Accidently ran "chown www-data:www-data / -R" as root

Solution 1:

Redhat user:

chown 0:0 /bin/rpm && rpm -qa | xargs rpm --setugids

Debian/Ubuntu user:

chown 0:0 /bin/*  /usr/bin/*
chown daemon:daemon /usr/bin/at
chown 0:utmp /usr/bin/screen
chmod 02755 /usr/bin/screen
chmod u+s /bin/fusermount /bin/mount /bin/su /bin/mount
chmod u+s /usr/bin/sudo /usr/bin/passwd
screen

While screen is running do this at least twice:

dpkg --get-selections | awk '{ if ($2 == "install") print $1}' \
    | xargs apt-get install --reinstall --

Pay very close attention to the output because if it complains about something having the wrong permissions, you should fix it on another screen window.

Crash course in screen:

Control+A     - command key
Control+A a   - emit a control+A
Control+A n   - next "screen"
Control+A c   - create "screen"

Solaris user:

You're fucked.

pkgchk -R / -f -a

will reset all the permissions, but setuid-ness will still be broken. Use a backup, or another solaris machine to look for setuid/setgid scripts and files and fix them up manually.

THE IMPORTANT THING ABOUT BACKUPS

Is that you can recover them, not that you take them.

Other people have given you advice to take backups, but I want to add that you should be testing them. If you're using a unixish system, there is no reason whatsoever that you can't dump the files onto another machine periodically and make sure everything works.

Solution 2:

Most everything in /bin/ should be owned by root:root, so if you run the following you can fix the ownership on those files:

chown root:root -R /bin/

You may also want to make sure the setuid bit is properly set on /bin/su, which you can fix with the following:

chmod 4755 /bin/su

Solution 3:

Be aware that the set-uid flags on any affected binaries may have been removed, too; this is a security feature of chown. Check with some other system which binaries have the set-uid or set-gid flags and be sure to set them on your binaries as well.

Solution 4:

I was going to explain the details of using RPM to reset file permissions, but I've found a site with a lot more information. It does also mention that Ubuntu/Debian (so .debs in general) don't support it.

But in general the option your looking for would be along the lines:

rpm --setugids {packagename}

Solution 5:

If this was a debian system, I'd aptitude reinstall everything.

Tags:

Linux

Ubuntu

Root

Chown

Recent Posts