I have accidentally changed the permission of "/usr/bin" directory and its files by the command:
$chmod 775 /usr/bin -R
First, there was a problem with sudo but I fixed it. Now I am suspicious that some programs may not run because of changing their permission.
I wonder it is possible to turn back its previous permission?
I am using Debian/testing.
Fortunately those permissions aren't complete destructive, but there is no "undo".
If you can't restore from back-up and you haven't installed anything from source under /usr/bin you can potentially use the package manager to recover the correct permissions:
For RPM based distributions (Red Hat Enterprise Linux, Fedora, CentOS etc.) doing so is fairly easy:
rpm -a --setperms
For dpkg based distributions (such as Debian & Ubuntu) it appears slightly less trivial ...
Most programs in /usr/bin should have permissions 755 — readable and executable by all, writable only by their owner, which is root. A few programs are setuid or setgid: they have extra privileges, which are confered by the setuid or setgid bit in the permissions. /usr/bin/sudo is one of them; it needs to be setuid root: chmod 4755 /usr/bin/sudo restores it.
If you only have official packages from Debian (as opposed to packages in distributions derived from Debian or from other sources), then you can find out which ones contain setuid/setgid binaries by going through the Lintian reports: setuid, setgid, both. In principle, all these packages should come with a file in /usr/share/lintian/overrides that declares the setxid binary (the tag “overridden” on these pages indicates the presence of such a declaration), but some packages don't comply (including ubiquitous ones such asat and xserver-xorg).
The following script prints out a shell script that executes the chmod command to restore files in /usr/bin to their default permissions, if their default permissions includes the setuid or setgid bit.
wget -q -O - https://lintian.debian.org/tags/set{uid,gid,uid-gid}-binary.html |
sed -n 's~^.*> *\(usr/bin/[^ ]*\) \([0-7][0-7][0-7][0-7]\).*~[ -e /\1 ] \&\& chmod \2 /\1~p'
In addition, some permissions can be configured locally. These permissions are registered with `dpkg-statoverride. You can list them with
dpkg-statoverride --list '/usr/bin/*'
and you can reapply these permissions with
dpkg-statoverride --list '/usr/bin/*' |
awk 'system("chmod " $3 " " $4)'
If you have packages not from Debian, the only way to be sure to get correct permissions is to reinstall them with apt-get --reinstall install PACKAGE-NAME.
wget … | sed … snippet only prints out commands to run, it doesn't execute them. Review them, and if you're satisfied, you can run them by adding | sh at the end.
– Gilles 'SO- stop being evil'
Aug 03 '15 at 12:11
| sh at the end of the script below, but I get an error sh: 1: Syntax error: redirection unexpected
`wget -q -O - https://lintian.debian.org/tags/set{uid,gid,uid-gid}-binary.html |
sed -n 's~.*> *\(usr/bin/[^ ]*\) \([0-7][0-7][0-7][0-7]\).*~[ -e /\1 ] && chmod \2 /\1~p' | sh `
sudo) and setgid (needed forlocate) so those have to be manually fixed. Runningrpm -a --setugidsfirst might fix this. – rjh Nov 08 '22 at 22:43