Restore default permissions to "/var" to CentOS installation


So I accidentally ran chmod -R 0777 /var and I need to revert that (let alone allow chmod the correct ssh directory so I can log back into it). I'm feeling screwed, can anyone help? The sooner the better, thanks.

Steven Pease

Posted 2012-04-05T14:54:23.920

Reputation: 121



There is for var

drwxr-xr-x 21 root root 4096 Apr 6 2011 var

and for '*var/**' subfolders on my host (CentOS 6)

drwxr-xr-x  6 root root 4096 Apr  2  2011 cache
drwxr-xr-x  2 root root 4096 Sep  3  2009 cvs
drwxr-xr-x  2 root root 4096 Jan 26  2010 db
drwxr-xr-x  3 root root 4096 Mar 15  2011 empty
drwxr-xr-x  3 root root 4096 Mar 15  2011 ftp
drwxr-xr-x  2 root root 4096 Jan 26  2010 games
drwxr-xr-x 21 root root 4096 Apr  6  2011 lib
drwxr-xr-x  2 root root 4096 Jan 26  2010 local
drwxrwxr-x  5 root lock 4096 Apr  5 04:02 lock
drwxr-xr-x  6 root root 4096 Apr  5 04:02 log
lrwxrwxrwx  1 root root   10 Mar 15  2011 mail -> spool/mail
drwxr-xr-x  2 root root 4096 Jan 26  2010 nis
drwxr-xr-x  2 root root 4096 Jan 26  2010 opt
drwxr-xr-x  2 root root 4096 Jan 26  2010 preserve
drwxr-xr-x 14 root root 4096 Feb  2 07:39 run
drwxr-xr-x  7 root root 4096 Mar 15  2011 spool
drwxr-xr-x  4 root root 4096 Apr  9  2011 svn
drwxrwxrwt  4 root root 4096 Jan 31 19:58 tmp
drwxr-xr-x  6 root root 4096 Mar 15  2011 www
drwxr-xr-x  2 root root 4096 Jan 26  2010 yp

Maksym Polshcha

Posted 2012-04-05T14:54:23.920

Reputation: 136


All your files are now executable as well in all subdirectories to /var. This could be solved by e.g. find and chmod, but it is difficult to know which ones were supposed to be executable to begin with.

On my system, the few executable files below /var are

  • the ones ending with

    • .preinst
    • .prerm
    • .postinst
    • .postrm

    in /var/lib/dpkg/info,

  • /var/lib/apt-xapian-index/update-lock
  • /var/lib/shorewall/.restore
  • /var/lib/shorewall/.restart
  • /var/lib/shorewall/firewall
  • /var/lib/shorewall/.start
  • /var/lib/dkms/nvidia/295.33/build/

If I had to restore the executable bit after sudo chmod 777 -R /var, I could thus run

sudo find /var -type f -exec chmod -x {} +

and then manually set chmod +x on the files I listed above, but you will also have problems restoring permissions on files and directories that previously were completely forbidden for anyone (but root) to read, which concerns many more files.

The lasting problem is security, but mostly if someone is able to log in as a regular user on the computer. If it's a single user system with a low threat level, you could probably keep going and just take it as a lesson. Had it been something else, a re-install would be the simplest way to fix everything.

Permissions are central in file handling on *nix. It's a quite destructive operation to completely wipe all of them on a fundamental directory tree; and thus quite difficult to restore as well.

Daniel Andersson

Posted 2012-04-05T14:54:23.920

Reputation: 20 465