[sllug-members]: Re: CHMOD Big Oops!
Mike Bourgeous
i_am_nitrogen at hotmail.com
Wed Oct 25 20:36:52 MDT 2006
If you want a quick-and-dirty way of getting to a somewhat sane state, try
setting
everything in a bin/ or lib/ directory to 755, all directories themselves to
755, and
everything else to 644. Then, fix your critical files in /etc (it's
probably okay if
/etc is 744 instead of 755 if you want things secure), such as /etc/shadow.
Finally,
as packages start complaining about unwritable log or database directories,
add
back group write permissions in /var as needed.
It is also possible that the debian packages themselves have this
information, and
a package installation integrity check might fix it. I'm running etch(ish)
on my
server, so I might be able to provide a minimal amount of information if it
would
be helpful (though I probably wouldn't have time or desire to produce a full
tree listing).
find / -type d is your friend; if you accidentally end up removing exec
perms from
a directory, you'll need to run it multiple times to get all the way through
the
tree.
Hope this helps.
Mike Bourgeous
>From: David D Turley <turley at juno.com>
>Reply-To: Salt Lake Linux Users Group Discussions <sllug-members at sllug.org>
>To: sllug-members at sllug.org
>CC: plug at plug.org
>Subject: [sllug-members]: Re: CHMOD Big Oops!
>Date: Wed, 25 Oct 2006 07:04:51 -0600
>
>On Tue, 24 Oct 2006 22:22:00 -0600 David D Turley <turley at juno.com>
>writes:
> > Ok, lets say I "accidently" executed the command:
> >
> > chmod -R 777 .
> >
> > from the root directory. What do I need to do to re-secure my
> > system and
> > undo this big oops?
> >
> > System: Debian - Etch
> >
> > ______________________________________________________________________
>
>
>Thank you all for your responses. Thankfully, this is not a production
>system and my job/life does not depend on this (Thanks for the offer
>Ryan!!). This is merely a LAN box that is my
>DHCP/DNS/NTP/SAMBA/Apache(local)/Debian Mirror/Local Backup box. I was
>writing (yet) another script to try and simplify my life when my "spacing
>thumb" got in the way and a line that should have read:
>
>chmod -R 777 /path/to/some/apache/public/share/.
>became
>chmod -R 777 /path/to/some/apache/public/share/ .
>
>This was executed several times to see if the desired result accored (it
>did), and was added shortly to a Samba POSTEXEC. When my logfile
>exploded is when I saw the error of my ways and the unexepected results
>of my command. Luckily the only two accounts on the box are mine and
>root, and they only real "public" access would be anybody who could get
>through my WPA wifi, and directly get to Apache or Samba.
>
>My initial thought was to somehow chmod back/reduce access to the /etc
>and /home directories and password locations and very specific
>commands...
>
>Any ideas before I spend several days rebuilding? Once again my name
>gets added to the Linux Cautionary Tales list...<sigh!> Thanks again to
>all the earlier responders!!!
>
>Later,
>Dave
>______________________________________________________________________
>See http://www.sllug.org/ for latest SLLUG news, information, links.
>Join SLLUG and other UT LUG members on irc.FreeNode.net channel #Utah
>sllug-members at sllug.org
>http://www.sllug.org/cgi-bin/mailman/listinfo/sllug-members
_________________________________________________________________
Try the next generation of search with Windows Live Search today!
http://imagine-windowslive.com/minisites/searchlaunch/?locale=en-us&source=hmtagline
More information about the sllug-members
mailing list