Solved

Restore default file permission

Posted on 2002-06-17
22
460 Views
Last Modified: 2013-12-16
Dear all,

   I accidentally changed
1.)the mode of all the files and folders to 777.
2.)the group of all the files and folders to admin .

How can I restore all of them to default mode and group?Thank you very much!
0
Comment
Question by:hpchong7
  • 9
  • 5
  • 4
  • +1
22 Comments
 
LVL 51

Expert Comment

by:ahoffmann
ID: 7083992
from backup only (or fresh install)
Some distributions also have some kind of "harden" scripts, but they will only change some, but not all, files and dirs.
0
 
LVL 15

Accepted Solution

by:
samri earned 50 total points
ID: 7085764
off topic - but related a bit :)

ahoffmann: can tripwire somehow do this?  TO my understanding tripwire does has some "internal" database that store the file attributes and/or permissions.  What I do not know is that, either this is a vendor "Approved" setting, or based on the initial DB init.
0
 
LVL 51

Expert Comment

by:ahoffmann
ID: 7087151
yes, tripwire can do this.
I don't have a working solution for it yet, but with a few commands you should get the requested settings.
But keep in mind that you do not store all files and/or permissions in tripwire's database.
0
 
LVL 15

Expert Comment

by:samri
ID: 7087655
i would second your first commnet -- reinstall.  It should keep most of the datafiles and setting intact.  However, ample free disk space would be required.

cheers.
0
 
LVL 1

Expert Comment

by:vancleef
ID: 7090784
The problem is that permissions and ownership are not the same across all files and directories.  There is a "standard", such as root.root on RedHat systems, that you can apply to 95% of the files, but the exceptions are what kill you. If you have access to another system running the same level/version OS, use it as a master reference.

Once you identify the norm, you can change everything back with a recursive chmod.

chmod -R root.root /usr

On the reference system, you will have to make yourself a list of the exceptions.  If the list is not too long, you could then make the corrections by hand.

find /  -perm +ug+s -print | xargs ls -l > /tmp/filelisting

Good luck.  I suspect every budding sysadm does this one time.

Bob
0
 
LVL 51

Expert Comment

by:ahoffmann
ID: 7090868
even this sophisticated find command is half-hearted: imagine files/dirs with permission: 7555, 6550, 2550, 1700
(just to name a few)
0
 
LVL 1

Expert Comment

by:vancleef
ID: 7090934
> even this sophisticated find command is half-hearted: imagine files/dirs
> with permission: 7555, 6550, 2550, 1700

All of them would be listed, except the 1700, as I did not test for "other".   Change it to +ugo+s and it will show them also.  

The key thing for functionality is getting all the SUID/SGID options correct.  About the only other thing I would expect to cause problems is mail, as some mail programs are real picky about file permissions and ownership.

Of course, if you mucked with user directories, you will also have to change them back to being owned by the users.

Bob

vancleef [1026] > find /usr/bin -perm +ug+s -print | xargs ls -l
-rwsr-xr-x    1 root     root        37528 Jan 17 09:34 /usr/bin/at
-rwsr-xr-x    1 root     root        34296 Mar 27 17:40 /usr/bin/chage
-rws--x--x    1 root     root        12072 Apr  1 15:26 /usr/bin/chfn
-rws--x--x    1 root     root        11496 Apr  1 15:26 /usr/bin/chsh
-rwsr-xr-x    1 root     root        21080 Apr 14 21:49 /usr/bin/crontab
-r-xr-s--x    1 root     games       50487 Apr  9 08:28 /usr/bin/gataxx
-r-xr-s--x    1 root     games       35697 Apr  9 08:28 /usr/bin/glines
-r-xr-s--x    1 root     games       80354 Apr  9 08:28 /usr/bin/gnibbles
-r-xr-s--x    1 root     games       89644 Apr  9 08:28 /usr/bin/gnobots2
-r-xr-s--x    1 root     games       69034 Apr  9 08:28 /usr/bin/gnome-stones
-r-xr-s--x    1 root     games       84726 Apr  9 08:28 /usr/bin/gnomine
-r-xr-s--x    1 root     games       35822 Apr  9 08:28 /usr/bin/gnotravex
-r-xr-s--x    1 root     games       30954 Apr  9 08:28 /usr/bin/gnotski
-rwsr-xr-x    1 root     root        36100 Mar 27 17:40 /usr/bin/gpasswd
-r-xr-s--x    1 root     games      248343 Apr  9 08:28 /usr/bin/gtali
-r-xr-s--x    1 root     games       62770 Apr  9 08:28 /usr/bin/iagno
[snip]
0
 
LVL 15

Expert Comment

by:samri
ID: 7091493
locked ?

http://www.experts-exchange.com/jsp/cmtyQuestAnswer.jsp

What is a Comment?
A comment is a more general tip than a specific answer, or it can be a clarification/addition that is posted along with answers as continued dialog to a question. In cases where an Expert is unsure of the accuracy of their solution, they often post their solution as a comment, and the question asker may accept any comment as an answer. It is common etiquette in some topics areas to always post solutions within comments instead of answers.

