Results 1 to 25 of 25
  1. #1
    Join Date
    Aug 2004
    Location
    AU
    Posts
    690

    chown -R in root accident

    Hi,

    I accidently put chown -R username:username * in /root and there is no way to revert? (I forgot to cd directory before chown ownership). I was hoping if there is another way to fix it such as default chown or chown each directories exim, cpanel and whole systems?

    I have tried put chown root but /bin/su could not log in as permission denied so I tried to chmod /bin/su in the wheel group but the password failed when tried log in. (I opened another SSH because I didn't want to log out in first SSH).

    The server management said I require OS reload but I paid it few days ago and do not want to pay again.

    Thanks

  2. #2
    Join Date
    Apr 2003
    Location
    San Jose, CA.
    Posts
    1,622
    Have them boot from a livecd, start up SSH so you can login, mount the existing partitions... and fix the directory ownerships that way.

  3. #3
    Join Date
    Mar 2003
    Location
    California USA
    Posts
    13,294
    If you can get a livecd / rescue cd in the server it can be fixed up.
    Steven Ciaburri | Industry's Best Server Management - Rack911.com
    Software Auditing - 400+ Vulnerabilities Found - Quote @ https://www.RACK911Labs.com
    Fully Managed Dedicated Servers (Las Vegas, New York City, & Amsterdam) (AS62710)
    FreeBSD & Linux Server Management, Security Auditing, Server Optimization, PCI Compliance

  4. #4
    Join Date
    Mar 2005
    Location
    Hattiesburg, MS
    Posts
    159
    Why not chown the folders back to root?

    chown -R root:root /etc/

    chown -R root:root /bin/

    chown -R root:root /sys/

    and the rest...
    InsanelyMacintosh - Macintosh Software Repository Listings

  5. #5
    Join Date
    Aug 2004
    Location
    AU
    Posts
    690
    I have contacted management to get livecd, they said they don't have one on hand. They'll see if the day shift tech can bring one in with him when he gets here.

    kingshosting, do you have any more commands from you said and the rest?
    I used chown -R root:root * to go back but not sure if they are right. SSH is unable to access as it says:

    -bash-3.00$ su
    Password:
    su: incorrect password (it is correct pass)
    -bash-3.00$

    Thanks for your help.
    Last edited by TRIBOLIS; 11-23-2006 at 04:26 AM.

  6. #6
    Join Date
    Jun 2003
    Location
    UK
    Posts
    6,601
    Do you have direct root SSH access and which OS is it?
    Russ Foster - Industry Curmudgeon

  7. #7
    Join Date
    Apr 2002
    Location
    USA
    Posts
    5,779
    Does the username you chowned everything to have ssh access to the box? If so try logging in as that user to ssh and then start chowning things back to root.
    Try logging in with the root password and that user name even if they do not have ssh access it may work.

  8. #8
    Join Date
    Sep 2005
    Location
    Southern California
    Posts
    179
    Quote Originally Posted by Techark
    Does the username you chowned everything to have ssh access to the box? If so try logging in as that user to ssh and then start chowning things back to root.
    Try logging in with the root password and that user name even if they do not have ssh access it may work.
    Users cannot chown files to root. He's going to have to either get a root shell and restore the permissions himself, or get someone to boot a livecd (or in single user mode) as suggest above to do it.

    Additionally, the reason that su no longer works (for those wondering) is likely because it is a setuid binary. Since it is no longer owned to root, it will just run as the unprivileged user which is useless.

  9. #9
    Join Date
    Aug 2004
    Location
    AU
    Posts
    690
    a2b2, yes I have disabled direct root login and it is CentOS.

  10. #10
    Join Date
    Aug 2004
    Location
    AU
    Posts
    690
    It is / not /root directory. All system folders have changed ownership as I did try revert root ownership.

    Still get this error:
    -bash-3.00$ su
    Password:
    su: incorrect password (it is correct pass)
    -bash-3.00$

    They are in second SSH program. The first one I am still in.. I won't log out because I don't want to locked out (support could not access except me).

