I installed a new website cms yesterday. I cloned my basic htdocs/ directory and installed and configured the site. I went to remove permissions I didn’t want on the site files and made a crazy bad mistake. As you can see from the title, I typed:
chmod o-wx htdocs /
I put an extra space between the htdocs and the /. Unreal.>:(
I realized after about 2-3 seconds it was taking too long. Did a Crtl-C to stop it, but a lot of damage was done… oh boy.
Does anyone have any suggestions outside of a reinstall? I’m on the machine that I borked. Got most functionality back. Can’t get my own web server to run…
This is why I NEVER do that kind of stuff as root! I had been trying to get Drupal to work and was having so many issues I’d got into the bad habit of do everything as root. I’m an idiot. Oh well.
I’m affraid that reinstalling would be your best bet. Otherwise you’d have to chmod every directory and every file. That would take a long time. Some directories and files may have the same settings but some don’t, so doing a recursive chmod to “fix” it just wont work.
On Tue, 13 Aug 2013 02:36:02 +0000, silicon penguin67 wrote:
> I installed a new website cms yesterday. I cloned my basic htdocs/
> directory and installed and configured the site. I went to remove
> permissions I didn’t want on the site files and made a crazy bad
> mistake. As you can see from the title, I typed:
> Code:
> --------------------
> chmod o-wx htdocs /
> --------------------
> I put an extra space between the htdocs and the /. Unreal.>:(
> I realized after about 2-3 seconds it was taking too long. Did a Crtl-C
> to stop it, but a lot of damage was done… oh boy.
> Does anyone have any suggestions outside of a reinstall? I’m on the
> machine that I borked. Got most functionality back. Can’t get my own
> web server to run…
>
> This is why I NEVER do that kind of stuff as root! I had been
> trying to get Drupal to work and was having so many issues I’d got into
> the bad habit of do everything as root. I’m an idiot. Oh well.
Root can change the permissions back - it always has rights.
So just run:
chmod 755 /
as root and you should be fine.
That’s what my root directory shows the permissions mask as
Well, the easiest way is to restore from backup :-p (ducking)
Another is to do an “offline upgrade”, aka “dvd upgrade”, from same
version to same version. Most of the system is reinstalled on the same
place, then you have to redo upgrades and things. Files are changed. I
do not like it this time.
Another would be to get a file listing and permissions from “rpm -qal”
(not verified). Once you have the list, create a script to recreate the
permissions from that list.
It is 5AM here, so don’t ask me for details, nor if the idea is insane…
–
Cheers / Saludos,
Carlos E. R.
(from 11.4, with Evergreen, x86_64 “Celadon” (Minas Tirith))
On Tue, 13 Aug 2013 02:48:32 +0000, Jim Henderson wrote:
> Root can change the permissions back - it always has rights.
>
> So just run:
>
> chmod 755 /
>
> as root and you should be fine.
>
> That’s what my root directory shows the permissions mask as
Now I’m puzzled, because you didn’t specify -R so it shouldn’t have
recursed the subdirectories. But the other answers now have me wondering
if chmod treats / specially (though arguably, if anything, it shouldn’t
assume recursion is needed there unless specified any more than anywhere
else).
On Tue, 13 Aug 2013 03:26:02 +0000, Jim Henderson wrote:
> On Tue, 13 Aug 2013 02:48:32 +0000, Jim Henderson wrote:
>
>> Root can change the permissions back - it always has rights.
>>
>> So just run:
>>
>> chmod 755 /
>>
>> as root and you should be fine.
>>
>> That’s what my root directory shows the permissions mask as
>
> Now I’m puzzled, because you didn’t specify -R so it shouldn’t have
> recursed the subdirectories. But the other answers now have me
> wondering if chmod treats / specially (though arguably, if anything, it
> shouldn’t assume recursion is needed there unless specified any more
> than anywhere else).
OK, I just tried this in a 12.3 VM, and noticed a couple of things:
“o” = “world” (so root wouldn’t lose their rights anyways, because “o” !=
“owner”)
Without -R, the only directories affected (with cwd as /srv/www) by your
command were htdocs and / - no other directories were changed.