What is an Answer?
An answer is one specific solution to a specific inquiry. The solution must be reasonable given the clarity and background of the question. In the example above, "click on the envelope ... " is a good response. An improper response would be " I hate Netscape - it's a dog - try Microsoft's Internet Explorer instead."

Advice for Experts on Providing Solutions Through Comments or Answers
Experts may post solutions to your question in the form of a comment or answer, so be sure to check every email notification as soon as it arrives. Often, an Expert posts the solution to your problem as a comment because it is early in the collaboration process and other issues may be involved. In addition, it is common etiquette in some topics areas to always post comments and not answers. There are several reasons behind this thinking:

Questions do not become prematurely locked and the collaboration process is not inhibited when the question is indexed as open for proposed solutions.
The question-asker has the power to select the best solution rather than one that is simply suggested as an answer.
Watch out for unclear or multiple-part questions. You can send a comment to the member requesting that they rephrase or break up the question before you submit an answer.
If you don't know the answer, leave the question for someone else.
If you are unsure of your solution, post it as a comment rather than an answer. Members can accept comments as solutions and award points for them.
You are only responsible for providing one reasonable answer.
You may review information about a member, including their grading history, by clicking on their member name.
If you're having a problem with a Member, you can refer it to us.
0
 
LVL 15

Expert Comment

by:samri
ID: 7091494
locked ?

http://www.experts-exchange.com/jsp/cmtyQuestAnswer.jsp

What is a Comment?
A comment is a more general tip than a specific answer, or it can be a clarification/addition that is posted along with answers as continued dialog to a question. In cases where an Expert is unsure of the accuracy of their solution, they often post their solution as a comment, and the question asker may accept any comment as an answer. It is common etiquette in some topics areas to always post solutions within comments instead of answers.

What is an Answer?
An answer is one specific solution to a specific inquiry. The solution must be reasonable given the clarity and background of the question. In the example above, "click on the envelope ... " is a good response. An improper response would be " I hate Netscape - it's a dog - try Microsoft's Internet Explorer instead."

Advice for Experts on Providing Solutions Through Comments or Answers
Experts may post solutions to your question in the form of a comment or answer, so be sure to check every email notification as soon as it arrives. Often, an Expert posts the solution to your problem as a comment because it is early in the collaboration process and other issues may be involved. In addition, it is common etiquette in some topics areas to always post comments and not answers. There are several reasons behind this thinking:

Questions do not become prematurely locked and the collaboration process is not inhibited when the question is indexed as open for proposed solutions.
The question-asker has the power to select the best solution rather than one that is simply suggested as an answer.
Watch out for unclear or multiple-part questions. You can send a comment to the member requesting that they rephrase or break up the question before you submit an answer.
If you don't know the answer, leave the question for someone else.
If you are unsure of your solution, post it as a comment rather than an answer. Members can accept comments as solutions and award points for them.
You are only responsible for providing one reasonable answer.
You may review information about a member, including their grading history, by clicking on their member name.
If you're having a problem with a Member, you can refer it to us.
0
 
LVL 2

Author Comment

by:hpchong7
ID: 7091618
Your answer is very good but before accepting it, I want to ask:

1.)I did not have root.root on my linux. Then how to find the "standard"?
2.)I don't understand the following attributes:
-perm +ug+s -print | xargs ls -l

Thank you!
0
 
LVL 2

Author Comment

by:hpchong7
ID: 7091623
Your answer is very good, but before accepting it, I want to ask:

1.) I do not have root.root on my linux.How can I find out the "standard"?
2.) I don't understand the meaning of the following attributes:
-perm +ug+s -print | xargs ls -l
What do they doing actually?

Thank you very much!
0
Complete VMware vSphere® ESX(i) & Hyper-V Backup

Capture your entire system, including the host, with patented disk imaging integrated with VMware VADP / Microsoft VSS and RCT. RTOs is as low as 15 seconds with Acronis Active Restore™. You can enjoy unlimited P2V/V2V migrations from any source (even from a different hypervisor)

 
LVL 15

Expert Comment

by:samri
ID: 7091763
hpchong7,

complement to Bob's (vancleef) comment:  ( I hope I got this right)

root.root would refer to user.group ownership.  Some Unix/Linux will take "chown -R username.groupname file" as a valid argument, where the file ownership will belong to user username and group assigned to groupname respectively.  However there are scnarios where you need to explicitly do "chown -R username file" and "chgrp -R group file".  

I hope this helps
0
 
LVL 2

Author Comment

by:hpchong7
ID: 7091835
so if my username is hpchong7 which belonged to the staff group:
chown -R hpchong7.staff /
But even I execute this command how come all of the files/folders return to the default permission?
Would you think tripwire will be a better way to solve my problem? Thanks!

