I overwrote all file permissions on the entire system to be executable!

E

einthusan

Please help! I accidentally overwrote all file permissions on the root folder.

In / directory:
chmod -R 0777 *

Is there some sort of rollback or "reset to default" command? OMG, I'm so stupid! :(
 
Last edited by a moderator:
But that only does the base, so then rebuild all ports. Then manually fix permissions on data files.

From now on, don't use unqualified wildcards. Also, setting anything to 777 is almost always a mistake.
 
The lesson here is thus: be VERY careful with -R. And as wblock stated, I would not use it with wildcards. At least not without thinking long and hard about what you are doing, first. And of course, don't run as root if you don't need the power. I've burned myself with this many years ago by doing the following, as root, on a production system (in an effort to fix my dotfile permissions).

[cmd=me@host:~ #] chown -R me .*[/cmd]

Seems innocuous enough?

.* of course matches ".."

So it traversed up into /home and started owning everyone's home directories to myself. Managed to realise "Hmm that's taking a long time... oh crap!" and killed it before it went too much further, and managed to fix it with an awk script. Luckily it was an elderly sparc with a fairly busy disk.

But yes. Be careful. VERY careful.
 
Thanks everyone for the awesome support! Just curious about how dangerous is this? If I'm the only user and ever will be, but if it''s a production machine running a web service, does this make the system vulnerable to attacks from outside?
 
If you run anything that has a vulnerabilities and chances are you do, then if someone gets in your computer he or she will have access to everything on your computer and it's something you probably don't want ;)
 
Any file with 777 permissions means anyone can do anything to that file (except delete it; unless the directory also has 777).
 
To clarify the above: it means that if someone was able to get your HTTP daemon (or other daemon) to write to the filesystem, they could modify your startup scripts, firewall rules, etc.

If it is a production web server, you definitely want to secure it. Whilst it may not be a wide open door in itself, it means that you've removed a huge amount of security from the box. A small hole can now very easily be exploited into a massive hole.
 
Thanks again for all the clarification.

Okay so I did as everyone suggested, upgraded to the latest stable version and reinstalled all the ports as well. However, I am still a bit worried about if it worked or not. Is this how your root, usr and var directory permissions look like?

/
Code: 
total 138
-rw-r--r--   2 root  wheel  1012 Jun 10 03:10 .cshrc
-rw-r--r--   2 root  wheel   259 Jun 10 03:10 .profile
-r--r--r--   1 root  wheel  6200 Jun 10 03:10 COPYRIGHT
drwxr-xr-x   2 root  wheel    46 Jun 11 02:30 bin
drwxr-xr-x   8 root  wheel    43 Jun 11 02:30 boot
dr-xr-xr-x  10 root  wheel   512 Jun 10 22:34 dev
-rw-------   1 root  wheel  4096 Jun 10 03:59 entropy
drwxr-xr-x  20 root  wheel   105 Jun 11 02:56 etc
drwxr-xr-x   3 root  wheel    48 Jun 11 02:30 lib
drwxr-xr-x   3 root  wheel     7 Jun 11 02:30 libexec
drwxr-xr-x   2 root  wheel     2 Jan  3 02:55 media
drwxr-xr-x   2 root  wheel     2 Jan  3 02:55 mnt
dr-xr-xr-x   2 root  wheel     2 Jan  3 02:55 proc
drwxr-xr-x   2 root  wheel   142 Jun 11 02:30 rescue
drwxr-xr-x   3 root  wheel     9 Jun 10 06:49 root
drwxr-xr-x   2 root  wheel   131 Jun 11 02:30 sbin
lrwxr-xr-x   1 root  wheel    11 Jun 11 02:30 sys -> usr/src/sys
drwxrwxrwt   6 root  wheel   680 Jun 11 03:01 tmp
drwxr-xr-x  16 root  wheel    16 Jun 11 01:49 usr
drwxr-xr-x  23 root  wheel    23 Jun 10 22:34 var

/var
Code: 
total 179
drwxr-xr-x  2 root    wheel    2 Jan  3 02:55 account
drwxr-xr-x  4 root    wheel    4 Jan  3 02:55 at
drwxr-x---  2 root    audit    2 Jan  3 02:55 audit
drwxr-x---  2 root    wheel    9 Jun 11 03:01 backups
drwxr-x---  2 root    wheel    2 Jan  3 02:55 cache
drwxr-x---  2 root    wheel    3 Jan  3 02:57 crash
drwxr-x---  3 root    wheel    3 Jan  3 02:55 cron
drwxr-xr-x  9 root    wheel   13 Jun 11 03:02 db
dr-xr-xr-x  2 root    wheel    2 Jan  3 02:55 empty
drwxrwxr-x  2 root    games    2 Jan  3 02:55 games
drwx------  2 root    wheel    2 Jan  3 02:55 heimdal
drwxr-xr-x  2 root    wheel   29 Jun 11 03:01 log
drwxrwxr-x  2 root    mail     3 Jun 11 03:02 mail
drwxr-xr-x  2 daemon  wheel    3 Jun  8 18:36 msgs
drwxr-xr-x  5 root    wheel    5 Jan  3 02:55 named
drwxr-xr-x  2 root    wheel    2 Jan  3 02:55 preserve
drwxr-xr-x  5 root    wheel   21 Jun 11 03:02 run
drwxrwxr-x  2 root    daemon   2 Jan  3 02:55 rwho
drwxr-xr-x  8 root    wheel    8 Jan  3 02:55 spool
drwxrwxrwt  7 root    wheel    7 Jun 11 03:02 tmp
drwxr-xr-x  2 root    wheel    4 Jun 11 02:30 yp

/usr
Code: 
total 143
drwxr-xr-x   2 root  wheel  477 Jun 11 02:56 bin
drwxr-xr-x   2 root  wheel   16 Jun 11 02:30 games
drwxr-xr-x   2 root  wheel    2 Jun  8 11:22 home
drwxr-xr-x  53 root  wheel  283 Jun 11 02:30 include
drwxr-xr-x   7 root  wheel  556 Jun 11 02:30 lib
drwxr-xr-x   4 root  wheel  571 Jun 11 02:30 lib32
drwxr-xr-x   5 root  wheel    5 Jan  3 02:55 libdata
drwxr-xr-x   6 root  wheel   62 Jun 11 02:30 libexec
drwxr-xr-x  13 root  wheel   13 Jun 10 01:18 local
drwxr-xr-x   4 root  wheel    4 Jun 11 02:16 obj
drwxr-xr-x  69 root  wheel   85 Jun 11 02:51 ports
drwxr-xr-x   2 root  wheel  286 Jun 11 02:30 sbin
drwxr-xr-x  27 root  wheel   27 Jan  3 02:57 share
drwxr-xr-x  22 root  wheel   31 Jun 11 01:43 src
 
I was too looking for the solution for this particular problem and found this thread thanks for helping each other guys.
 
You must log in or register to reply here.
Back
Top