4

Background: I made a rookie mistake on a Ubuntu 14.04 VM & recursively changed the permissions on the /etc folder. I've been restoring them to default 1 directory at a time, using a fresh VM as a model and looking up the proper permissions at apt-browse.org when the files don't exist on the 'model' VM. When I got to the /etc/skel directory, the permissions were 660 on .bash_logout, .bashrc, and .profile, but according to the model & apt-browse.org, they should be 644. After browsing to /etc/skel, I ran sudo chmod 644 .* and then ran ls -la.

From that point forward I could no longer invoke sudo, nor could I run any shell commands, including browsing, listing files, etc. See

x@Y:/etc/sgml$ cd /etc/skel/ && ls -la
total 28
drwxr-xr-x   2 root root  4096 Oct 10  2014 .
drwxr-xr-x 129 root root 12288 Sep 12 15:39 ..
-rw-rw----   1 root root   220 Mar 18  2013 .bash_logout
-rw-rw----   1 root root  3637 Apr 23  2014 .bashrc
-rw-rw----   1 root root   675 Mar 28  2013 .profile
x@Y:/etc/skel$ sudo chmod 644 *
chmod: cannot access '*': No such file or directory
x@Y:/etc/skel$ sudo chmod 644 .*
x@Y:/etc/skel$ ls -la
ls: cannot open directory .: Permission denied
x@Y:/etc/skel$ sudo ls -la
sudo: unable to stat /etc/sudoers: Permission denied
sudo: no valid sudoers sources found, quitting
sudo: unable to initialize policy plugin
x@Y:/etc/skel$ sudo su
sudo: unable to stat /etc/sudoers: Permission denied
sudo: no valid sudoers sources found, quitting
sudo: unable to initialize policy plugin

Original screenshot

Additionally, the websites on the server now throw a 403 error: You don't have permission to access / on this server. Server unable to read htaccess file, denying access to be safe

I don't have physical access to the server, so recovery mode boot is problematic. Also, why did this permission change break things? According to the documentation, it was the right thing to do.

TheWanderer
  • 19,525
  • 12
  • 52
  • 65
Chris J. Zähller
  • 53
  • 6

1 Answers1

3

You ran

cd /etc/skel
sudo chmod 644 .*

.* will find all .files (including directories) in the current working directory and the current working directory itself, and the parent directory. You applied mode 644 to these:

.            <-- problem here as it's the working directory
..           <-- big problem here as it's the /etc directory
.bash_logout  
.bashrc  
.config      <-- problem here as it's a directory
.profile

The reason nothing worked was that you removed execute permission on the current working directory. That means you didn't have permission to be there!

Directories must have execute permission to be entered or searched. It's kind of an edge case to be inside a directory when execute permission is removed from it, but in that situation you will get permission denied for almost every command.

You can cd out of the directory, but you will not be able to fix the permissions without rebooting because the sudoers file (in /etc) cannot be read.

You can either

  • boot in recovery mode, start a root shell and mount the filesystem read write by doing mount -o remount,rw /

  • boot into a live session and mount the root partition: sudo mount /dev/sdxY /mnt (replace /dev/sdxY with the correct name of the root partition) then cd /mnt

You didn't do chmod -R (thankfully!) so you only have to fix three things. In recovery do (the same but with sudo and without the first / in the paths from /mnt in a live session)

chmod 755 /etc
chmod 755 /etc/skel
chmod 755 /etc/skel/.config

to restore the correct permissions.

Zanna
  • 72,312