LinuxQuestions.org
Download your favorite Linux distribution at LQ ISO.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Distributions > Ubuntu
User Name
Password
Ubuntu This forum is for the discussion of Ubuntu Linux.

Notices


Reply
  Search this Thread
Old 09-01-2007, 03:25 AM   #1
GhostCow
Member
 
Registered: Aug 2007
Posts: 47

Rep: Reputation: 15
accidently changed root privileges


hello ive been messing around with my linux and by accident i did this:
chmod -R 777 /*
now im getting errors like
"cant set gid" "cant set uid" or something, which are preventing me from switching to root, or using "sudo".
i'm running ubuntu 7.04
how do i undo this mess?
 
Old 09-01-2007, 07:28 AM   #2
pixellany
LQ Veteran
 
Registered: Nov 2005
Location: Annapolis, MD
Distribution: Mint
Posts: 17,809

Rep: Reputation: 743Reputation: 743Reputation: 743Reputation: 743Reputation: 743Reputation: 743Reputation: 743
You gave everybody full read/write/execute privileges on every file and directory in the system. I'd say the easy fix would be to re-install the OS.
 
Old 09-01-2007, 08:52 AM   #3
b0uncer
LQ Guru
 
Registered: Aug 2003
Distribution: CentOS, OS X
Posts: 5,131

Rep: Reputation: Disabled
There's no "undo" function for that. You should be aware of running recursive commands like that, especially on the root of the filesystem. Usually user permissions would prevent you from doing things like that (for other files than those you own), but seems like you ran the command with higher privileges; maybe with sudo. Anyway, it can't be just undone, you have two choices: either review a working system, see what the permissions should be per each file you changed and use chmod to change the permissions back (takes a veeeeeeeeeeeery long time, or even longer) OR reinstall the thing. In the latter case, take a backup of your /home/username homedirectory, install the OS again (overwriting the existing installation) and put the backup back. Then make sure your _own_ files' permissions in your homedirectory are set up correctly, by running chmod recursively on your _own_ home directory (to take away the 7-rights from other users than you to your files).

This is why root account usage is dangerous, if it's "just done" and not thought about twice
 
Old 09-01-2007, 08:57 AM   #4
GhostCow
Member
 
Registered: Aug 2007
Posts: 47

Original Poster
Rep: Reputation: 15
hehe i noticed later that there is a very clear flag to prevent this...
my system is broken anyhow so a reinstall would be fine...
thanks anyway guys :P
 
Old 09-01-2007, 09:05 AM   #5
jschiwal
LQ Guru
 
Registered: Aug 2001
Location: Fargo, ND
Distribution: SuSE AMD64
Posts: 15,733

Rep: Reputation: 680Reputation: 680Reputation: 680Reputation: 680Reputation: 680Reputation: 680
Check if your package system has the equivalent of rpm's --setperms and --setugids options. You may be able to fix the permission problems that way. Start with the package that supplies the filesystem. It might be called base or filesystem, however I'm not familiar with Ubuntu to say. In the future, leave things outside your home directory alone. Making system directories world writable is very dangerous. When windows did it with the C: drive viruses could spread like wildfire.
 
Old 09-01-2007, 09:28 AM   #6
GhostCow
Member
 
Registered: Aug 2007
Posts: 47

Original Poster
Rep: Reputation: 15
what permissions should i give my base apps?

edit: i read online that debian based systems dont have that option in the package manager.. shame... any other suggestions?

Last edited by GhostCow; 09-01-2007 at 09:33 AM.
 
Old 09-01-2007, 09:37 AM   #7
pixellany
LQ Veteran
 
Registered: Nov 2005
Location: Annapolis, MD
Distribution: Mint
Posts: 17,809

Rep: Reputation: 743Reputation: 743Reputation: 743Reputation: 743Reputation: 743Reputation: 743Reputation: 743
Quote:
Originally Posted by GhostCow View Post
what permissions should i give my base apps?
Unless you have a good reason, leave all the permissions they way they are setup at installation.

More generic answer: Set the permissions according to how your system is going to be used. Only you know who should have permission to do what. With applications (base or otherwise), the execute permission is the important one. Do you have users that you don't want to have access to certain applications? ...Do you want to be forced to su to root in order to mount something?
 