So yes:
chmod o+wx /
Would undo it (actually, you just want o+x, since o doesn’t get w at /
anyways).
I have a DVD-R, but no more blanks… and my OpenSuSE 12.3 DVD has gone flaky on me. It’s good enough as a boot/rescue DVD. The last time I reinstalled I used it to boot and did a net install. When I say it’s gone flaky, I mean I’ve done about 5 installs with it, but after that, I get all kinds of errors trying to install. Even on different machines, so I know it’s the disc. Can I do that “upgrade to the same version” over the net?
I’m just avoiding the inevitable, huh? Ah well… It’s not that bad.
For the future, you should try to teach youtself to be more precise as a person. Because you not only typed the wrong command (why did you try to add that / in any case, just saying htdocs is enough). but you reported here wrongly also. You also did not report what your working directory was at the time you typed that command. And like the computer, we interprete what you say, not what you intended to say.
Another thing to think about may be to make /srv/www owned by a normal user (that user should of course have www as primary group). In that case there is no need to use root to organise your web pages.
Yes. Open YaST->Software Management, click on “View” and choose “Repositories”.
The pseudo repo “@System” should be already selected, which shows all installed packages.
Right-click on the package list and select “All in this list”->“Update Unconditionally” from the context menu.
After clicking “Accept”, all your packages should get reinstalled.
This will only correct the permissions for files/directories contained in packages of course. Others like those in your home directory f.e. won’t get changed.
Btw, Running “chkstat --system” will automatically correct the permissions for important system files/directories. (this is automatically run by installing the corresponding packages as well though)
On Tue, 13 Aug 2013 04:16:02 +0000, silicon penguin67 wrote:
> Sorry, I should have said I did:
> Code:
> --------------------
> chmod -R o-wx htdocs /
> --------------------
Ah, yes, that would mean that a reinstall is probably your best bet.
Though again, the ‘o’ right is ‘world’, so it shouldn’t cause many issues
with the system overall. The trick is finding the directories that were
once world writable and making sure those are, and making sure that
executables are only flagged x.
Which is maybe no easy task - no easier than reinstalling, anyways.
On 2013-08-13 05:01, Carlos E. R. wrote:
> On 2013-08-13 04:36, silicon penguin67 wrote:
> Another would be to get a file listing and permissions from “rpm -qal”
> (not verified). Once you have the list, create a script to recreate the
> permissions from that list.
I have not found a way to get a listing of the permissions. This command:
does a verification against the database, and one of the things it does
is check the permissions (a ‘.’ means same, unchanged).
S file Size differs
M Mode differs (includes permissions and file type)
5 MD5 sum differs
D Device major/minor number mismatch
L readLink(2) path mismatch
U User ownership differs
G Group ownership differs
T mTime differs
P caPabilities differ
The ‘M’ above is what we want. However, despite the fact that they are
stored somewhere, I don’t know how to extract that data
Try to google it. I know for certain that other people had the same
problem as you, someone may have found a way. I have the vague
recollection of having seen it.
–
Cheers / Saludos,
Carlos E. R.
(from 11.4, with Evergreen, x86_64 “Celadon” (Minas Tirith))
MISCELLANEOUS COMMANDS
rpm --showrc
shows the values rpm will use for all of the options are cur-
rently set in rpmrc and macros configuration file(s).
rpm --setperms PACKAGE_NAME
sets permissions of files in the given package.
rpm --setugids PACKAGE_NAME
sets user/group ownership of files in the given package.
