Hi all,
As I wanted to give 0777 permission for /home/test directory, I want to
execute "chmod -R 0777 /home/test", but I mistakenly executed "chmod -R
0777 /". Due to this entire file system permission got changed to 0777.
Now I am not able to execute su, which gives me error as "setgid:
Operation not permitted". It seems to be I have created a serious
problem. Can anyone please help me to solve this problem?
"Hari"
>Hi all,
>As I wanted to give 0777 permission for /home/test directory, I want to
>execute "chmod -R 0777 /home/test", but I mistakenly executed "chmod -R
>0777 /". Due to this entire file system permission got changed to 0777.
>Now I am not able to execute su, which gives me error as "setgid:
>Operation not permitted". It seems to be I have created a serious
>problem. Can anyone please help me to solve this problem?
Can you still login as root?
Casper
--
Expressed in this posting are my opinions. They are in no way related
to opinions held by my employer, Sun Microsystems.
Statements on Sun products included here are not gospel and may
be fiction rather than truth.
No, Now I am not able to login as root. I have logged in as a different
user.
Casper H.S. Dik wrote:
> "Hari"
>
> >Hi all,
>
> >As I wanted to give 0777 permission for /home/test directory, I want to
>
> >execute "chmod -R 0777 /home/test", but I mistakenly executed "chmod -R
>
> >0777 /". Due to this entire file system permission got changed to 0777.
>
> >Now I am not able to execute su, which gives me error as "setgid:
> >Operation not permitted". It seems to be I have created a serious
> >problem. Can anyone please help me to solve this problem?
>
> Can you still login as root?
>
> Casper
> --
> Expressed in this posting are my opinions. They are in no way related
> to opinions held by my employer, Sun Microsystems.
> Statements on Sun products included here are not gospel and may
> be fiction rather than truth.
Hari wrote:
> No, Now I am not able to login as root. I have logged in as a different
> user.
I'd suggest first of all that rebooting will make things a whole lot
worse.
Your first job is to get root so that you can fix up the permissions.
Since you've changed all the permissions none of the setuid(0) binaries
such as sudo will help you.
However you *might* be able to get lucky and use your normal user to
edit the root crontab file, or a system cronjob - since you've changed
the permissions to 777.
Perhaps add a shell script into /etc/cron.d, /etc/cron.hourly, or
/var/spool/cron/crontabs.
make a script "/tmp/get-root" and add:
#!/bin/sh
cp /bin/sh /tmp/sh
chmod 4755 /tmp/sh
chown root:root /tmp/sh
Then get your cron daemon to execute that. Once it works, if it does,
you can use /tmp/sh to fixup the rest of the system / restore from a
backup
Steve
"Hari"
>No, Now I am not able to login as root. I have logged in as a different
>user.
It might not be possible to "su" because you probably removed the set-uid
bit from all executables.
Casper
--
Expressed in this posting are my opinions. They are in no way related
to opinions held by my employer, Sun Microsystems.
Statements on Sun products included here are not gospel and may
be fiction rather than truth.
"Hari"
>No, Now I am not able to login as root. I have logged in as a different
>user.
But if everything is mode 777,, you cann likely remove any obstacles to
being able to login directly as root using your editor of choice.
Casper
--
Expressed in this posting are my opinions. They are in no way related
to opinions held by my employer, Sun Microsystems.
Statements on Sun products included here are not gospel and may
be fiction rather than truth.
> But if everything is mode 777,, you cann likely remove any obstacles to
> being able to login directly as root using your editor of choice.
It depends, as things like /bin/login will have lost their setuid bit
so a root login would probably fail ..
Interesting problem to get into, I'm tempted to try it out for real
on a VMWare installation.
I guess the obvious attacks are against daemons that would still be
running from before the permission change. Since they'll still have
any setuid/setgid privileges.
Steve