Link to home
Start Free TrialLog in
Avatar of hpchong7
hpchong7

asked on

Restore default file permission

Dear all,

   I accidentally changed
1.)the mode of all the files and folders to 777.
2.)the group of all the files and folders to admin .

How can I restore all of them to default mode and group?Thank you very much!
Avatar of ahoffmann
ahoffmann
Flag of Germany image

from backup only (or fresh install)
Some distributions also have some kind of "harden" scripts, but they will only change some, but not all, files and dirs.
ASKER CERTIFIED SOLUTION
Avatar of samri
samri
Flag of Malaysia image

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
yes, tripwire can do this.
I don't have a working solution for it yet, but with a few commands you should get the requested settings.
But keep in mind that you do not store all files and/or permissions in tripwire's database.
i would second your first commnet -- reinstall.  It should keep most of the datafiles and setting intact.  However, ample free disk space would be required.

cheers.
The problem is that permissions and ownership are not the same across all files and directories.  There is a "standard", such as root.root on RedHat systems, that you can apply to 95% of the files, but the exceptions are what kill you. If you have access to another system running the same level/version OS, use it as a master reference.

Once you identify the norm, you can change everything back with a recursive chmod.

chmod -R root.root /usr

On the reference system, you will have to make yourself a list of the exceptions.  If the list is not too long, you could then make the corrections by hand.

find /  -perm +ug+s -print | xargs ls -l > /tmp/filelisting

Good luck.  I suspect every budding sysadm does this one time.

Bob
even this sophisticated find command is half-hearted: imagine files/dirs with permission: 7555, 6550, 2550, 1700
(just to name a few)
> even this sophisticated find command is half-hearted: imagine files/dirs
> with permission: 7555, 6550, 2550, 1700

All of them would be listed, except the 1700, as I did not test for "other".   Change it to +ugo+s and it will show them also.  

The key thing for functionality is getting all the SUID/SGID options correct.  About the only other thing I would expect to cause problems is mail, as some mail programs are real picky about file permissions and ownership.

Of course, if you mucked with user directories, you will also have to change them back to being owned by the users.

Bob

vancleef [1026] > find /usr/bin -perm +ug+s -print | xargs ls -l
-rwsr-xr-x    1 root     root        37528 Jan 17 09:34 /usr/bin/at
-rwsr-xr-x    1 root     root        34296 Mar 27 17:40 /usr/bin/chage
-rws--x--x    1 root     root        12072 Apr  1 15:26 /usr/bin/chfn
-rws--x--x    1 root     root        11496 Apr  1 15:26 /usr/bin/chsh
-rwsr-xr-x    1 root     root        21080 Apr 14 21:49 /usr/bin/crontab
-r-xr-s--x    1 root     games       50487 Apr  9 08:28 /usr/bin/gataxx
-r-xr-s--x    1 root     games       35697 Apr  9 08:28 /usr/bin/glines
-r-xr-s--x    1 root     games       80354 Apr  9 08:28 /usr/bin/gnibbles
-r-xr-s--x    1 root     games       89644 Apr  9 08:28 /usr/bin/gnobots2
-r-xr-s--x    1 root     games       69034 Apr  9 08:28 /usr/bin/gnome-stones
-r-xr-s--x    1 root     games       84726 Apr  9 08:28 /usr/bin/gnomine
-r-xr-s--x    1 root     games       35822 Apr  9 08:28 /usr/bin/gnotravex
-r-xr-s--x    1 root     games       30954 Apr  9 08:28 /usr/bin/gnotski
-rwsr-xr-x    1 root     root        36100 Mar 27 17:40 /usr/bin/gpasswd
-r-xr-s--x    1 root     games      248343 Apr  9 08:28 /usr/bin/gtali
-r-xr-s--x    1 root     games       62770 Apr  9 08:28 /usr/bin/iagno
[snip]
locked ?

https://www.experts-exchange.com/jsp/cmtyQuestAnswer.jsp

What is a Comment?
A comment is a more general tip than a specific answer, or it can be a clarification/addition that is posted along with answers as continued dialog to a question. In cases where an Expert is unsure of the accuracy of their solution, they often post their solution as a comment, and the question asker may accept any comment as an answer. It is common etiquette in some topics areas to always post solutions within comments instead of answers.

What is an Answer?
An answer is one specific solution to a specific inquiry. The solution must be reasonable given the clarity and background of the question. In the example above, "click on the envelope ... " is a good response. An improper response would be " I hate Netscape - it's a dog - try Microsoft's Internet Explorer instead."

Advice for Experts on Providing Solutions Through Comments or Answers
Experts may post solutions to your question in the form of a comment or answer, so be sure to check every email notification as soon as it arrives. Often, an Expert posts the solution to your problem as a comment because it is early in the collaboration process and other issues may be involved. In addition, it is common etiquette in some topics areas to always post comments and not answers. There are several reasons behind this thinking:

Questions do not become prematurely locked and the collaboration process is not inhibited when the question is indexed as open for proposed solutions.
The question-asker has the power to select the best solution rather than one that is simply suggested as an answer.
Watch out for unclear or multiple-part questions. You can send a comment to the member requesting that they rephrase or break up the question before you submit an answer.
If you don't know the answer, leave the question for someone else.
If you are unsure of your solution, post it as a comment rather than an answer. Members can accept comments as solutions and award points for them.
You are only responsible for providing one reasonable answer.
You may review information about a member, including their grading history, by clicking on their member name.
If you're having a problem with a Member, you can refer it to us.
locked ?

https://www.experts-exchange.com/jsp/cmtyQuestAnswer.jsp

What is a Comment?
A comment is a more general tip than a specific answer, or it can be a clarification/addition that is posted along with answers as continued dialog to a question. In cases where an Expert is unsure of the accuracy of their solution, they often post their solution as a comment, and the question asker may accept any comment as an answer. It is common etiquette in some topics areas to always post solutions within comments instead of answers.

