0

I have accidently ran chmod 444 -R myfoler /.
Because of a space it changed root dir permission , I have immediately stopped but now all my login are disabled except root.

Please need help asap.

debug output from ssh to my user from root terminal.

OpenSSH_6.2p2, OpenSSL 0.9.8j-fips 07 Jan 2009
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 31: Applying options for *
debug2: ssh_connect: needpriv 0
debug1: Connecting to <IP> [<IP>] port 22.
debug1: Connection established.
debug1: permanently_set_uid: 0/0
debug3: Incorrect RSA1 identifier
debug3: Could not load "/root/.ssh/id_rsa" as a RSA1 public key
debug1: identity file /root/.ssh/id_rsa type 1
debug1: identity file /root/.ssh/id_rsa-cert type -1
debug1: identity file /root/.ssh/id_dsa type -1
debug1: identity file /root/.ssh/id_dsa-cert type -1
debug1: identity file /root/.ssh/id_ecdsa type -1
debug1: identity file /root/.ssh/id_ecdsa-cert type -1
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_6.2
debug1: Remote protocol version 2.0, remote software version OpenSSH_6.2
debug1: match: OpenSSH_6.2 pat OpenSSH*
debug2: fd 3 setting O_NONBLOCK
debug3: load_hostkeys: loading entries for host "<IP>" from file "/root/.ssh/known_hosts"
debug3: load_hostkeys: found key type ECDSA in file /root/.ssh/known_hosts:181
debug3: load_hostkeys: loaded 1 keys
debug3: load_hostkeys: loading entries for host "<IP>" from file "/etc/ssh/ssh_known_hosts"
debug3: load_hostkeys: loaded 0 keys
debug3: order_hostkeyalgs: prefer hostkeyalgs: ecdsa-sha2-nistp256-cert-v01@openssh.com,ecdsa-sha2-nistp384-cert-v01@openssh.com,ecdsa-sha2-nistp521-cert-v01@openssh.com,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug2: kex_parse_kexinit: ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1
debug2: kex_parse_kexinit: ecdsa-sha2-nistp256-cert-v01@openssh.com,ecdsa-sha2-nistp384-cert-v01@openssh.com,ecdsa-sha2-nistp521-cert-v01@openssh.com,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,ssh-rsa-cert-v01@openssh.com,ssh-dss-cert-v01@openssh.com,ssh-rsa-cert-v00@openssh.com,ssh-dss-cert-v00@openssh.com,ssh-rsa,ssh-dss
debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijndael-cbc@lysator.liu.se
debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijndael-cbc@lysator.liu.se
debug2: kex_parse_kexinit: hmac-md5-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-ripemd160-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,hmac-md5,hmac-sha1,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: hmac-md5-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-ripemd160-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,hmac-md5,hmac-sha1,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: none,zlib@openssh.com,zlib
debug2: kex_parse_kexinit: none,zlib@openssh.com,zlib
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit: first_kex_follows 0
debug2: kex_parse_kexinit: reserved 0
debug2: kex_parse_kexinit: ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1
debug2: kex_parse_kexinit: ssh-rsa,ssh-dss,ecdsa-sha2-nistp256
debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijndael-cbc@lysator.liu.se
debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijndael-cbc@lysator.liu.se
debug2: kex_parse_kexinit: hmac-md5-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-ripemd160-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,hmac-md5,hmac-sha1,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: hmac-md5-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-ripemd160-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,hmac-md5,hmac-sha1,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: none,zlib@openssh.com
debug2: kex_parse_kexinit: none,zlib@openssh.com
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit: first_kex_follows 0
debug2: kex_parse_kexinit: reserved 0
debug2: mac_setup: found hmac-md5-etm@openssh.com
debug1: kex: server->client aes128-ctr hmac-md5-etm@openssh.com none
debug2: mac_setup: found hmac-md5-etm@openssh.com
debug1: kex: client->server aes128-ctr hmac-md5-etm@openssh.com none
debug1: sending SSH2_MSG_KEX_ECDH_INIT
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
debug1: Server host key: ECDSA b4:71:98:9c:e9:8f:b2:f1:0a:84:e6:a5:29:a1:83:e6 [MD5]
debug3: load_hostkeys: loading entries for host "<IP>" from file "/root/.ssh/known_hosts"
debug3: load_hostkeys: found key type ECDSA in file /root/.ssh/known_hosts:181
debug3: load_hostkeys: loaded 1 keys
debug3: load_hostkeys: loading entries for host "<IP>" from file "/etc/ssh/ssh_known_hosts"
debug3: load_hostkeys: loaded 0 keys
debug1: Host '<IP>' is known and matches the ECDSA host key.
debug1: Found key in /root/.ssh/known_hosts:181
debug1: ssh_ecdsa_verify: signature correct
debug2: kex_derive_keys
debug2: set_newkeys: mode 1
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug2: set_newkeys: mode 0
debug1: SSH2_MSG_NEWKEYS received
debug1: Roaming not allowed by server
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug2: service_accept: ssh-userauth
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug2: key: /root/.ssh/id_rsa (0x7fdf28796350),
debug2: key: /root/.ssh/id_dsa ((nil)),
debug2: key: /root/.ssh/id_ecdsa ((nil)),
debug1: Authentications that can continue: publickey,keyboard-interactive,hostbased
debug3: start over, passed a different list publickey,keyboard-interactive,hostbased
debug3: preferred publickey,keyboard-interactive,password
debug3: authmethod_lookup publickey
debug3: remaining preferred: keyboard-interactive,password
debug3: authmethod_is_enabled publickey
debug1: Next authentication method: publickey
debug1: Offering RSA public key: /root/.ssh/id_rsa
debug3: send_pubkey_test
debug2: we sent a publickey packet, wait for reply
debug1: Authentications that can continue: publickey,keyboard-interactive,hostbased
debug1: Trying private key: /root/.ssh/id_dsa
debug3: no such identity: /root/.ssh/id_dsa: No such file or directory
debug1: Trying private key: /root/.ssh/id_ecdsa
debug3: no such identity: /root/.ssh/id_ecdsa: No such file or directory
debug2: we did not send a packet, disable method
debug3: authmethod_lookup keyboard-interactive
debug3: remaining preferred: password
debug3: authmethod_is_enabled keyboard-interactive
debug1: Next authentication method: keyboard-interactive
debug2: userauth_kbdint
debug2: we sent a keyboard-interactive packet, wait for reply
debug2: input_userauth_info_req
debug2: input_userauth_info_req: num_prompts 1
Password:
debug3: packet_send2: adding 32 (len 17 padlen 15 extra_pad 64)
debug2: input_userauth_info_req
debug2: input_userauth_info_req: num_prompts 0
debug3: packet_send2: adding 48 (len 6 padlen 10 extra_pad 64)
debug1: Authentication succeeded (keyboard-interactive).
Authenticated to <IP> ([<IP>]:22).
debug1: channel 0: new [client-session]
debug3: ssh_session2_open: channel_new: 0
debug2: channel 0: send open
debug1: Requesting no-more-sessions@openssh.com
debug1: Entering interactive session.
debug2: callback start
debug2: fd 3 setting TCP_NODELAY
debug3: packet_set_tos: set IP_TOS 0x10
debug2: client_session2_setup: id 0
debug2: channel 0: request pty-req confirm 1
debug1: Sending environment.
debug3: Ignored env JDK7_64_ROOT
debug3: Ignored env LESSKEY
debug3: Ignored env NNTPSERVER
debug3: Ignored env INFODIR
debug3: Ignored env MANPATH
debug3: Ignored env HOSTNAME
debug3: Ignored env JRE6_64_HOME
debug3: Ignored env XKEYSYMDB
debug3: Ignored env HOST
debug3: Ignored env TERM
debug3: Ignored env SHELL
debug3: Ignored env PROFILEREAD
debug3: Ignored env HISTSIZE
debug3: Ignored env SSH_CLIENT
debug3: Ignored env PERL5LIB
debug3: Ignored env JRE6_64_ROOT
debug3: Ignored env JDK8_64_BINDIR
debug3: Ignored env MORE
debug3: Ignored env OLDPWD
debug3: Ignored env SSH_TTY
debug3: Ignored env GSCMAN
debug3: Ignored env JDK7_64_BINDIR
debug3: Ignored env GSCBIN
debug3: Ignored env USER
debug3: Ignored env LS_COLORS
debug3: Ignored env GSCSBIN
debug3: Ignored env XNLSPATH
debug3: Ignored env TTU_PATH
debug3: Ignored env ENV
debug3: Ignored env JDK7_64_HOME
debug3: Ignored env HOSTTYPE
debug3: Ignored env FROM_HEADER
debug3: Ignored env JRE7_64_HOME
debug3: Ignored env PAGER
debug3: Ignored env CSHEDIT
debug3: Ignored env XDG_CONFIG_DIRS
debug3: Ignored env MINICOM
debug3: Ignored env JDK6_64_BINDIR
debug3: Ignored env MAIL
debug3: Ignored env PATH
debug3: Ignored env JRE5_64_ROOT
debug3: Ignored env JRE5_64_BINDIR
debug3: Ignored env CPU
debug3: Ignored env JRE8_64_BINDIR
debug3: Ignored env SSH_SENDS_LOCALE
debug3: Ignored env JDK6_64_HOME
debug3: Ignored env INPUTRC
debug3: Ignored env PWD
debug3: Ignored env JRE8_64_HOME
debug3: Ignored env JAVA_HOME
debug3: Ignored env JDK8_64_ROOT
debug1: Sending env LANG = en_US.UTF-8
debug2: channel 0: request env confirm 0
debug3: Ignored env PYTHONSTARTUP
debug3: Ignored env JDK8_64_HOME
debug3: Ignored env JRE7_64_BINDIR
debug3: Ignored env QT_SYSTEM_DIR
debug3: Ignored env SHLVL
debug3: Ignored env HOME
debug3: Ignored env GSCLIB
debug3: Ignored env LESS_ADVANCED_PREPROCESSOR
debug3: Ignored env OSTYPE
debug3: Ignored env LS_OPTIONS
debug3: Ignored env XCURSOR_THEME
debug3: Ignored env WINDOWMANAGER
debug3: Ignored env G_FILENAME_ENCODING
debug3: Ignored env LESS
debug3: Ignored env MACHTYPE
debug3: Ignored env LOGNAME
debug3: Ignored env JRE7_64_ROOT
debug3: Ignored env XDG_DATA_DIRS
debug3: Ignored env JDK6_64_ROOT
debug3: Ignored env SSH_CONNECTION
debug3: Ignored env LESSOPEN
debug3: Ignored env JRE6_64_BINDIR
debug3: Ignored env INFOPATH
debug3: Ignored env JRE5_64_HOME
debug3: Ignored env LESSCLOSE
debug3: Ignored env G_BROKEN_FILENAMES
debug3: Ignored env HISTTIMEFORMAT
debug3: Ignored env JRE8_64_ROOT
debug3: Ignored env COLORTERM
debug3: Ignored env _
debug2: channel 0: request shell confirm 1
debug2: callback done
debug2: channel 0: open confirm rwindow 0 rmax 32768
debug2: channel_input_status_confirm: type 99 id 0
debug2: PTY allocation request accepted on channel 0
debug2: channel 0: rcvd adjust 2097152
debug2: channel_input_status_confirm: type 99 id 0
debug2: shell request accepted on channel 0
Last login: Thu May 31 14:24:25 2018 from <IP>
Could not chdir to home directory /data/user/gg_user/: Permission denied
/bin/bash: Permission denied
debug2: channel 0: rcvd eof
debug2: channel 0: output open -> drain
debug2: channel 0: obuf empty
debug2: channel 0: close_write
debug2: channel 0: output drain -> closed
debug1: client_input_channel_req: channel 0 rtype exit-status reply 0
debug1: client_input_channel_req: channel 0 rtype eow@openssh.com reply 0
debug2: channel 0: rcvd eow
debug2: channel 0: close_read
debug2: channel 0: input open -> closed
debug2: channel 0: rcvd close
debug3: channel 0: will not send data after close
debug2: channel 0: almost dead
debug2: channel 0: gc: notify user
debug2: channel 0: gc: user detached
debug2: channel 0: send close
debug2: channel 0: is dead
debug2: channel 0: garbage collecting
debug1: channel 0: free: client-session, nchannels 1
debug3: channel 0: status: The following connections are open:
  #0 client-session (t4 r0 i3/0 o3/0 fd -1/-1 cc -1)

Connection to <IP> closed.
Transferred: sent 3076, received 2492 bytes, in 0.0 seconds
Bytes per second: sent 864086.7, received 700033.9
HBruijn
  • 72,524
  • 21
  • 127
  • 192
anwaar_hell
  • 101
  • 2
  • 2
    Restore from back-up or copy your data now and re-install. – HBruijn May 31 '18 at 12:02
  • @HBruijn..thanks for quick reply but this production system and we haven't enabled backup till now. – anwaar_hell May 31 '18 at 12:04
  • if you don't have another backup there are not much solutions here, compare your system with another system and restore permissions. (in particular in /etc,/var,/home etc.) you can script it easily to make an export from the other system and apply it on your current system – olivierg May 31 '18 at 12:06
  • [This answer](https://serverfault.com/a/106057/37681) details how you can use the package manager to reset permissions from packaged software, but that doesn't restore **all** permissions. - But essentially your system is broken and you won't be able to completely fix it - [I roughly described here](https://serverfault.com/a/857697/37681) how you can use the permissions on second server to create a restore script – HBruijn May 31 '18 at 12:06
  • @HBruijn it is SUSE linux. – anwaar_hell May 31 '18 at 12:09
  • @olivierg do you link to any such script that may help. – anwaar_hell May 31 '18 at 12:15
  • @HBruijn somehow we are saved as i ran chmod 755 -R at root level and now we are back to normal.May be I was lucky to cancel my command at the right time..:) Thanks for your link.. – anwaar_hell May 31 '18 at 15:10
  • 1
    You're most certainly _not_ back to normal. After chmod 755 -R your system is _not_ fit for continued production use. The things you use everyday may work, but its security is definitely reduced as you made files and folders world readable that shouldn't be, and some functionality will most probably also be broken because of loss of things like setuid bits. Do yourself a favor and rebuild that system ASAP. – Tilman Schmidt Jun 01 '18 at 18:25

0 Answers0