Ask Your Question
0

Accidental change of /usr directory's permissions

asked 2017-07-10 11:16:37 -0500

JLeftley gravatar image

updated 2017-07-10 11:20:20 -0500

Hi,

So I have accidentally run this command: sudo chown -R jleftley:wheel /usr (Incredibly stupid I know, wasn't thinking) and I have broken, most notably, sudo. Once I finish re-backing up my system I will follow this: https://askubuntu.com/a/471503 to hopefully get sudo back but I want to know what the permissions of the rest of the /usr/ directory should be.

Note: re-installing should be a last resort.

I am running Fedora 22, ls -l /usr/bin/sudo prints: -r-x--x--x 1 jleftley wheel 143136 Jul 11 2016 /usr/bin/sudo

Thank you in advance,

James

edit retag flag offensive close merge delete

2 Answers

Sort by » oldest newest most voted
1

answered 2017-07-10 15:22:47 -0500

villykruse gravatar image

rpm has options to restore user id and permission for given packages. Extract from man rpm:

 MISCELLANEOUS COMMANDS
   rpm --showrc
          shows the values rpm will use for all of the options are  cur‐
          rently set in rpmrc and macros configuration file(s).

   rpm --setperms PACKAGE_NAME
          sets permissions of files in the given package.

   rpm --setugids PACKAGE_NAME
          sets  user/group ownership of files in the given package. This
          command can change permissions of files in that package. It is
          caused  by  calling command chmod that can clear SUID and SGID
          bits in some situations. So it is safer to  call  also  --set‐
          perms after calling --setugids.

   Options --setperms and --setugids are mutually exclusive.

I am not sure if you can use the -a option to specify all packages, or you have to name all the packages when running the command.

edit flag offensive delete link more

Comments

I think it worked! Most of the permissions look correct and are root:root. It did break my sudo againg however but that was fixed with: chown root:wheel /usr/bin/sudo && chmod 4755 /usr/bin/sudo

For reference do all is:

for p in $(rpm -qa); do rpm --setperms $p; done

for m in $(rpm -qa); do rpm --setugids $m; done

Thank you :)

JLeftley gravatar imageJLeftley ( 2017-07-10 16:27:19 -0500 )edit

The man page suggest to the setugids first and then setperms. Modifying user or group ids usually clears setuid and/or setgid.

villykruse gravatar imagevillykruse ( 2017-07-11 03:09:44 -0500 )edit
0

answered 2017-07-10 11:32:05 -0500

aeperezt gravatar image

For sudo you need to set up this:

chmod 4011 /usr/bin/sudo

Good Luck

edit flag offensive delete link more

Comments

You could use the live image, to get a list of the files a their permits, so you can set the proper permits, another way now that sudo works is to reinstall some packages

aeperezt gravatar imageaeperezt ( 2017-07-10 15:17:18 -0500 )edit

Sudo works now, I had to change the permissions on /usr/libexec/sudo/sudoers.so also. Everything seems to work but I'm sure I'll run into more problems down the line if I don't correct the rest of the /usr/ permissions as well.

Step in the right direction though, thanks :)

JLeftley gravatar imageJLeftley ( 2017-07-10 16:24:28 -0500 )edit

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Question Tools

Stats

Asked: 2017-07-10 11:16:37 -0500

Seen: 240 times

Last updated: Jul 10 '17