What is an Answer?
An answer is one specific solution to a specific inquiry. The solution must be reasonable given the clarity and background of the question. In the example above, "click on the envelope ... " is a good response. An improper response would be " I hate Netscape - it's a dog - try Microsoft's Internet Explorer instead."

Advice for Experts on Providing Solutions Through Comments or Answers
Experts may post solutions to your question in the form of a comment or answer, so be sure to check every email notification as soon as it arrives. Often, an Expert posts the solution to your problem as a comment because it is early in the collaboration process and other issues may be involved. In addition, it is common etiquette in some topics areas to always post comments and not answers. There are several reasons behind this thinking:

Questions do not become prematurely locked and the collaboration process is not inhibited when the question is indexed as open for proposed solutions.
The question-asker has the power to select the best solution rather than one that is simply suggested as an answer.
Watch out for unclear or multiple-part questions. You can send a comment to the member requesting that they rephrase or break up the question before you submit an answer.
If you don't know the answer, leave the question for someone else.
If you are unsure of your solution, post it as a comment rather than an answer. Members can accept comments as solutions and award points for them.
You are only responsible for providing one reasonable answer.
You may review information about a member, including their grading history, by clicking on their member name.
If you're having a problem with a Member, you can refer it to us.
Avatar of hpchong7
hpchong7

ASKER

Your answer is very good but before accepting it, I want to ask:

1.)I did not have root.root on my linux. Then how to find the "standard"?
2.)I don't understand the following attributes:
-perm +ug+s -print | xargs ls -l

Thank you!
Your answer is very good, but before accepting it, I want to ask:

1.) I do not have root.root on my linux.How can I find out the "standard"?
2.) I don't understand the meaning of the following attributes:
-perm +ug+s -print | xargs ls -l
What do they doing actually?

Thank you very much!
hpchong7,

complement to Bob's (vancleef) comment:  ( I hope I got this right)

root.root would refer to user.group ownership.  Some Unix/Linux will take "chown -R username.groupname file" as a valid argument, where the file ownership will belong to user username and group assigned to groupname respectively.  However there are scnarios where you need to explicitly do "chown -R username file" and "chgrp -R group file".  

I hope this helps
so if my username is hpchong7 which belonged to the staff group:
chown -R hpchong7.staff /
But even I execute this command how come all of the files/folders return to the default permission?
Would you think tripwire will be a better way to solve my problem? Thanks!

Chong,

That would not be useful since, you might end-up changing every file (EVERY !!) files in the FS to owner=hpchong, grou=staff, and this is NOT what you want.

What bob is looking at is to refer to a working (fine) Linux box, and try to set the file/dir ownership/permission based on the one that is OK.

tripwire might have a "factory default" ownership and permission, let say RedHat 6.2 would be like as ahoffman confirmed, but using this approach would be tricky too.  I personally never tried that, and the reason I proposed is due to the fact that it might be a viable alternative.

At this stage, I would (personally) look back at what the server is doing, and maybe backup all the critical data - any mails, databases, websites, etc. etc.  And do a reinstall (or Upgrade to be exact).  During the upgrade process, you will have an option to retain the existing datafile, and I would believe that the files permission/ownership will be fixed.

Thanks. Then the best methold is still reinstall or upgrade. I will try the tripwire also.
Chong,

Yes... I would consider the reinstallation would be quick, and clean.  And most would recommend it.  I'd second you opinion to try tripwire database.  I'll see what info we could pull out of the net.

cheers.
hpchong7 ;

If you do not have root on the system, then how did you cause the problem in the first place?

> 2.) I don't understand the meaning of the following attributes:
>                  -perm +ug+s -print | xargs ls -l

-perm - tell the find command to check permissions
+ug+s - trigger if either the user or group permissions are SID
               ie: if it is SUID or SGID  --s--s--- ignoring other settings
-print  | - print the name of the file and send to a pipe
xargs ls -l  - collect the names of the files from standard input and
                      run ls -l on the list

Bob
Another thought:  I assumed you meant all files on the system.  

However, if you only changed the files and folders in YOUR home directory.  You can use the following to fix the permissions. [assuming in the examples that your home directory is /home/hpchong7 and your group is the same as your name hpchong7 - change as needed. ]

[1] find /home/hpchong7  -type d -print | xargs chmod 755
[2] find /home/hpch ong7 -type f -print | xargs chmod 644
[3] chown -R /home/hpchong7 hpchong7.hpchong7

[1] Change permissions on all directories to user write only.  Directories must be executable

[2] Change permissions on all files to user write only. Files should not be executable unless specifically required.  For those specific cases, use 755.

[3] Change the ownership of all files to username.groupname.

Bob
vancleef, didn't complain about your find solution, just pointed to a few problems which cannot be resoveld easily.

Anyway, this discussions is going to somewhere.
hpchong7, could you please tell us as which user you called which command that produced your trouble.
I used root to do the following:
chmod -R 777 /
chgrp -R admin /

Lastly, actually my OS is MAC OS X, which used FreeBSD as kernel.Anyway I am reinstalling now.

ahoffman,.

>>  I accidentally changed
>>1.)the mode of all the files and folders to 777.
>>2.)the group of all the files and folders to admin .


Chong,
  I thought that the "action" starts from / (root).  And not other subdirs.  And I would belive that only root can cause that much damages.
Chong,

Gee.. Mac OS X.  I thought that it was Linux.  

Let us know should anything good (or bad :(
comes out.

cheers.