once in a while i press enter too early. end result of changing permissions on the whole file system can be quite bad.
\n
\ni’ve run<\/p>\n
\r\nchmod gou+rwx -R \/ \r\n<\/pre>\nand immediately ended up with server i cannot log into. <\/p>\n
\r\ntail -f \/var\/log\/auth.log\r\nDec 24 12:09:46 testSql1 sshd[16291]: error: @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@\r\nDec 24 12:09:46 testSql1 sshd[16291]: error: @ WARNING: UNPROTECTED PRIVATE KEY FILE! @\r\nDec 24 12:09:46 testSql1 sshd[16291]: error: @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@\r\nDec 24 12:09:46 testSql1 sshd[16291]: error: Permissions 0777 for '\/etc\/ssh\/ssh_host_rsa_key' are too open.\r\nDec 24 12:09:46 testSql1 sshd[16291]: error: It is recommended that your private key files are NOT accessible by others.\r\nDec 24 12:09:46 testSql1 sshd[16291]: error: This private key will be ignored.\r\nDec 24 12:09:46 testSql1 sshd[16291]: error: bad permissions: ignore key: \/etc\/ssh\/ssh_host_rsa_key\r\nDec 24 12:09:46 testSql1 sshd[16291]: error: Could not load host key: \/etc\/ssh\/ssh_host_rsa_key\r\nDec 24 12:09:46 testSql1 sshd[16291]: error: @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@\r\nDec 24 12:09:46 testSql1 sshd[16291]: error: @ WARNING: UNPROTECTED PRIVATE KEY FILE! @\r\nDec 24 12:09:46 testSql1 sshd[16291]: error: @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@\r\nDec 24 12:09:46 testSql1 sshd[16291]: error: Permissions 0777 for '\/etc\/ssh\/ssh_host_dsa_key' are too open.\r\nDec 24 12:09:46 testSql1 sshd[16291]: error: It is recommended that your private key files are NOT accessible by others.\r\nDec 24 12:09:46 testSql1 sshd[16291]: error: This private key will be ignored.\r\nDec 24 12:09:46 testSql1 sshd[16291]: error: bad permissions: ignore key: \/etc\/ssh\/ssh_host_dsa_key\r\nDec 24 12:09:46 testSql1 sshd[16291]: error: Could not load host key: \/etc\/ssh\/ssh_host_dsa_key\r\nDec 24 12:09:46 testSql1 sshd[16291]: fatal: \/var\/run\/sshd must be owned by root and not group or world-writable.\r\n<\/pre>\nbut that’s just the beginning… system with such wide open perms will have couple services that just fail [like ssh] but also will be wildly insecure even if you manage to repair rights eg for ssh keys.<\/p>\n
fortunately there is simple way to fix it if you have access to another [similarly configured] server. first of all – do not log out from affected machine, unless you have console access [my machine was ~6000 km away and without kvm]. from server with destroyed permissions run:<\/p>\n
\r\ntestSql1:\/# ssh healthlyServer "find \/ -printf 'chmod %m %p \\n'"|\/bin\/bash\r\n<\/pre>\nand … we’re back to the happy days. if you know about some differences in the directory structure – check it manually or restore them from the backup. reboot to make sure all gets up fine.<\/p>\n