[Edit: See full list of commands I ran at the bottom.]
I accidentally ran chmod +x *
inside ~/.config
which contained two .sh file that I wanted to make executable. There is no prompt for password nor confirmation window in this situation, and I knew it, but that was a moment of inattention and it was already too late when I realized what I just typed.
Turns out that at some point, in a moment of panic, I ran chmod -R 755 *
based on the beginning of this answer, as if reacting fast in that moment would make things better. This totally made things worse, spreading the issue to the whole system.
Fortunately, I was not super user (I would probably have thought more carefully if I had been, maybe I would have avoided the issue in the first place), but the extent of the damage already seems quite massive. All files and folders on my system that my user owned are now executable. This includes pretty much every kind of file, and over 10 TB in total, because I had several HDD mounted in /run/media/.
There are probably some folders of my system that I could fix because I know they contained mostly data that should not be executable, like pictures or videos. But I am mostly concerned about the rest.
Can I chmod -x /home
to at least limit the security issue, and then fix just ~/.local/share/applications/*.desktop
, or are there some other folders that I should check?
What about other /
subfolders that my user might have been able to alter? I'm concerned about folders on the Linux system, and /home
, but also the HDDs mounted in /run/media/myself
(some of them contained software, not just static files).
Could there be a pattern that could help making a list of files for which execution permission is actually relevant, either by extension or from their content? This would perhaps allow me to chmod -x *
to revert the massive change and then review manually the list to restore execution permissions on individuals files that should actually be executed.
I am backing up everything I can as I type, but I am backing up files that have been affected. Is there hope?
[Edit] Note that I have a laptop with the same distribution, same username, and many programs in common. Not everything is the exactly the same, but could I list files that are actually executable across the system on the laptop, and then have a script comparing this list to the other computer? If everything is made non-executable on the other computer with chmod -x *
, then maybe the executable files found on the laptop that also occur on the other computer could be made executable automatically? Similar approach here.
[Edit 2] After careful review of the history, here is the list of commands I ran: https://p.teknik.io/Simple/blpKo
-R
switch withchmod
and it even if you had done that, it wouldn't have operated on all of the files and directories that you own that are not in that directory. – Nasir Riley Aug 10 '19 at 03:36chmod -R 755 *
based on the beginning of this answer, as if reacting fast in that moment would make things better. Fortunately I was still a normal user, not root, but this is likely what spread the issue to all files and subfolder in/
that my user could edit. – Koubak Aug 10 '19 at 03:54chmod -R 777 /
as root *will break your system*." part at the beginning of the answer, or thechmod -R 755 /bin /boot /dev /etc/ /home /lib /lib64 ...
part at the beginning of the answer? – Michael Homer Aug 10 '19 at 04:39chmod -R 777 /
. However I did runchmod -R 755 *
as normal user, I was trying to achieve the same aschmod -R 755 /bin /boot /dev /etc/ /home /lib /lib64…
in the answer. Don't ask me why I did not follow it carefully, I was not thinking clear. But anyway that answer turned out to have negative comments, and I thought it might make things worse so I stopped my shenanigans afterchmod -R 755 *
, started to do backups, and came here to ask. – Koubak Aug 10 '19 at 14:45~/.config
contains personal application configuration files for your user, the*
shell glob would not have expanded to include "system" files, and even if it did, your user would not have had sufficient privileges to have modified them. Most of the errors you are seeing are likely the result of the second command that you ran (chmod -x *
) which removed execute permissions from all the immediate subdirectories of~/.config
(execute permission is required in order from programs to traverse directories) – steeldriver Aug 10 '19 at 15:46chmod -R 755 *
was the same aschmod -R 755 /
, hence the dramatic tone above. I'm still surprised thatls -la /
shows execution permissions, is that normal?I suppose the reason why files have been changed outside of
– Koubak Aug 10 '19 at 17:04~/.config
is thechmod -R 755 /home
I ran just beforechmod -R 755 *
(cf. pastebin). It altered all/home
subfolders. I have a/home/koubak/Media
symlink pointing to my HDDs in/run/media/koubak/
, which I guess is how the whole issue expanded to there too.On a forum, someone recommended that I run
find /home -type f -exec chmod -x {} \;
, which should change files only, and someone else suggested runningchmod -R 750 /home
, which will apply to folders as well. The other difference is the former command will remove execute permissions on all files but leave the rest as is, whereas the latter will obviously set rwxr-x--- permissions everywhere.What would be best in my case? With the second command I probably won't have to manually add execute permissions to files, but is 750 everywhere in /home safe?
– Koubak Aug 10 '19 at 23:36~/.ssh
are not allowed to have read permissions for the group, so don't mess withchmod -R 750
. It should be save to do afind ~/.config -type f -exec chmod -x {} \;
, though. – Philippos Aug 13 '19 at 06:37/home/koubak
was affected since I didn'tsudo
, but I did run it recursively, so that's a lot of other subfolders down the line. Fixing~/.config
is actually OK because I backed up my dotfiles, but other subfolders that I never browsed but that were used by programs might be more of an issue. I expect many had a fea files that needed execute to run correctly. I'll try to fix that slowly over time. In the mean time, I was wondering if I couldn't actually take advantage of my issue and homogenize my files to 664, and 751 for folders. – Koubak Aug 14 '19 at 22:14