1

Long story short, I've got an Ubuntu server box that was recently compromised (I believe through a known exploit of an older version of Tomcat, which has already been updated). Part of the exploit set the permissions on pretty much everything to 777.

In attempting to fix the incorrect permissions I inadvertently set /lib to 644 instead of 755 as it should have been. As a result of this, no programs can be run (including but not limited to chmod), and the system cannot fully boot (either normally or into recovery mode).

Is there any way to gracefully recover from this mistake, or do I basically have to reinstall Ubuntu from scratch at this point?

The one thing I can do is access a limited command prompt through grub. Using this I can browse the machine's filesystem, but I haven't found any way to use it to modify any permissions. Is there a a way to do this using grub's command prompt?

Mat
  • 52,586
aroth
  • 135

1 Answers1

8

Well, you can recover from the permissions problem by booting a live CD/DVD/USB-drive, mounting your root filesystem (in a subdirectory), and running the chmod command there. SystemRescueCd is a distribution designed especially for this sort of repair, but any live CD that can handle your root filesystem will work.

But if your server has been compromised, it's very hard to be sure you've rooted out every trace of the compromise. The cracker could have left backdoors in surprising places. You're probably better off wiping the drive and reinstalling from scratch.

cjm
  • 27,160
  • +1 from me for the same reason. Installing from scratch is the best thing to do after such event. – Bonsi Scott Nov 25 '12 at 13:34
  • I went for the full reinstall. But it's good to know that an alternative workaround was also possible. – aroth Nov 25 '12 at 13:43