0
 
LVL 15

Expert Comment

by:samri
ID: 7092010
Chong,

That would not be useful since, you might end-up changing every file (EVERY !!) files in the FS to owner=hpchong, grou=staff, and this is NOT what you want.

What bob is looking at is to refer to a working (fine) Linux box, and try to set the file/dir ownership/permission based on the one that is OK.

tripwire might have a "factory default" ownership and permission, let say RedHat 6.2 would be like as ahoffman confirmed, but using this approach would be tricky too.  I personally never tried that, and the reason I proposed is due to the fact that it might be a viable alternative.

At this stage, I would (personally) look back at what the server is doing, and maybe backup all the critical data - any mails, databases, websites, etc. etc.  And do a reinstall (or Upgrade to be exact).  During the upgrade process, you will have an option to retain the existing datafile, and I would believe that the files permission/ownership will be fixed.

0
 
LVL 2

Author Comment

by:hpchong7
ID: 7092069
Thanks. Then the best methold is still reinstall or upgrade. I will try the tripwire also.
0
 
LVL 15

Expert Comment

by:samri
ID: 7092141
Chong,

Yes... I would consider the reinstallation would be quick, and clean.  And most would recommend it.  I'd second you opinion to try tripwire database.  I'll see what info we could pull out of the net.

cheers.
0
 
LVL 1

Expert Comment

by:vancleef
ID: 7093193
hpchong7 ;

If you do not have root on the system, then how did you cause the problem in the first place?

> 2.) I don't understand the meaning of the following attributes:
>                  -perm +ug+s -print | xargs ls -l

-perm - tell the find command to check permissions
+ug+s - trigger if either the user or group permissions are SID
               ie: if it is SUID or SGID  --s--s--- ignoring other settings
-print  | - print the name of the file and send to a pipe
xargs ls -l  - collect the names of the files from standard input and
                      run ls -l on the list

Bob
0
 
LVL 1

Expert Comment

by:vancleef
ID: 7093213
Another thought:  I assumed you meant all files on the system.  

However, if you only changed the files and folders in YOUR home directory.  You can use the following to fix the permissions. [assuming in the examples that your home directory is /home/hpchong7 and your group is the same as your name hpchong7 - change as needed. ]

[1] find /home/hpchong7  -type d -print | xargs chmod 755
[2] find /home/hpch ong7 -type f -print | xargs chmod 644
[3] chown -R /home/hpchong7 hpchong7.hpchong7

[1] Change permissions on all directories to user write only.  Directories must be executable

[2] Change permissions on all files to user write only. Files should not be executable unless specifically required.  For those specific cases, use 755.

[3] Change the ownership of all files to username.groupname.

Bob
0
 
LVL 51

Expert Comment

by:ahoffmann
ID: 7093928
vancleef, didn't complain about your find solution, just pointed to a few problems which cannot be resoveld easily.

Anyway, this discussions is going to somewhere.
hpchong7, could you please tell us as which user you called which command that produced your trouble.
0
 
LVL 2

Author Comment

by:hpchong7
ID: 7094475
I used root to do the following:
chmod -R 777 /
chgrp -R admin /

Lastly, actually my OS is MAC OS X, which used FreeBSD as kernel.Anyway I am reinstalling now.

0
 
LVL 15

Expert Comment

by:samri
ID: 7094486
ahoffman,.

>>  I accidentally changed
>>1.)the mode of all the files and folders to 777.
>>2.)the group of all the files and folders to admin .


Chong,
  I thought that the "action" starts from / (root).  And not other subdirs.  And I would belive that only root can cause that much damages.
0
 
LVL 15

Expert Comment

by:samri
ID: 7094547
Chong,

Gee.. Mac OS X.  I thought that it was Linux.  

Let us know should anything good (or bad :(
comes out.

cheers.
0

Featured Post

Highfive + Dolby Voice = No More Audio Complaints!

Poor audio quality is one of the top reasons people don’t use video conferencing. Get the crispest, clearest audio powered by Dolby Voice in every meeting. Highfive and Dolby Voice deliver the best video conferencing and audio experience for every meeting and every room.

Join & Write a Comment

How many times have you wanted to quickly do the same thing to a list but found yourself typing it again and again? I first figured out a small time saver with the up arrow to recall the last command but that can only get you so far if you have a bi…
Setting up Secure Ubuntu server on VMware 1.      Insert the Ubuntu Server distribution CD or attach the ISO of the CD which is in the “Datastore”. Note that it is important to install the x64 edition on servers, not the X86 editions. 2.      Power on th…
Learn how to get help with Linux/Unix bash shell commands. Use help to read help documents for built in bash shell commands.: Use man to interface with the online reference manuals for shell commands.: Use man to search man pages for unknown command…
Connecting to an Amazon Linux EC2 Instance from Windows Using PuTTY.

707 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

15 Experts available now in Live!

Get 1:1 Help Now