file system permissions - paranoid

a friend of mine (no, really, it actually wasn’t me this time…) set his permissions to paranoid and now says he has basically ‘locked himself out of the system’ is what he said. how can you change this back?


Try this: Boot off a live CD like Knoppix, SystemRescuCD, Suse live. Mount the root directory and access it. The file setting to paranoid is the file “security” which will be located below your mount point at /mount_point/etc/sysconfig/security. In the file “security” is a line that should look like this:


Your “friend” (come on thestig – we know it’s YOU [Laughing Out LOUD]) changed it so it contains the word “paranoid”. Change it back to “easy local”.


thanks swerdna, i’ll let him know. and honestly…it’s really not me this time! i did make this mistake when using suse 10.0 though…

what’s the point in it if it stops you doing just about anything? he said it’s locked him out of the system, but if i recall when i had suse 10.0 and did this i just couldn’t use things like yast, it said permissions on the pw database may be too restrictive or something. doesn’t sound like he has the same problem. anyway, i’ll let him know,

cheers :slight_smile:

From the description in YAST of paranoid setting, it says that paranoid makes it so you have give Xsession permissions to users.

My guess is when he says he is locked out of the system it is just that he can’t start a proper Xsession or at least some of the stuff he wants to do can’t run since the priviledges weren’t done right

At least that was the idea I got from reading this part. Especially the bit in bold

File Permissions: Settings for the permissions of certain system files are set according to the data in /etc/ or /etc/permissions.easy. Which file is used depends on this selection. Launching SuSEconfig sets these permissions according to /etc/permissions.*. This fixes files with incorrect permissions, whether this occurred accidentally or by intruders.

With Easy, most of the system files that are only readable by root in Secure are modified so other users can also read these files. Using Secure, certain system files, such as /var/log/messages, can only be viewed by the user root. Some programs can only be launched by root or by daemons, not by ordinary users. The most secure setting is Paranoid. With it, you must decide which users are able to run X applications and setuid programs

@thestig: I tried a variation on this theme. I changed to paranoid and tested this simpler way to reverse the setting. Boot the computer and on the initial Grub boot screen type the numeral 1. You will boot to runlevel 1 which is a pure root console session. Authenticate/login as root. Start Xsession by entering startx into the console. That gives full GI access. Open the file /etc/sysconfig/security in your favourite editor and fix the line to:


Reboot and you’re back.

thanks, i will see him tomorrow i think so will let him know then.


We live and we learn. The simplest way: start in runlevel 1 console. Run startx and use Yast to put it back the way it was.

unfortunately he set a grub password and forgot it (or it won’t accept it or something) so i’ve had to suggest the live disc method to him. hopefully it works, will let you know.