4

A client has accidentally given the entire filesystem full permissions on their ubuntu 10.04 box.

chmod -R 777 httpdocs/cd /

As you can see they attempted to cd to the root, and instead gave chmod a fun parameter to play with.

First sign of the problem was inability to use 'su', giving an authentication error. sudo also complained of a missing setuid bit. This was fixed by logging in as root from the machine itself, and running chmod +s /usr/bin/sudo.

I can now sudo su and do what I need to as root. su still gives an authentication failure.

I followed the advice here: http://swiss.ubuntuforums.org/showthread.php?t=1180661&page=2

chmod 0755 /
chmod 0755 /*
chmod 1777 /tmp
chmod 0750 /root
chmod 0700 /lost+found

I then tried to reset root password. I still cannot su to become root, or su root.

The system seems to be running fine. Are there any suggestions for getting su to work once again? Where can I look for more problems?

ncatnow
  • 141
  • 1
  • 1
  • 3

3 Answers3

15

I would actually consider doing a full reinstall of the system. Even if you manage to get most permissions right and that things seem to work there will most likely be some special permissions laying around, just waiting to cause trouble.

Alternatively I'd compare the permission with a second, possibly freshly installed, machine. Shouldn't be to hard together with your favorite scripting language.

andol
  • 6,848
  • 28
  • 43
  • 2
    I'd go with a reinstall. There's just too much to fix in this situation. – ThatGraemeGuy May 14 '10 at 12:46
  • I'm not a linux guy, but is there anyway to reinstall all the binaries of the system without overwriting the configuration files? – Chris S May 14 '10 at 13:01
  • 1
    Chris - you just need to do a full reinstall. Anything short of that will be setting yourself up for problems in the future. To be frank, if doing a re-install is that daunting for you, you either need to examine/test your backup procedures, get up to speed on linux administration, or both. – EEAA May 14 '10 at 13:31
  • @Chris This is why we all, always, perform backups of important files including config and .files. Lose them once, and you'll be sure to make backupa from then on. You could save the configs and `cat` their contents into the fresh install if really needed. – jscott May 14 '10 at 15:30
  • 1
    @ErikA & jscott - Thanks for the advice, but I'm not the one with the FUBAR server. I'm a BSD guy, and in most BSDs you could just reinstall all the binaries. I just wondered if there was something similar in Linux, I don't know because I stay far away. – Chris S May 14 '10 at 18:51
3

Wow...it happened to me once too...luckily was a home machine. I solved forcing a reinstall of all packages, so that all permission was set back. It was on debian anyway. I use apt-get install --reinstall $packages in a script that got all packages list. What the syslog or auth say when you try su?

Pier

PiL
  • 1,591
  • 8
  • 6
  • auth.log shows this: FAILED su for root by username - /dev/pts/3 username:root nothing in syslog cheers – ncatnow May 14 '10 at 12:04
  • Check permission of the devices /dev/pts (owned by root:tty 640)and give a look to the pam configuration /etc/pam.d. Anyway as Andol suggested, it'd be better to think about a full reinstallation. – PiL May 14 '10 at 12:45
0

Maybe the problem in absence of SUID bit?

Here are the files which should have it:

ip@ip:~$ ls -al /bin | grep rws
-rwsr-xr-x  1 root root  27256 2010-01-28 20:32 fusermount*
-rwsr-xr-x  1 root root  78096 2009-10-23 07:28 mount*
-rwsr-xr-x  1 root root  35600 2009-05-12 00:43 ping*
-rwsr-xr-x  1 root root  31368 2009-05-12 00:43 ping6*
-rwsr-xr-x  1 root root  36864 2009-07-31 16:59 su*
-rwsr-xr-x  1 root root  56616 2009-10-23 07:28 umount*

ip@ip:~$ ls -al /usr/bin | grep rws
-rwsr-xr-x  1 root   root       14640 2009-05-12 00:43 arping*
-rwsr-sr-x  1 daemon daemon     52112 2009-09-16 01:29 at*
-rwsr-xr-x  1 root   root       41864 2009-07-31 16:59 chfn*
-rwsr-xr-x  1 root   root       37128 2009-07-31 16:59 chsh*
-rwsr-xr-x  1 root   root       59752 2009-07-31 16:59 gpasswd*
-rwsr-xr-x  1 root   lpadmin    14256 2010-03-02 17:16 lppasswd*
-rwsr-xr-x  1 root   root       62368 2008-11-05 15:24 mtr*
-rwsr-xr-x  1 root   root       32384 2009-07-31 16:59 newgrp*
-rwsr-xr-x  1 root   root       42856 2009-07-31 16:59 passwd*
-rwsr-xr-x  1 root   root       14880 2009-10-16 14:43 pkexec*
-rwsr-xr-x  2 root   root      143736 2010-04-13 20:31 sudo*
-rwsr-xr-x  2 root   root      143736 2010-04-13 20:31 sudoedit*
-rwsr-xr-x  1 root   root       18848 2009-05-12 00:43 traceroute6.iputils*
-rwsr-sr-x  1 root   root       10536 2009-11-10 12:48 X*

Try to set execution+SUID on all of them (or at least at su) via

chmod u+xs file

UPD: note that for /usr/bin/at and /usr/bin/X you need to do also

chmod g+xs
igorp1024
  • 228
  • 3
  • 8