chmod gou+rwx -R / ?

once in a while i press enter too early. end result of changing permissions on the whole file system can be quite bad.

i’ve run

chmod gou+rwx -R / 

and immediately ended up with server i cannot log into.

tail -f /var/log/auth.log
Dec 24 12:09:46 testSql1 sshd[16291]: error: @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
Dec 24 12:09:46 testSql1 sshd[16291]: error: @         WARNING: UNPROTECTED PRIVATE KEY FILE!          @
Dec 24 12:09:46 testSql1 sshd[16291]: error: @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
Dec 24 12:09:46 testSql1 sshd[16291]: error: Permissions 0777 for '/etc/ssh/ssh_host_rsa_key' are too open.
Dec 24 12:09:46 testSql1 sshd[16291]: error: It is recommended that your private key files are NOT accessible by others.
Dec 24 12:09:46 testSql1 sshd[16291]: error: This private key will be ignored.
Dec 24 12:09:46 testSql1 sshd[16291]: error: bad permissions: ignore key: /etc/ssh/ssh_host_rsa_key
Dec 24 12:09:46 testSql1 sshd[16291]: error: Could not load host key: /etc/ssh/ssh_host_rsa_key
Dec 24 12:09:46 testSql1 sshd[16291]: error: @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
Dec 24 12:09:46 testSql1 sshd[16291]: error: @         WARNING: UNPROTECTED PRIVATE KEY FILE!          @
Dec 24 12:09:46 testSql1 sshd[16291]: error: @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
Dec 24 12:09:46 testSql1 sshd[16291]: error: Permissions 0777 for '/etc/ssh/ssh_host_dsa_key' are too open.
Dec 24 12:09:46 testSql1 sshd[16291]: error: It is recommended that your private key files are NOT accessible by others.
Dec 24 12:09:46 testSql1 sshd[16291]: error: This private key will be ignored.
Dec 24 12:09:46 testSql1 sshd[16291]: error: bad permissions: ignore key: /etc/ssh/ssh_host_dsa_key
Dec 24 12:09:46 testSql1 sshd[16291]: error: Could not load host key: /etc/ssh/ssh_host_dsa_key
Dec 24 12:09:46 testSql1 sshd[16291]: fatal: /var/run/sshd must be owned by root and not group or world-writable.

but that’s just the beginning… system with such wide open perms will have couple services that just fail [like ssh] but also will be wildly insecure even if you manage to repair rights eg for ssh keys.

fortunately there is simple way to fix it if you have access to another [similarly configured] server. first of all – do not log out from affected machine, unless you have console access [my machine was ~6000 km away and without kvm]. from server with destroyed permissions run:

testSql1:/# ssh healthlyServer "find / -printf 'chmod %m %p \n'"|/bin/bash

and … we’re back to the happy days. if you know about some differences in the directory structure – check it manually or restore them from the backup. reboot to make sure all gets up fine.

[based on this]

Leave a Reply

Your email address will not be published. Required fields are marked *