27

I just ran this a few seconds ago. I managed to do Ctrl - C as soon as I realized what I started doing.

So far the only directory it's started going through is /bin.

I'm afraid to do anything else. So far I realized I can't use su as my normal user anymore.

Luckily I still have another root terminal open. What do I do?

Worthwelle
  • 109
  • 4
Will
  • 441
  • 5
  • 13
  • 27
    Sounds like you got chowned there, buddy. – ta.speot.is Jan 25 '10 at 10:57
  • 4
    Now you understand the importance of backups. Do it regularly. – Juliano Jan 25 '10 at 12:45
  • At least he didn't chmod from root. That's a full-on disaster. At least rm -rf from root gives you more disk space and prepares you for a full system reinstall, chmod just leaves a real mess that's pretty hard to recover from by anything besides a complete system reinstall. The grass is brown on both sides of the fence, eh? – Fiasco Labs Dec 10 '11 at 19:24

8 Answers8

36

Redhat user:

chown 0:0 /bin/rpm && rpm -qa | xargs rpm --setugids

Debian/Ubuntu user:

chown 0:0 /bin/*  /usr/bin/*
chown daemon:daemon /usr/bin/at
chown 0:utmp /usr/bin/screen
chmod 02755 /usr/bin/screen
chmod u+s /bin/fusermount /bin/mount /bin/su /bin/mount
chmod u+s /usr/bin/sudo /usr/bin/passwd
screen

While screen is running do this at least twice:

dpkg --get-selections | awk '{ if ($2 == "install") print $1}' \
    | xargs apt-get install --reinstall --

Pay very close attention to the output because if it complains about something having the wrong permissions, you should fix it on another screen window.

Crash course in screen:

Control+A     - command key
Control+A a   - emit a control+A
Control+A n   - next "screen"
Control+A c   - create "screen"

Solaris user:

You're fucked.

pkgchk -R / -f -a

will reset all the permissions, but setuid-ness will still be broken. Use a backup, or another solaris machine to look for setuid/setgid scripts and files and fix them up manually.

THE IMPORTANT THING ABOUT BACKUPS

Is that you can recover them, not that you take them.

Other people have given you advice to take backups, but I want to add that you should be testing them. If you're using a unixish system, there is no reason whatsoever that you can't dump the files onto another machine periodically and make sure everything works.

Tobu
  • 4,367
  • 1
  • 23
  • 31
geocar
  • 2,307
  • 14
  • 10
10

Most everything in /bin/ should be owned by root:root, so if you run the following you can fix the ownership on those files:

chown root:root -R /bin/

You may also want to make sure the setuid bit is properly set on /bin/su, which you can fix with the following:

chmod 4755 /bin/su
epic9x
  • 1,618
  • 10
  • 9
  • 1
    On Ubuntu, it's especially important to do the same with sudo. I don't think that a root password is even set by default? By the way, I'd really recommend actually using sudo instead of root shells. The half-second it takes to type sudo normally stops mistakes like that in the tracks. Just working in a root shell is easier to miss... – Bernd Haug Jan 25 '10 at 07:35
  • 4
    http://paste.ubuntu.com/362468/ is a "ls -l /bin" from my Ubuntu 9.10 desktop. While I might not have exactly the same files installed as you, it should at least give you a good hint on which files need special permissions. – andol Jan 25 '10 at 09:03
  • @Bernd: Although I don't do that much admin work, I have noticed that I sudo fewer dumb things than I do as root. I may never use a root password ever again. (And, no, there is no default root password on Ubuntu, and I don't think there is one on MacOSX.) – David Thornley Jan 25 '10 at 14:49
  • @David: There definitely is no default root password on OS X, and setting one is mostly a mistake, IMO. There's almost always another, better way. The problem is that Macs are not too secure to begin with; I expect to see a lot of 'fun' once they have a larger install base to make RKs, Virii, Botnet clients &c profitable. – Bernd Haug Jan 25 '10 at 15:44
3

Be aware that the set-uid flags on any affected binaries may have been removed, too; this is a security feature of chown. Check with some other system which binaries have the set-uid or set-gid flags and be sure to set them on your binaries as well.

Teddy
  • 5,134
  • 1
  • 22
  • 27
3

I was going to explain the details of using RPM to reset file permissions, but I've found a site with a lot more information. It does also mention that Ubuntu/Debian (so .debs in general) don't support it.

But in general the option your looking for would be along the lines:

rpm --setugids {packagename}
Coops
  • 5,967
  • 1
  • 31
  • 52
  • This is on an ubuntu system, as indicated by the tags. This means that dpkg and .DEBs are used instead of rpm and .RPMs – Kevin M Jan 25 '10 at 15:44
2

If this was a debian system, I'd aptitude reinstall everything.

ptman
  • 27,124
  • 2
  • 26
  • 45
0

do you have a working backup? when yes, restore your bin folder.

otherwise, look at an other box where you installed the same version of ubuntu and chown to what you find on the working installation.

Christian
  • 4,645
  • 2
  • 23
  • 27
0

try this: find all www-data in /bin directory

# find /bin -user www-data

then change www-data back to the original user

# find /bin -user www-data -exec chown ORiginalUser {} \;

# then change www-data back to oringal group
# find /bin -group www-data -exec chgrp originaluser {} \;
squillman
  • 37,618
  • 10
  • 90
  • 145
0

Thanks all for the great responses, everything seems to be fixed now.

/bin/su worked once chmod'd to 4755 (not sure why chown changed the suid bit)

i didnt notice but it also started working through the /home directory but that was an easy enough fix (just set user:group to the user for each dir)

Will
  • 441
  • 5
  • 13