  11. #11
    Join Date
    Jun 2003
    Location
    UK
    Posts
    6,601
    A wild shot but does sudo -s work?
    Russ Foster - Industry Curmudgeon

  12. #12
    Join Date
    Sep 2005
    Location
    Southern California
    Posts
    179
    Run this and then try again. Make sure you copy and paste it so its not mistyped:

    Code:
    chown root:wheel `which su`
    If it still doesn't work, run the following command and paste the result here

    Code:
    ls -l `which su`

  13. #13
    Join Date
    Apr 2002
    Location
    USA
    Posts
    5,779
    Quote Originally Posted by localhost127
    Users cannot chown files to root. He's going to have to either get a root shell and restore the permissions himself, or get someone to boot a livecd (or in single user mode) as suggest above to do it.

    Additionally, the reason that su no longer works (for those wondering) is likely because it is a setuid binary. Since it is no longer owned to root, it will just run as the unprivileged user which is useless.
    Depends on what privileges that user had and if he can log in as that user and escalate his privileges.
    Your right about that but if he just chowned everything on the box to that username , I do not know if that username is now for all practical reasons now root super user.

    It is a long shot at best, if it does not work then he has no choice but to wait for the data center to boot the system using livecd and change the ownerships back to root.

  14. #14
    Join Date
    Sep 2005
    Location
    Southern California
    Posts
    179
    Quote Originally Posted by Techark
    Depends on what privileges that user had and if he can log in as that user and escalate his privileges.
    Your right about that but if he just chowned everything on the box to that username , I do not know if that username is now for all practical reasons now root super user.

    It is a long shot at best, if it does not work then he has no choice but to wait for the data center to boot the system using livecd and change the ownerships back to root.
    Unfortunately owning everything to another user does not make that user root (this is really a good thing for TRIBOLIS). The 'su' binary requires it's UID to be 0 (root) in order to actually work. He says that he left the shell open so he does have a root shell. If this is the case then it is just a matter of repairing the correct permissions.

  15. #15
    Join Date
    Apr 2002
    Location
    USA
    Posts
    5,779
    I did say it was a long shot.

    Yes I agree. But he says he has root open but it is not letting him chown things back to root so either he does not have root or root has lost permissions or the username he chowned it to is now root.

    I really think he is stuck until livecd or OS reload is done.

  16. #16
    Join Date
    Aug 2004
    Location
    AU
    Posts
    690
    Quote Originally Posted by localhost127
    Run this and then try again. Make sure you copy and paste it so its not mistyped:

    Code:
    chown root:wheel `which su`
    If it still doesn't work, run the following command and paste the result here

    Code:
    ls -l `which su`
    Ok my first SSH program I left open:

    [email protected] [~]# chown root:wheel `which su`
    [email protected] [~]# ls -l `which su`
    -rwxr-x--- 1 root wheel 60772 Aug 13 06:26 /bin/su*
    [email protected] [~]#

    Isn't that good result?


    Quote Originally Posted by a2b2
    A wild shot but does sudo -s work?
    This is second SSH program to log in SSH, here is:

    -bash-3.00$ sudo -s

    We trust you have received the usual lecture from the local System
    Administrator. It usually boils down to these two things:

    #1) Respect the privacy of others.
    #2) Think before you type.

    Password:
    myusernamexx is not in the sudoers file. This incident will be reported.
    -bash-3.00$

    myusernamexx = same for the root disabled.

    Quote Originally Posted by Techark
    Yes I agree. But he says he has root open but it is not letting him chown things back to root so either he does not have root or root has lost permissions or the username he chowned it to is now root.
    I'm not sure what you mean about root open and ssh open. I have SSH program open and I am in. I am not really sure if I am really 'root'. I am able to chown/permission users' accounts from restored the backup but the sites aren't working.

    Here is what Support said, hope it'll clear.
    I think you did something because I just tried to log in to see what the problem was and now it's not letting me su to root.

    -bash-3.00$ su
    -bash: /bin/su: Permission denied

    If you want us to be able to look at what the problem is after you've fixed permissions, you need to change this back so we can get in.

    -----

    I believe you just seriously messed up the server. You changed ownership of numerous system files by using the asterisk.

    [email protected] [/]# chown -R xxxuser:xxxuser * (it is what I accidently for not used cd directory first before use chown)

    That changed the owner of every file on the system to that user


    After Support said that. So I chown -R root:root * then no errors. But I think it already screwed the / system folders to change the ownership.