Old 09-01-2007, 09:45 AM   #8
jschiwal
LQ Guru
 
Registered: Aug 2001
Location: Fargo, ND
Distribution: SuSE AMD64
Posts: 15,733

Rep: Reputation: 680Reputation: 680Reputation: 680Reputation: 680Reputation: 680Reputation: 680
If you mount an external drive, for storage, you might want to make yourself the owner and group owner of the drive and use 770 permissions on all of the directories. If you are setting up a directory to share on the network, and it is globally writable, the set the sticky bit on the directory. The ownership's and permissions on system directories should stay the way the system sets them up. Usually the owner and group owner is root. Files like /etc/passwd need to be read by programs running as a user, while other files may be private to root or owned by a system users such as mysql.

For some services, like sshd, you will want to make some changes to the configuration files to make the service more secure. Mysql comes with a large manual, and there is a chapter on securing it.
 
Old 09-01-2007, 11:00 AM   #9
GhostCow
Member
 
Registered: Aug 2007
Posts: 47

Original Poster
Rep: Reputation: 15
ok i understand the security issues, but i have a problem - i cant run sudo or su at all!
why is that?
how can i fix that?
i will deal with the security later, i need a root shell right now though...
 
Old 09-01-2007, 11:40 AM   #10
pixellany
LQ Veteran
 
Registered: Nov 2005
Location: Annapolis, MD
Distribution: Mint
Posts: 17,809

Rep: Reputation: 743Reputation: 743Reputation: 743Reputation: 743Reputation: 743Reputation: 743Reputation: 743
Quote:
Originally Posted by GhostCow View Post
ok i understand the security issues, but i have a problem - i cant run sudo or su at all!
why is that?
how can i fix that?
i will deal with the security later, i need a root shell right now though...
Based on the earlier description, I suggested re-installing. If you don't want to do that, you can maybe recover control by booting into single-user mode, or by editing the /etc/passwd file.

single-user mode:
reboot, and then stop the grub countdown with the tab key. Get into edit mode and enter "single" at the end of the kernel line. then boot.

edit passwd:
boot from live CD (eg you install CD) and mount the partition where / is mounted. Edit the /etc/passwd file to remove the first "x" in the entry for <username>. reboot and you should be able to log in without a password.
You can also do this to the root entry to enable root login, but it probably will still not allow root to log in to the GUI.
 
Old 09-01-2007, 12:23 PM   #11
jschiwal
LQ Guru
 
Registered: Aug 2001
Location: Fargo, ND
Distribution: SuSE AMD64
Posts: 15,733

Rep: Reputation: 680Reputation: 680Reputation: 680Reputation: 680Reputation: 680Reputation: 680
If you don't want to reinstall or can't or can't restore from a backup, this list from my system might help you get started fixing the permissions. You will probably need to boot up with a rescue disk at first.
Code:
jschiwal@hpamd64:~> find / -maxdepth 2 -type d -perm 0755 >dirpermlist
find: /lost+found: Permission denied
find: /root: Permission denied
jschiwal@hpamd64:~> cat dirpermlist
/
/dev
/dev/mapper
/dev/bus
/dev/snd
/dev/.udev
/dev/net
/dev/disk
/dev/input
/dev/pts
/mnt
/mnt/grafpup
/mnt/cr256
/mnt/hpmedia
/mnt/delllap
/mnt/cdrom
/mnt/enc
/mtpoint
/sbin
/sbin/conf.d
/sys
/sys/module
/sys/block
/sys/kernel
/sys/power
/sys/firmware
/sys/class
/sys/bus
/sys/devices
/sys/fs
/home
/home/gues
/boot
/boot/grub
/lib
/lib/mkinitrd
/lib/udev
/lib/security
/lib/modules
/lib/lsb
/lib/firmware
/lib/YaST
/lib/apparmor
/etc
/etc/mono
/etc/mms
/etc/xen
/etc/skel
/etc/rpmlint
/etc/named.d
/etc/gconf
/etc/modprobe.d
/etc/lsb-release.d
/etc/syslog-ng
/etc/ssh
/etc/chipcard3
/etc/htdig
/etc/zmd
/etc/mplayer
/etc/java
/etc/postfix
/etc/avahi
/etc/cron.monthly
/etc/udev
/etc/dev.d
/etc/gpm
/etc/sane.d
/etc/NetworkManager
/etc/bonobo-activation
/etc/init.d
/etc/xinetd.d
/etc/kde4
/etc/pm
/etc/pwdutils
/etc/xml
/etc/bluetooth
/etc/ttf2pk
/etc/aliases.d
/etc/resmgr.conf.d
/etc/pam.d
/etc/racoon
/etc/powertweak
/etc/ivman
/etc/security
/etc/unixODBC
/etc/mail
/etc/preload.d
/etc/apparmor.d
/etc/bash_completion.d
/etc/pcmcia
/etc/joe
/etc/gre.d
/etc/susehelp.d
/etc/sysconfig
/etc/permissions.d
/etc/samba
/etc/bootsplash
/etc/SuSEconfig
/etc/xstroke
/etc/hal
/etc/ifplugd
/etc/PolicyKit
/etc/cron.weekly
/etc/ld.so.conf.d
/etc/ndiswrapper
/etc/foomatic
/etc/beagle
/etc/iproute2
/etc/pptp.d
/etc/openldap
/etc/texmf
/etc/hp
/etc/default
/etc/YaST2
/etc/cron.hourly
/etc/sgml
/etc/sasl2
/etc/ghostscript
/etc/fonts
/etc/opt
/etc/.java
/etc/acpi
/etc/RCS
/etc/alsa.d
/etc/enlightenment
/etc/apache2
/etc/lvm
/etc/logrotate.d
/etc/cron.daily
/etc/cron.d
/etc/snmp
/etc/gxine
/etc/ntop
/etc/rpm
/etc/xdg
/etc/dbus-1
/etc/slp.reg.d
/etc/ssl
/etc/xscreensaver
/etc/alternatives
/etc/apparmor
/etc/profile.d
/etc/reader.conf.d
/etc/X11
/var
/var/adm
/var/X11R6
/var/cache
/var/lib
/var/log
/var/opt
/var/spool
/var/yp
/var/run
/media
/media/xmms_audio_cd
/usr
/usr/java
/usr/src
/usr/sbin
/usr/include
/usr/X11R6
/usr/local
/usr/games
/usr/lib
/usr/man
/usr/share
/usr/x86_64-suse-linux
/usr/lib64
/usr/bin
/opt
/opt/gnome
/opt/kde3
/lib64
/lib64/evms
/lib64/security
/lib64/ast
/srv
/srv/www
/srv/ftp
/bin
Your failure to use sudo may be to to resetting the suid bit:
Code:
find /bin /usr/bin /sbin/ /usr/sbin/ -perm -4000
/bin/umount
/bin/su
/bin/ping
/bin/mount
/bin/eject
/bin/ping6
/usr/bin/ncpmount
/usr/bin/newgrp
/usr/bin/ncpumount
/usr/bin/ncplogin
/usr/bin/ncpmap
/usr/bin/fusermount
/usr/bin/enlightenment_sys
/usr/bin/chfn
/usr/bin/v4l-conf
/usr/bin/expiry
/usr/bin/fileshareset
/usr/bin/chage
/usr/bin/Xorg
/usr/bin/passwd
/usr/bin/nwsfind
/usr/bin/man
/usr/bin/at
/usr/bin/crontab
/usr/bin/chsh
/usr/bin/gpasswd
/usr/bin/mandb
/usr/bin/lppasswd
/usr/bin/sudo
/sbin/pccardctl
/usr/sbin/zypp-checkpatches-wrapper
/usr/sbin/suexec2
/usr/sbin/mtr
/usr/sbin/mgnokiidev
 
Old 09-02-2007, 03:06 AM   #12
GhostCow
Member
 
Registered: Aug 2007
Posts: 47

Original Poster
Rep: Reputation: 15
hey guys just to make myself perfectly clear:
i backed up ALL my data before i started joshing around with my system.
this whole shindig is for educational purposes only!
right now im learning linux by trial and error, and i wanted to know why i get setuid and setgid errors after i changed the root dir permissions.

Quote:
Your failure to use sudo may be to to resetting the suid bit:
ill google this later thanks alot!
 
Old 09-05-2007, 05:49 AM   #13
GhostCow
Member
 
Registered: Aug 2007
Posts: 47

Original Poster
Rep: Reputation: 15
update: thanks for the tips, i managed to fix su and sudo, by resetting the sid and gid bit for /usr/bin/sudo and setting the gid bit for /bin/su, all through single user mode boot.

so thanks guys!
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
USB HD Needs Root Privileges rrrssssss Linux - Hardware 3 11-13-2005 04:08 PM
How to mount without root privileges? ni0wn Slackware 3 09-15-2004 05:03 PM
User with root privileges ShakyJake Linux - Newbie 2 06-18-2004 12:12 PM
root privileges and permissions evil_lafta Slackware 7 08-20-2003 09:37 PM
HELP accidently unmounted root!! stateq2 Linux - General 4 07-13-2003 01:17 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Distributions > Ubuntu

All times are GMT -5. The time now is 10:06 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration