debian: permission denied for all users except of root

1

2

I wrote a bash script today which might destroyed some of my user settings and/or permissions. Now I know it was quite stupid to test the script on my live-system ;).

What is not working? Every Process which is running as another user than root (postfix, ftp, dovecot, etc).

EDIT: The folder structur is various in case of owners and permissions. So it doesn't look like I changed something on root dir level. I'm also not able to login or run something as a newly added user (see test below). proftpd log shows me Unable to open password file /etc/passwd for reading: Permission denied

su test

Cannot execute /bin/bash: Permission denied

ls -l

    drwxrwxr-x 23 root root 4096 Aug 15 15:26 /
   drwxr-xr-x  90 root root  4096 Aug 15 16:38 etc
    -rw-rw-r-- 1 root root 1971 Aug 15 16:25 /etc/passwd
    -rw-r----- 1 root shadow 2151 Aug 15 16:25 /etc/shadow
    drwxrwxr-x   2 root root  4096 Aug 15 16:38 bin
    -rwxr-xr-x 1 root root 941252 Sep 25  2014 /bin/bash

The script

    #!/bin/bash
path="/var/www"
if [ $(id -u) -eq 0 ]; then
       echo "Enter directory name"
       read dirname
       pathdir="$path/$dirname"
       echo $pathdir
           echo "File doesn't exist. Creating now"
               mkdir $pathdir
               mkdir $pathdir/conf
               mkdir $pathdir/docs
               mkdir $pathdir/logs
               mkdir $pathdir/tmp
               mkdir $pathdir/php-fcgi

           echo "Folder structure created"

       read -p "Enter username : " username
       read -s -p "Enter password : " password
       egrep "^$username" /etc/passwd >/dev/null
       if [ $? -eq 0 ]; then
               echo "$username exists!"
               exit 1
       else
               pass=$(perl -e 'print crypt($ARGV[0], "password")' $password)
               useradd -d $pathdir -p $pass $username
               [ $? -eq 0 ] && echo "User has been added to system!" || echo "Failed to add a user!"
       fi
adduser www-data $username
chown root:$user $pathdir
chmod 750 $pathdir
chown $username:$username $pathdir/*
chmod 750 $pathdir/*
confdir=$pathdir/conf
chmod 550 $confdir
cp ./php.ini $confdir
sed -i -e 's#;open_basedir =#open_basedir = '$pathdir'/docs/:'$pathdir'/tmp/#g' $confdir/php.ini
sed -i -e 's#;upload_tmp_dir =#upload_tmp_dir = '$pathdir'/tmp/#g' $confdir/php.ini
sed -i -e 's#;session.save_path =#session.save_path = '$pathdir'/tmp/#g' $confdir/php.ini
chown $username:$username $confdir/php.ini
chmod 440 $confdir/php.ini
generate php-fcgi-starter
cat > $pathdir/php-fcgi/php-fcgi-starter << EOF
#!/bin/sh
PHPRC="${confdir}/"
export PHPRC
export TMPDIR=${pathdir}/tmp
exec /usr/bin/php5-cgi
EOF
chmod 750 $pathdir/php-fcgi/php-fcgi-starter
chattr +i -V $pathdir/php-fcgi/php-fcgi-starter
generate apache vhost
echo "Domain:"
read domain
cat > /etc/apache2/sites-available/$domain << EOF
<VirtualHost *:80>
   ServerAdmin webmaster@mydomain.org
   ServerName ${domain}
   ServerAlias www.${domain}
   SuexecUserGroup ${username} ${username}
   AddHandler fcgid-script .php
   DocumentRoot "${pathdir}/docs"
   DirectoryIndex index.htm index.html index.php
<Directory />
   Options FollowSymLinks
   AllowOverride None
</Directory>
<Directory "${pathdir}/docs">
   Options Indexes MultiViews FollowSymLinks +ExecCGI
   FCGIWrapper ${pathdir}/php-fcgi/php-fcgi-starter .php
   Order allow,deny
   allow from all
</Directory>
LogLevel warn
CustomLog ${pathdir}/logs/access.log combined
ServerSignature On
</VirtualHost>
EOF
a2ensite $domain

echo "Ready"

else
        echo "run as root"
        exit 2
fi

BavYeti

Posted 2015-08-15T17:26:05.137

Reputation: 11

Restore a backup. – Cyrus – 2015-08-15T17:41:10.073

yep, that's the plan as soon as I loose the feeling that it's only a simple permisson or owner setting – BavYeti – 2015-08-15T22:06:29.383

Answers

0

Mea culpa, I DID change permissons at the root dir level. Most of /* directories where on 750 or -rwxr-x---

If you got similar errors, check

ls -ld /
ls -l /

which should result in

drwxr-xr-x

for 

/
/home
/lib
/opt
/var
/mnt
/boot

To restore permission flags in /

chmod 0755 /
chmod 0755 /*
chmod 0777 /tmp

I got my inspiration here: source

BavYeti

Posted 2015-08-15T17:26:05.137

Reputation: 11

0

I suspect that you changed the permissions of /.

What is the result of ls -ld /

It should be something like

drwxr-x-rx 22 root root 4096 Aug 15 10:29 /

But perhaps you removed some permissions (or changed even the owner) with your script.

chown root:root /
chmod 755 /

should restore it back to normal.

Thomas Weinbrenner

Posted 2015-08-15T17:26:05.137

Reputation: 735

Good Idea, but unfortunatly not the reason ls -ld / drwxrwxr-x 23 root root 4096 Aug 15 15:26 / which is 775 (default value?) – BavYeti – 2015-08-15T21:54:08.500

0

As an initial step, try using the chown command for each user to make sure that each user has the the appropriate permissions, e.g., chown -R [user] /home/[user's directory].

KimPhilby

Posted 2015-08-15T17:26:05.137

Reputation: 11

Most of the owner settings seem to be correct. For sure the home directories. AND I get the same error with newly added users. Actually my first idea was, that I accendently runned the script and it changed something on the root dir level. But the owners and permisson of files in subdirs are to various – BavYeti – 2015-08-15T21:37:02.343

Asked: 2015-08-15T17:26:05.137

Viewed: 4 562 times

Active: 2015-08-16T09:15:56.577