    Thanks guys!
    Last edited by TRIBOLIS; 11-23-2006 at 06:21 AM.

  17. #17
    Join Date
    Sep 2005
    Location
    Southern California
    Posts
    179
    Looks like permissions are screwed up on your su binary. Run this command:

    Code:
    chmod 4750 `which su`

  18. #18
    Join Date
    Aug 2004
    Location
    AU
    Posts
    690
    ok, I've done that:
    [email protected] [~]# ls -l `which su`
    -rwsr-x--- 1 root wheel 60772 Aug 13 06:26 /bin/su* <-- red colour. Before was green. So what's next now?

  19. #19
    Join Date
    Aug 2004
    Location
    AU
    Posts
    690
    (Edited: can't edit my post after 15 mins)

    I forgot to show you the wheel.

    [email protected] [~]# chown root:wheel `which su`
    [1] Killed chown -R otheruserxxtheruserxx * (wd: /)
    (wd now: ~)

    otheruserxx = not my root username, it's the same from what I did accidently.

  20. #20
    Quote Originally Posted by TRIBOLIS
    ok, I've done that:
    [email protected] [~]# ls -l `which su`
    -rwsr-x--- 1 root wheel 60772 Aug 13 06:26 /bin/su* <-- red colour. Before was green. So what's next now?
    That's good. Green means it's an ordinary executable; red means the executable runs with the owner's UID (suid), in this case root's. The su command should work at this point.

  21. #21
    Join Date
    Aug 2004
    Location
    AU
    Posts
    690
    So that means my SSH has killed 'otheruserxx' and su will work with root?

  22. #22
    Join Date
    Aug 2004
    Location
    AU
    Posts
    690
    Everything is fine now. The outside tech has finally contacted me as he has fixed chown - home and permission. Also support finally had rescue disk. Should be work soon.

    Thank you guys so much for helping!

  23. #23
    Join Date
    Aug 2004
    Location
    AU
    Posts
    690
    Just let you know, the rescue disk went back the same and could not access SSH. The su and /home directory were worked before the server crashed. The technical support did not help very much, asked me to pay $70 support hourly or another OS reload. Then I asked for the rescue disk you told me to. After they installed rescue disk, I hired the outside tech, said I do not need OS reload, just fix the su and permission folders. He could not access the live cd to set the folders permission and asked technical support to give us the permission. The support got tired of dealing with me and plugged my server out, refunded straight away. They accused me of lying to them. I just followed what my tech asked me to. How unprofessional they are.

    I did not want to pay for $70 hourly or OS reload because I listened to you and my tech (I have saved money not to pay another OS reload, lucky yeah) while fixed the su from this forum after requested rescue disk. I got su worked then support replied the rescue disk is installing. I could not stop them because I thought it might be fix or go back to normal. Oh well...

    After they plugged my server out, I immediately looked for another different provider after quick reviews and my dedicated provider list.

  24. #24
    Join Date
    Mar 2005
    Location
    Budapest
    Posts
    109

    Question me too

    Hello!

    I'm accidently made the same... did chown -R dothu:dothu /

    I think I'm only messed up the sys folder:
    image here:
    inside the sys folder image here

    What do you think is it enough to do chown -R root:root /sys
    ??
    also I need to restore root:root to quota.user file as you can see in the first link?

    Zoltan

  25. #25
    Join Date
    Mar 2003
    Location
    Canada
    Posts
    8,910
    Quote Originally Posted by mysterygang View Post
    What do you think is it enough to do chown -R root:root /sys
    ??
    also I need to restore root:root to quota.user file as you can see in the first link?
    What happened, did you issue the chmod command and stop it as soon as you noticed that it was recursive against the entire file system? It does appear that only /sys was affected, so yes you can chmod -R root:root /sys and chmod root:root /quota.user to restore the permissions.

    Just to make sure, run the following command to see if any other files are owned by dothu outside of the home directory:

    find / -user dothu | grep -v /home/dothu
    Patrick William | RACK911 Labs | Software Security Auditing
    400+ Vulnerabilities Found - Quote @ https://www.RACK911Labs.com

    www.HostingSecList.com - Security notices for the hosting community.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •