep, thoughtful" insights.
Quote:
Originally Posted by upnort
Outside the one-off comments, has anybody created an updated script? I have a spare Current VM to test. Perhaps a chmod -R 777 / and then run the updated script.
You could try the following script:
Code:
#!/usr/bin/bash
MANIFEST="${1:-./MANIFEST}"
ROOT="$2"
transform_perms() {
local f="${1,,}" # field to be transformed into valid chmod permission (u,g,o)
local p="${2}" # the permission as read from the manifest file
local s=${3:-s}
local r
case ${p:2} in
x|-) # must remove s-bit explicitly
r="$f=${p//-/},${f}-${s,,}"
;;
s|t) # lower case s-bit implies exec bit
r="$f=${p//-/}x"
;;
*)
r="$f=${p//-/}"
;;
esac
echo "${r,,}"
}
reset_perms() {
local read perm user_group size date time file u g o filepath
while read perm user_group size date time file;do
[[ ${perm:0:1} == [^hdbcps-] ]] && continue;
u=$(transform_perms u "${perm:1:3}")
g=$(transform_perms g "${perm:4:3}")
o=$(transform_perms o "${perm:7:3}" t)
[[ ${perm:0:1} == h ]] && file="${file% link to *}"
filepath="$ROOT/$file"
chown ${user_group/\//:} "$filepath"
chmod $u,$g,$o "$filepath"
done < "$MANIFEST"
}
reset_perms
Just do me a favor and run
Code:
# chmod -R 7777 / # yes, that is four 7s
to "screw" up the system in your VM. I would like to know if it handles the SUID/SGID bits for directories correctly because the way chmod handles them is not trivial.
Last edited by crts; 09-30-2019 at 09:20 PM.
Reason: Renamed variable
How productive ... Slackware would be truely lost without your "deep, thoughtful" insights.
That was not necessary. There are bugs in the original script.
I would prefer @Firerat to help fix problems versus just pointing them out; @Firerat was providing code examples that incrementally improved the original script.
"Friends come and go; enemies accumulate."
EDIT: I do like that your script uses the symbolic parameters to chmod versus the numeric ones.
Last edited by Richard Cranium; 09-30-2019 at 09:08 PM.
EDIT: I do like that your script uses the symbolic parameters to chmod versus the numeric ones.
It does so because you cannot remove an erroneous SUID/SGID bit with the numeric ones. From the manpage:
Code:
SETUID AND SETGID BITS
chmod clears the set-group-ID bit of a regular file if the file's
group ID does not match the user's effective group ID or one of the
user's supplementary group IDs, unless the user has appropriate privi‐
leges. Additional restrictions may cause the set-user-ID and set-
group-ID bits of MODE or RFILE to be ignored. This behavior depends
on the policy and functionality of the underlying chmod system call.
When in doubt, check the underlying system behavior.
chmod preserves a directory's set-user-ID and set-group-ID bits unless
you explicitly specify otherwise. You can set or clear the bits with
symbolic modes like u+s and g-s, and you can set (but not clear) the
bits with a numeric mode.
The original script is only supposed to handle damaged permissions whose s/t-bits are still correct. However, someone may also have inadvertently damaged those, too. This why I decided to use the symbolic modes.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.
