Anyway to restore permission on Ubuntu?

[Master Disaster]

I'm 99% sure I will have to do a full reinstall here but just in case someone knows something I don't....

 

I was up mega late last night trying to get my webserver to allow directory/file listing on a single folder (with it disabled globally) using a per folder override, because it was like 2am I missed a totally obvious mistake that I hadn't chown'd and chmodded the the files after I moved them over from my Windows PC.

 

I woke up very early (05:30) and literally the first thought was "a'ha, I didn't set permissions" so off I go to change them...

 

So after changing directory instead of running "sudo chmod -Rv 0775 ./*" I actually ran "sudo chmod -Rv 0755 /*" and totally destroyed my webserver. I stopped it as soon as I noticed but it got the /etc, /usr & /proc folders.

 

Funnily enough Apache still works fine however I cannot actually do anything with it since as soon as I SSH in I get "Warning: Sudoers list is publicly writeable" followed by "Warning: Sudoers list must be owned by group 0 and have GID bit set".

 

Some stuff that should require SUDO now works without it but mostly I just get errors when doing anything.

 

Really long shot, is there some magical way I can restore it back or am I spending my Saturday reinstalling it?

 

Thanks.

[Jarsky]

you could try running "apt-get --reinstall install" (I assume its Ubuntu / Debian based?)

but considering you just chmodded your entire server, not sure hif that will fix it 

[leadeater]

Ufff that sounds horrible. Personally I would reinstall. I could probably supply you a txt file with the default permissions tree and you could use that to correct the permissions but wouldn't be able to trust that OS install ever again.

[Master Disaster]

8 minutes ago, Jarsky said:

you could try running "apt-get --reinstall install" (I assume its Ubuntu / Debian based?)

but considering you just chmodded your entire server, not sure hif that will fix it 

Yeah, found this command on stack overflow, unfortunately apt wants SUDO which I cannot give it.

 

6 minutes ago, leadeater said:

Ufff that sounds horrible. Personally I would reinstall. I could probably supply you a txt file with the default permissions tree and you could use that to correct the permissions but wouldn't be able to trust that OS install ever again.

I'm backing up my apache confs and other important files ATM. This is going to be a fun day

 

Edit - Well its a lesson learned anyway, I will never use relative pathing for anything important again, its absolute all the way.

[Jarsky]

2 minutes ago, Master Disaster said:

Yeah, found this command on stack overflow, unfortunately apt wants SUDO which I cannot give it.

because of the warning about /etc/sudoers ?

You could boot up a Linux Live distro, mount the disk and change the permission on the sudoers file. It should be chmod 440 and owned by root:root

[Jarsky]

You could also try booting into the recovery shell to drop into root, then you dont need sudo

 

https://askubuntu.com/questions/92556/how-do-i-boot-into-a-root-shell#:~:text=LTS or earlier-,During boot%2C press and hold Shift (for BIOS) or,usually the second boot entry).&text=Choose "Resume normal boot" to proceed booting as usual.

[Master Disaster]

Just now, Jarsky said:

because of the warning about /etc/sudoers ?

You could boot up a Linux Live distro, mount the disk and change the permission on the sudoers file. It should be chmod 440 and owned by root:root

Thanks for the help, I really do appreciate it but I have to agree with Leadeater on this one, even if I did fix this I don't think I'd ever be able to trust it again and it is my one public facing server that hosts my website and a few other web services.

 

I'm biting the bullet, calling it a loss and reinstalling.

[leadeater]

8 minutes ago, Master Disaster said:

Thanks for the help, I really do appreciate it but I have to agree with Leadeater on this one, even if I did fix this I don't think I'd ever be able to trust it again and it is my one public facing server that hosts my website and a few other web services.

 

I'm biting the bullet, calling it a loss and reinstalling.

Got backups bro? 

 

Every time this happens to me I always kick myself for not bothering to do backups of my home/lab stuff, I never learn though.

[Jarsky]

1 minute ago, Master Disaster said:

Thanks for the help, I really do appreciate it but I have to agree with Leadeater on this one, even if I did fix this I don't think I'd ever be able to trust it again and it is my one public facing server that hosts my website and a few other web services.

 

I'm biting the bullet, calling it a loss and reinstalling.

No problem, it at least might be a good band aid to get stability and some security back in it to keep the server up while you rebuild and harden the replacement server. 

This is one of the good reason of why I run VM's, I do full backups of the VM disks every week, and snapshot the machine before I do any major work; even only being my home personal machines 

 

P.S moving forward, if you just want to allow file listing on a single directory. In your webserver config make sure you specify "AllowOverride", and then put an .htaccess file in the directory you want to allow with Options +Indexes. So your apache conf will look something like this:

 

<Directory /var/www/>
        Options -Indexes FollowSymLinks
        AllowOverride All
        Require all granted
</Directory>

 

[Master Disaster]

Just now, leadeater said:

Got backups bro? 

 

Every time this happens to me I always kick myself for not bothering to do backups of my home/lab stuff, I never learn though.

Honestly, I don't consider any of it valuable enough to warrant the space for backing up. I've taken my Apache configs because I have some with proxy & rewrite rules that took me a while to get right but other than that, its nothing I cannot just redownload. Its only time. Luckily my SQL server is on my NAS so I've not lost anything from that.

 

1 minute ago, Jarsky said:

No problem, it at least might be a good band aid to get stability and some security back in it to keep the server up while you rebuild and harden the replacement server. 

This is one of the good reason of why I run VM's, I do full backups of the VM disks every week, and snapshot the machine before I do any major work; even only being my home personal machines 

 

P.S moving forward, if you just want to allow file listing on a single directory. In your webserver config make sure you specify "AllowOverride", and then put an .htaccess file in the directory you want to allow with Options +Indexes. So your apache conf will look something like this:

 

<Directory /var/www/>
        Options -Indexes FollowSymLinks
        AllowOverride All
        Require all granted
</Directory>

 

You want to know the REALLY bad thing? This is in a VM