chown -R in root accident

Portal Home > Knowledgebase > Articles Database > chown -R in root accident

Posted by TRIBOLIS, 11-23-2006, 12:31 AM
Hi, I accidently put chown -R username:username * in /root and there is no way to revert? (I forgot to cd directory before chown ownership). I was hoping if there is another way to fix it such as default chown or chown each directories exim, cpanel and whole systems? I have tried put chown root but /bin/su could not log in as permission denied so I tried to chmod /bin/su in the wheel group but the password failed when tried log in. (I opened another SSH because I didn't want to log out in first SSH). The server management said I require OS reload but I paid it few days ago and do not want to pay again. Thanks
Posted by Lightwave, 11-23-2006, 02:18 AM
Have them boot from a livecd, start up SSH so you can login, mount the existing partitions... and fix the directory ownerships that way.
Posted by Steven, 11-23-2006, 02:19 AM
If you can get a livecd / rescue cd in the server it can be fixed up.
Posted by insanelymacintosh, 11-23-2006, 02:22 AM
Why not chown the folders back to root? chown -R root:root /etc/ chown -R root:root /bin/ chown -R root:root /sys/ and the rest...
Posted by TRIBOLIS, 11-23-2006, 04:21 AM
I have contacted management to get livecd, they said they don't have one on hand. They'll see if the day shift tech can bring one in with him when he gets here. kingshosting, do you have any more commands from you said and the rest? I used chown -R root:root * to go back but not sure if they are right. SSH is unable to access as it says: -bash-3.00$ su Password: su: incorrect password (it is correct pass) -bash-3.00$ Thanks for your help. Last edited by TRIBOLIS; 11-23-2006 at 04:26 AM.
Posted by Russ Foster, 11-23-2006, 05:00 AM
Do you have direct root SSH access and which OS is it?
Posted by The3bl, 11-23-2006, 05:09 AM
Does the username you chowned everything to have ssh access to the box? If so try logging in as that user to ssh and then start chowning things back to root. Try logging in with the root password and that user name even if they do not have ssh access it may work.
Posted by localhost127, 11-23-2006, 05:13 AM
Users cannot chown files to root. He's going to have to either get a root shell and restore the permissions himself, or get someone to boot a livecd (or in single user mode) as suggest above to do it. Additionally, the reason that su no longer works (for those wondering) is likely because it is a setuid binary. Since it is no longer owned to root, it will just run as the unprivileged user which is useless.
Posted by TRIBOLIS, 11-23-2006, 05:15 AM
a2b2, yes I have disabled direct root login and it is CentOS.
Posted by TRIBOLIS, 11-23-2006, 05:32 AM
It is / not /root directory. All system folders have changed ownership as I did try revert root ownership. Still get this error: -bash-3.00$ su Password: su: incorrect password (it is correct pass) -bash-3.00$ They are in second SSH program. The first one I am still in.. I won't log out because I don't want to locked out (support could not access except me).
Posted by Russ Foster, 11-23-2006, 05:37 AM
A wild shot but does sudo -s work?
Posted by localhost127, 11-23-2006, 05:37 AM
Run this and then try again. Make sure you copy and paste it so its not mistyped: If it still doesn't work, run the following command and paste the result here
Posted by The3bl, 11-23-2006, 05:55 AM
Depends on what privileges that user had and if he can log in as that user and escalate his privileges. Your right about that but if he just chowned everything on the box to that username , I do not know if that username is now for all practical reasons now root super user. It is a long shot at best, if it does not work then he has no choice but to wait for the data center to boot the system using livecd and change the ownerships back to root.
Posted by localhost127, 11-23-2006, 05:59 AM
Unfortunately owning everything to another user does not make that user root (this is really a good thing for TRIBOLIS). The 'su' binary requires it's UID to be 0 (root) in order to actually work. He says that he left the shell open so he does have a root shell. If this is the case then it is just a matter of repairing the correct permissions.
Posted by The3bl, 11-23-2006, 06:04 AM
I did say it was a long shot. Yes I agree. But he says he has root open but it is not letting him chown things back to root so either he does not have root or root has lost permissions or the username he chowned it to is now root. I really think he is stuck until livecd or OS reload is done.
