I used ubuntu 12.04 (32bit).Today,I mistakes a command is executed:
WARNING
DO NOT EXECUTE THIS COMMAND:
sudo find / -type d -exec chmod -Rf a-wr {} \;
I can't login system;The System is only one user,disable the root.Who knows how to solve?
Asked
Active
Viewed 6,452 times
-4
3 Answers
5
Taking read and write permission off of all directories in the system obviously destroys every normal distribution. This is nonsense.
Edit 1
The system can be repaired by booting another Linux (from CD/DVD/USB stick) and set the access rights correctly on all affected volumes. It may be complicated to restore the original state, getting it working again is easier. If there is just one user and no daemons providing services to the network there should neither be problems nor security risks.
mount -t auto /dev/whatever /mnt/targetvolume
find /mnt/targetvolume -type d -exec chmod 755 {} \;
find /mnt/targetvolume -type f -exec chmod 644 {} \;
chmod -R a+x /mnt/targetvolume/bin /mnt/targetvolume/sbin \
/mnt/targetvolume/lib /mnt/targetvolume/lib64 /mnt/targetvolume/sbin \
/mnt/targetvolume/usr/ /mnt/targetvolume/usr/bin \
/mnt/targetvolume/usr/lib /mnt/targetvolume/usr/lib64 \
/mnt/targetvolume/usr/sbin
It is important to restore the correct permissions in /etc. My advice is to ask someone with the same distro (who at best should have installed all the software you have installed) to give you these:
# on a working system
getfacl --recursive /etc > acl-etc.txt
# on your system
setfacl --restore=acl-etc.txt /etc
# or from the rescue system
setfacl --restore=acl-etc.txt /mnt/targetvolume/etc
This can be further improved by
- checking whether all your files and directories within /etc exist in the reference system
- having the package manager check the access rights of the installed packages (e.g. rpm --verify package)
Hauke Laging
- 90,279
-
sudo find / -type d -exec chmod -Rf a-wr {} ;Wrongful execution of a command.the system is only one user,than I can't login.how to do/. – Long_Qi Apr 05 '13 at 14:05
-
-
With
-R, chmod affects more than just directories. It's stripped read and write permissions everywhere, for everyone. – user Apr 05 '13 at 14:55 -
-
For
roottoo; it's just that being euid 0 bypasses those security checks. – user Apr 05 '13 at 15:21 -
-
2
Let's see what has happened, and what (if anything) can be done about it.
sudo find / -type d -exec chmod -Rf a-wr {} \;
That breaks down to some fairly simple parts:
sudo find / -type d
Harmless in and of itself. This simply generates a list of all directories (that's what -type d is for) on the file system.
-exec
For each entry in the list, execute the given command
chmod -Rf a-wr {}
Now we are getting serious. {} expands to the current list entry, so the command executed for each directory is chmod -Rf a-wr $DIRNAME. To chmod, -R means recursive operation, -f suppresses error message output, and a-wr removes write and read permission from all users (a stands for all, which is distinct from e.g. o for non-owners).
\;
End of command line to execute.
So (because passing the -R parameter to chmod giving it a directory causes it to perform the mode change on everything under it as well) the command you executed is effectively the same as the more readily understood
chmod --recursive --quiet a-wr /
I doubt I need to really say that pretty much anything on the system must be readable (and quite a lot of it writeable) by someone for things to work. Also note that removing read permission on a directory makes it impossible to get directory listings from it using ordinary means, which may wreak havoc elsewhere.
It may be possible to recover from this by reinstalling the packages that you have installed, but that won't help anything in e.g. your home directory, and there is no guarantee it'll work at all. You will need an appropriate architecture live CD (I'd recommend a live CD of the same OS you are using), boot using it, mount the root file system and drop to a shell. Then chroot /mnt /bin/bash where /mnt is the mount point for the system root file system, followed by mount -a to mount the remaining file systems.
Once there, dpkg -u --reinstall install '.+' should reinstall all packages, repairing most of the breakage. Note that it'll take a good while to complete.
Following this, go through your home directory and set reasonable permissions. You can start with something like the following, which should get you mostly up to speed at least.
find /home/me -not -type d -exec chmod 640 {} \;
find /home/me -type d -exec chmod 750 {} \;
This will set all directories to user read/write/execute, group read/execute, others no access, and non-directories to user read/write, group read, others no access, which is a reasonable baseline.
Again, there's no guarantee that everything will work following this repair (or that the repair will work at all; I haven't tried the exact command, and certainly not under the conditions you have created), but if it works, this should at least allow the system to boot. Once you have a bootable system, it does become much easier to perform further repairs.
A much easier alternative, if you have them, would be to practice your backup restoration practices.
user
- 28,901
-1
Johan tried to alert you but you ignored. So now if you've done with the damage then boot the system in single mode and check the logs. Try to change permission of /tmp to drwxrwxrwt - 'chmod o+t /tmp' and check.
Aasif
- 11
-
OP says they did this by mistake, and want to recover. @Johan's warning came way too late... – vonbrand Apr 05 '13 at 14:55
-
-
-
Won't help - still needs to restore permissions and finding out which files should have been readable by all and which shouldn't will be a copper-plated bitch. He'd almost be better off backing up user data, reinstalling from scratch, and replacing the data with assumed-safe permissions. – Shadur-don't-feed-the-AI Apr 05 '13 at 17:26
chmod -R a-x /asroot. Seems that it's not that uncommon. Wondering if googling for this exact command would return anything. – devnull Apr 05 '13 at 14:25