By mistake was executed command:
sudo chmod -R 777 /etc/
Is there any way to return permissions in the correct state ?
Asked
Active
Viewed 629 times
1
2 Answers
1
This answer assumes that you don't have a backup.
As information - the permission metadata - was lost in your system, there is no way back without an external source.
It might be another Linux, ideally the same distribution and release as yours.
First, set back the permissions, all directory to 755 and all files to 644. You can do this in /etc with the following script:
find -type d -print0|xargs -n 500 -P 1 -0 chmod 755
find -type f -print0|xargs -n 500 -P 1 -0 chmod 644
Second, dump the permission data into a text file on the other system with the command
find -print 0|xargs -0 -P 1 -n 500 ls -ld|sort -k +9 > permdata_ok.txt
You will get a permdata.txt on the remote system. Sort is needed, later I explain, why. Move this file from the remote system to your local one.
Do the same script also on your local system, but instead permdata_ok.txt use permdata_bad.txt.
Now comes the trick. Compare these files together!
The command is: diff -urNw permdata_bad.txt permdata_ok.txt. Its output syntax won't be very beautiful for you if you are not a developer, but you can accustome it.
You will see the differences in the file modes and in the file. If there is too much difference, set it back manually.
Since not all files exist on both systems, you will need some rational thinking.
If your system is security sensitive, it is better to set to 700/600 everything in the first step. Then you will have much more permission-related problems later, but you won't cause security breach.
peterh
- 9,731
-
If you compare
ls -loutput usingdiffyou will see any differences in the meta data including different file size and different time stamps. This is whystar -diff -v diffopts=...is a nice tool. – schily Sep 02 '18 at 18:33
0
If you have a backup, even if it is old - use star:
cd /
star -xpU -meta pat=etc* < backup.tar
Ths does not restore the content, but only the meta data for the files e.g. permissions owner....).
If you have a second installation with the same OS version, make a meta data backup from that system using:
cd /
star -c -meta etc > /tmp/backup.tar
and later extract the meta data on the corrupted system using:
cd /
star -xpU -meta < backup.tar
If this does not apply to you, you need to reinstall...
See the man page http://schilytools.sourceforge.net/man/man1/star.1.html for more information.
As mentioned by @dsstorefile1 copying meta data from another system will only be a complete solution if there are no files on the corrupted system that are missing on the refefence system, but you may check the files in /etc/ after the meta data restoration for files that are as young as the curruption but older than the restauration and still have 777.
BTW: star can also be used to compare the permissions since star -diff allows to compare the file content and all meta data and more important, star allows to configure what is compared by using the diffopts= option.
So if you have a backup from another similar system, you could run:
cd /
star -diff -v diffopts=perm pat=etc* < backup.tar
to compare only the permissions. If that backup has been created with star -c -dump ...,
cd /
star -diff -vv diffopts=perm,dir pat=etc* < backup.tar
will also list files that are on the local system but missing in the backup.
schily
- 19,173
chmodorchownwith/etcanywhere in the name of what I'm modifying for this very reason. The best thing to do in your case is just reinstall as that's the only way to be certain that everything is back to normal. – Nasir Riley Sep 02 '18 at 16:13