8
2
I accidentally performed the command chown -R root / while trying to change the permissions to the public folder of my rails app. I believed this changed the permissions to all my folders on the / directory. So my question is, how dangerous is this, in fact the better question would be, is there anyway to undo this?
user1938700
Posted 2013-02-18T16:20:42.200
Reputation: 81
7
One way to mitigate the issue here (not resolve, but help you out of a hole) is to run a process on a similar system to collect the appropriate ownerships for the files. I appreciate the chances of an exact match are somewhat slim, but if both the o/s's are at the same level with similar packages installed you might be lucky.
Once you have collected the file permissions into a file, you could then run a process on your own system to read the files and perms/ownerships from the good one and replace them on yours. I have a couple of small home-grown apps on Linux that do just this.
E.g.
777*0*0*S*16*1334559119*1334532895*1361208513*/usr/lib32/*libgomp.so.1
644*0*0*F*67370*1359536382*1359374461*1359717843*/usr/lib32/*librt.a
644*0*0*F*59044*1334559119*1334532931*1355405098*/usr/lib32/*libgomp.so.1.0.0
644*0*0*F*1238*1359536382*1359374461*1359717843*/usr/lib32/*libBrokenLocale.a
777*0*0*S*17*1359536382*1359374460*1361208513*/usr/lib32/*libdl.so
644*0*0*F*905712*1334559116*1334533011*1355405098*/usr/lib32/*libstdc++.so.6.0.16
777*0*0*S*15*1333306601*1323929512*1361208513*/usr/lib32/*libbz2.so.1.0
777*0*0*S*24*1359536382*1359374460*1361208513*/usr/lib32/*libnss_files.so
644*0*0*F*1128*1359536382*1359374462*1359717843*/usr/lib32/*crt1.o
RWX * UID * GID * other stuff * directory * filename
FreudianSlip
Posted 2013-02-18T16:20:42.200
Reputation: 592
5
First of all, stop the command if it is still running!
Now everything will belong to root and that is quite problematic.
You should try to restore information from your latest backup.
It is also important not to restart the system before checking all the applications running and the user launching them on boot. If you do, some of them may not start properly due to permissions problems.
Good luck.
fedorqui
Posted 2013-02-18T16:20:42.200
Reputation: 1 517
3
Very and not quite.
"Very" in the sense that if the command has indeed gone through, your security is screwed. You now do not know which paths have what owners and who should be allowed to do what.
"Not quite" in the sense -- are you sure you were root when you did it and did the command go through to the end? If you've cancelled it, as soon as you saw it, then you might be lucky and the repair may be low. If you weren't root, this command shouldn't have been able to do it, unless you did something like sudo ....
There is no single remedy to this. If you have a backup, you can restore to it. You might need to check the ownerships in the backup and apply them. If you have been using a rootkit (say rkhunter) checker, it might have a list of the most basic ownerships and possibly be able to fix it. (Not quite likely).
carlspring
Posted 2013-02-18T16:20:42.200
Reputation: 140
2
On Fedora at least, the RPM command has the options --setperms and --setugids, using those you can fix most of the system owned files like rpm --setugids -a. To (somewhat) fix the files for each user, you can do for each one chown -R user /home/user. There probably will be leftovers that haven't been fixed by the above, particularly if you have some sort of server (web, ftp, others), those will have to be handled one by one.
Probably other distributions have similar mechanisms. Or do a full refresh (i.e., install everything anew, like it was somehow damaged. OK, it was somehow damaged.)
[Yes, this is yet again Unix' rather cruel way of teaching unsuspecting users to consider each command carefully before pressing ENTER, and to use root sparingly. Consider yourself taught.]
vonbrand
Posted 2013-02-18T16:20:42.200
Reputation: 2 083
setuid and setgid permissions need to be set by hand. rpm won't restore them. – jnas – 2016-04-18T11:33:11.227
1
If your using OSX apple provides a restore feature within Disk Utilities to fix this very problem. If your using a linux distro, I'm fairly certain you'll have to redo all permissions manually. In either case, smack your hands and don't do it again
Mrshll187
Posted 2013-02-18T16:20:42.200
Reputation: 111
It's probably unlikely to be able to recover fully from this on Linux. Even if you can get the system working, you probably missed something that may come back to bite you later, either as instability or a security vulnerability. I would say that a restore from backup or rebuild approach is probably necessary. – Chris Kuehl – 2013-02-18T21:37:10.630
0
Unfortunately I don't know of any way to "undo" it, but you can probably leave system files as owned by root and restore all the files in your $HOME to be owned by you (and do the same for all users of the system). At that point you can fix permissions and/or owner on each file not in your $HOME directory that needs it as it comes up. Yes this is a pain, but I don't think there's an easy fix. That is what I would do anyway.
Freedom_Ben
Posted 2013-02-18T16:20:42.200
Reputation: 260
0
I'd say that you are pretty "screwed" as you say. The best way (and most efficient) is to reinstall and restore critical items from your good backups. Sorry this is not a situation that generally has a quick fix with a happy ending. Good Luck!
mdpc
Posted 2013-02-18T16:20:42.200
Reputation: 4 176
3This cannot be undone automatically, and yes, it has a significant impact on your system (including, but not limited to, the various home directories). I hope you have a recent backup handy. Good luck. – Frédéric Hamidi – 2013-02-18T16:33:09.057
There are programs that check your system for appropriate permissions and file ownership. I think tripwire is or was an early one. If you don't have multiple users you may be able to salvage the situation just by getting a report and/or fix from such a tool. – minopret – 2013-02-18T16:45:09.680
Also read the great advice below that amounts to "don't react in any way that would make it worse" and "don't assume the worst". Or remember these important general troubleshooting steps using the joke version: Emergency operator: "Don't panic, are you sure your friend is dead?" Caller: BANG "Yes, sadly, he's dead." – minopret – 2013-02-18T16:48:44.350
In most cases, on a normal system, you should be able to tell from the group of a file who the owner should be. So
findall files that are owned by root where the group isn't appropriate, and chown them all to the user that matches the group. Log failues, and deal with them on an individual basis. – agf – 2013-02-18T22:17:59.857Have you run that command as root? (I hope not...) – Axel – 2013-02-18T23:34:19.563
I'm confused, why can't he recursively change the file permissions in his public directory to the webserver again? – Stephen P. – 2013-02-18T23:42:53.173
@StephenP.: He
chown'd the entire filesystem, not just the public directory to his webserver. @Axel: Can't you only runchownas root? – Thanatos – 2013-02-23T01:39:15.350