1

OK, I was trying to set up ssh to work properly, and a website said it was really picky about permissions, and to use go-wrx on ~/.ssh, and that / and /home need to have at least go-w permissions. on them. I saw that / did not have any write permissions, so i ran go-wrx on /. I should've read about what that command does first, because now my install is broken. the gui is slowly breaking the more things I click on (basically any time it tries to load anything from the filesystem). from terminal, a cd to anywhere gives a permission denied error, and a sudo anything gives bash: /usr/bin/sudo: Permission denied.

If I have to do a reinstall, I will, but I have a few files on there in /var/www that I have to save.

Is there anyone out there who know how to fix this, or at least get to the files?

Improve this question

1 Answer 1

Reset to default
5

Lesson learned: don't run commands as root if you don't know what they do. If you'd run that command as your own user, you wouldn't have been able to hose the whole system. By the way, that website is wrong; only ~, ~/.ssh and ~/.ssh/authorized_keys need to not be group-writable (see the troubleshooting section in our ssh tag wiki).

You could wipe the partition, reinstall and restore the important files from backups. (If you don't have backups, you are looking for trouble. The first thing to do once your system is back up and running is to arrange some automated back up system. Don't forget to test it.)

The command you ran is not too destructive, you can recover from it. The primary hurdle is that you've disabled normal methods of gaining root access. However, you're bound to miss a few permissions and end up with a slightly broken system. So I recommend that you reinstall, after saving all important data.

If you have a root password and console access, switch to a text console (press Ctrl+Alt+F1), and log in as root. If you don't have a root password but have console access, reboot the machine, and when the boot menu comes up, select a “rescue” entry if you have one, or if you don't then edit the normal boot entry and add init=/bin/sh at the end of the line that begins with kernel. See also How do I log into my Linux laptop if I have forgotten both the login and password?. Another possibility if you have console access is to boot from a Linux live CD such as System Rescue CD. If you don't have console access, explain your setup very precisely if you need help getting a root shell (maybe ask about this as a separate question).

Now that you have a root shell, restore the most important permissions. Pay attention to details, try to copy-paste if at all possible. In particular, the recursive chmods need a capital X in a+rX, and /dev/*/ must not be /dev/*. The parts in /dev are not necessary if you rebooted. If you follow these steps, there will be a small window of time when any user of the system can gain root; this is not an issue if you have no users other than yourself.

chmod a+rX / /* /var/* /dev /dev/*/
chmod a+rw /dev/full /dev/log /dev/null /dev/ptmx /dev/random /dev/tty /dev/urandom /dev/zero
chmod a+rw /var/lock /var/tmp
chmod -R a+rX /etc /bin /lib* /sbin /usr
chmod go-rx /etc/shadow /etc/gshadow /etc/sudoers
chmod go-rx /etc/*key /etc/ssh/*key
chmod g=x,o= /etc/ssl/private
chmod g=r,o= /etc/ssl/private/*

After these steps, your system should be mostly usable, but this isn't a complete list. So now, save all your important data, and reinstall. If you're feeling adventurous, compare the permissions on your system with those on a clean system, and repair the remaining files. But I don't recommend using the machine in production afterwards.

Improve this answer
6
  • I actually got help from a linux guru I know before this answer was posted, he suggested basically the same thing. Root access from the text console, but the live cd method worked. I did chmod 777 on / and /home (I know 777 is more than you need, but at that point I just wanted to get the system up) Commented Aug 12, 2011 at 0:26
  • It's up now, time will show if there is problems. The machine is my personal desktop at work, on a limited access secure vlan, so I'm not horribly worried about other people gaining root access. I think I will try and repair the permissions. Note that the initial disastrous command wasn't recursive; so I figured just reversing those commands (I didn't note in the original post, but I did the same command on /home, which is actually a different HDD, so I wasn't to worried about fixing it) Is there a reason I should have done the longer list of chmods you listed? Commented Aug 12, 2011 at 0:31
  • Thanks fo the help BTW, not used to getting quick answers here like on stackoverflow. Commented Aug 12, 2011 at 0:32
  • Here's the website that suggested / /home needed to be group writeable. Commented Aug 12, 2011 at 0:35
  • @AsherMaximum Ah, ok, I'd misread your question (most people with such problems have run a recursive chmod). Then repairing is a lot easier. Once you have a root shell (that's the non-straightforward part), restore the permissions to what they should be, i.e. chmod 755 / /home. (There's absolutely no advantage in making a directory's permissions more liberal; it won't compensate for another directory being too restricted.) Commented Aug 12, 2011 at 1:07

You must log in to answer this question.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.