Thanks for all the advice and replies. I managed to get a nice clean reinstall off that “flaky” DVD. If that had failed I’d have had to installed OpenSuSE 10.3, then did the net install. I’ve got a request for further advice however. The home directory seemed to get hit first from my wayward command. I changed the user directories thus as a security measure:
chmod 700
I’m wondering if I should go one step further and do the same to all the user directory files and sub-dirs? I would think making the user dir 700 would keep out prying eyes, but? Also, if I changed all the user files thus:
terryw@starlock:/home> chmod 700 -R terryw
or should that be
terryw@starlock:/home> chmod -R 700 terryw
would this possibly mess up user programs? I’ve noticed all the files in the home directories, including hidden files and dirs, are all set thus:
ls -asl
4 drwxr-xr-x 13 terryw users 4096 Aug 3 22:12 .lyx
Are they set with these permissions by default?
hcw said: Another thing to think about may be to make /srv/www owned by a normal user (that user should of course have www as primary group). In that case there is no need to use root to organise your web pages.
I usually have htdocs owned by myself - with www being one of the groups I’m in, not primary. As I said earlier, I don’t normally perform any thing like this as root. I had been trying to get drupal installed for about 2 days, about six attempts, and kept getting a wsod or “can’t find file … so and so”. I was frustrated and typing quickly - for me - and put that extra space, and “/”, in there… But good advice none the less.
After my first cry of dispair (I hope you did nothing of the kind), a bit further explanation.
It shouldn’t be to difficult to find some docs about file ownership byy user and group and the meaning of permission bits. SAme for the different possibilities to (un)set them.
In any case, when you, as a user, want to unset some read, write and/or execute/search permission for the world (and maybe also the group) of (some of) your files, you should only unset bits. With
chmod 700
you not only unset all bits for group and world (others), you also set bits for user. And that is not what you want because you do not want to set x-bits for files that shouldn’t have them. You should thus use a vsrion that leaves the user bits untouched. Something like
chmod go-rwx
which removed r-, w- and x-bits from the group and other sets only.
When yoou want newly created file inside your home directory not to have permission for others, then look at the
On 2013-08-14 08:36, hcvv wrote:
> you not only unset all bits for group and world (others), you also set
> bits for user. And that is not what you want because you do not want to
> set x-bits for files that shouldn’t have them. You should thus use a
> vsrion that leaves the user bits untouched. Something like
>
> Code:
> --------------------
> chmod go-rwx
> --------------------
>
> which removed r-, w- and x-bits from the group and other sets only.
Also notice that the ‘x’ permission has a different effect on
directories: it is needed in order to work on a directory. It may make
sense to remove the ‘x’ from files but not from directories.
In this case, as the initial bad operation only was intended for
“others”, it does not matter. But if you intend to recursively set the
attributes for your entire home, beware of not setting ‘x’ globally, and
doing it on directories.
–
Cheers / Saludos,
Carlos E. R.
(from 11.4, with Evergreen, x86_64 “Celadon” (Minas Tirith))
Remember when I said earlier that ALL the files and directories in the user’s home directories were set thus:
ls -asl
4 drwxr-xr-x 13 terryw users 4096 Aug 3 22:12 .lyx
So, ALL the files and sub-directories in my users directories are ALREADY set like the above. Of course, the files don’t have the leading “d”.
Therefor,
chmod 700
wouldn’t actually have any negative effects on the user files because THEIR ALREADY rwx for the owner.
My umask is set to the standard 0022:
terryw@starlock:~> touch tmp
terryw@starlock:~> ls -asl tmp
0 -rw-r--r-- 1 terryw users 0 Aug 14 09:26 tmp
I was asking for advice on how to clean up the fact that all the user files and directories and hidden files and hidden directories are already set as read-write-executable to the owner, read-executable to the group, and read-executable to others. And of course the directories are “listable” to everyone.
In this instance:
chmod go-rwx
has the same effect as
chmod 700
not so?
As to why these files are already like this… that’s very worrying to me.
I’m not overly concerned about a file being set as rwx, such as a .odt or .jpeg. I’ve never heard of any problems from an executable .jpeg file. ok not strictly true, I have, but not in this context.
I’m more concerned with how they got that way… but that’s another days concern.
Cheers& thank you for all the advice - even the condescending tone of some of it.:sarcastic: I guess when I act like the village idiot I have to expect people to talk loudly to me and wave their hands around!
Terry.