Posted by TRIBOLIS, 11-23-2006, 06:07 AM
Ok my first SSH program I left open: root@host [~]# chown root:wheel `which su` root@host [~]# ls -l `which su` -rwxr-x--- 1 root wheel 60772 Aug 13 06:26 /bin/su* root@host [~]# Isn't that good result? This is second SSH program to log in SSH, here is: -bash-3.00$ sudo -s We trust you have received the usual lecture from the local System Administrator. It usually boils down to these two things: #1) Respect the privacy of others. #2) Think before you type. Password: myusernamexx is not in the sudoers file. This incident will be reported. -bash-3.00$ myusernamexx = same for the root disabled. I'm not sure what you mean about root open and ssh open. I have SSH program open and I am in. I am not really sure if I am really 'root'. I am able to chown/permission users' accounts from restored the backup but the sites aren't working. Here is what Support said, hope it'll clear. I think you did something because I just tried to log in to see what the problem was and now it's not letting me su to root. -bash-3.00$ su -bash: /bin/su: Permission denied If you want us to be able to look at what the problem is after you've fixed permissions, you need to change this back so we can get in. ----- I believe you just seriously messed up the server. You changed ownership of numerous system files by using the asterisk. root@host [/]# chown -R xxxuser:xxxuser * (it is what I accidently for not used cd directory first before use chown) That changed the owner of every file on the system to that user After Support said that. So I chown -R root:root * then no errors. But I think it already screwed the / system folders to change the ownership. Thanks guys! Last edited by TRIBOLIS; 11-23-2006 at 06:21 AM.
Posted by localhost127, 11-23-2006, 06:14 AM
Looks like permissions are screwed up on your su binary. Run this command:
Posted by TRIBOLIS, 11-23-2006, 07:16 AM
ok, I've done that: root@host [~]# ls -l `which su` -rwsr-x--- 1 root wheel 60772 Aug 13 06:26 /bin/su* <-- red colour. Before was green. So what's next now?
Posted by TRIBOLIS, 11-23-2006, 07:33 AM
Edited: can't edit my post after 15 mins) I forgot to show you the wheel. root@host [~]# chown root:wheel `which su` [1] Killed chown -R otheruserxxtheruserxx * (wd: /) (wd now: ~) otheruserxx = not my root username, it's the same from what I did accidently.
Posted by Anonymous Coward, 11-23-2006, 08:39 AM
That's good. Green means it's an ordinary executable; red means the executable runs with the owner's UID (suid), in this case root's. The su command should work at this point.
Posted by TRIBOLIS, 11-23-2006, 08:52 AM
So that means my SSH has killed 'otheruserxx' and su will work with root?
Posted by TRIBOLIS, 11-23-2006, 09:41 AM
Everything is fine now. The outside tech has finally contacted me as he has fixed chown - home and permission. Also support finally had rescue disk. Should be work soon. Thank you guys so much for helping!
Posted by TRIBOLIS, 11-26-2006, 02:34 AM
Just let you know, the rescue disk went back the same and could not access SSH. The su and /home directory were worked before the server crashed. The technical support did not help very much, asked me to pay $70 support hourly or another OS reload. Then I asked for the rescue disk you told me to. After they installed rescue disk, I hired the outside tech, said I do not need OS reload, just fix the su and permission folders. He could not access the live cd to set the folders permission and asked technical support to give us the permission. The support got tired of dealing with me and plugged my server out, refunded straight away. They accused me of lying to them. I just followed what my tech asked me to. How unprofessional they are. I did not want to pay for $70 hourly or OS reload because I listened to you and my tech (I have saved money not to pay another OS reload, lucky yeah) while fixed the su from this forum after requested rescue disk. I got su worked then support replied the rescue disk is installing. I could not stop them because I thought it might be fix or go back to normal. Oh well... After they plugged my server out, I immediately looked for another different provider after quick reviews and my dedicated provider list.
Posted by Hosting55, 08-30-2008, 04:39 AM
Hello! I'm accidently made the same... did chown -R dothu:dothu / I think I'm only messed up the sys folder: image here: inside the sys folder image here What do you think is it enough to do chown -R root:root /sys ?? also I need to restore root:root to quota.user file as you can see in the first link? Zoltan
Posted by Patrick, 08-30-2008, 09:57 AM
What happened, did you issue the chmod command and stop it as soon as you noticed that it was recursive against the entire file system? It does appear that only /sys was affected, so yes you can chmod -R root:root /sys and chmod root:root /quota.user to restore the permissions. Just to make sure, run the following command to see if any other files are owned by dothu outside of the home directory: find / -user dothu | grep -v /home/dothu