Wise people learn when they can; fools learn when they must - Arthur Wellesley

Saturday, 6 May 2017

RHEL6 – 33 –RESET DEFAULT PERMISSIONS & OWNERSHIP

RHEL6 – 33 –RESET DEFAULT PERMISSIONS &                 OWNERSHIP

Well, it is very interesting to reset default perms of files and dirs. Also resetting the default ownership.

How to reset the default permission for files of particular package?

[root@rhel6-test1 ssh]# rpm --setperms <package name>


How to reset the default ownership for files of particular package?

[root@rhel6-test1 ssh]# rpm --setugids  <package name>


Great, but remember it will work only on those files which are fetched via “repoquery”

See the example,

[root@rhel6-test1 ~]# cd /etc/ssh
[root@rhel6-test1 ssh]# ls -ltr
total 160
-rw-------. 1 root root   3872 Dec 13  2012 sshd_config.org
-rw-r--r--. 1 root root   2047 Dec 13  2012 ssh_config
-rw-------. 1 root root 125811 Dec 13  2012 moduli
-rw-r--r--. 1 root root    627 Aug 30  2016 ssh_host_key.pub
-rw-------. 1 root root    963 Aug 30  2016 ssh_host_key
-rw-r--r--. 1 root root    382 Aug 30  2016 ssh_host_rsa_key.pub
-rw-------. 1 root root   1675 Aug 30  2016 ssh_host_rsa_key
-rw-------. 1 root root    668 Aug 30  2016 ssh_host_dsa_key
-rw-r--r--. 1 root root    590 Aug 30  2016 ssh_host_dsa_key.pub
-rw-r--r--. 1 root root   3872 Apr 27 18:33 sshd_config

[root@rhel6-test1 ssh]# chmod 777 *
[root@rhel6-test1 ssh]# chown raman:raman *
[root@rhel6-test1 ssh]# ls -ltr
total 160
-rwxrwxrwx. 1 raman raman   3872 Dec 13  2012 sshd_config.org
-rwxrwxrwx. 1 raman raman   2047 Dec 13  2012 ssh_config
-rwxrwxrwx. 1 raman raman 125811 Dec 13  2012 moduli
-rwxrwxrwx. 1 raman raman    627 Aug 30  2016 ssh_host_key.pub
-rwxrwxrwx. 1 raman raman    963 Aug 30  2016 ssh_host_key
-rwxrwxrwx. 1 raman raman    382 Aug 30  2016 ssh_host_rsa_key.pub
-rwxrwxrwx. 1 raman raman   1675 Aug 30  2016 ssh_host_rsa_key
-rwxrwxrwx. 1 raman raman    668 Aug 30  2016 ssh_host_dsa_key
-rwxrwxrwx. 1 raman raman    590 Aug 30  2016 ssh_host_dsa_key.pub
-rwxrwxrwx. 1 raman raman   3872 Apr 27 18:33 sshd_config

[root@rhel6-test1 ssh]# rpm -qa |grep -i openssh
openssh-5.3p1-84.1.el6.x86_64
openssh-askpass-5.3p1-84.1.el6.x86_64
openssh-clients-5.3p1-84.1.el6.x86_64
openssh-server-5.3p1-84.1.el6.x86_64

[root@rhel6-test1 ssh]# rpm --setperms openssh-5.3p1-84.1.el6.x86_64
[root@rhel6-test1 ssh]# rpm --setperms openssh-askpass-5.3p1-84.1.el6.x86_64
[root@rhel6-test1 ssh]# rpm --setperms openssh-clients-5.3p1-84.1.el6.x86_64 [root@rhel6-test1 ssh]# rpm --setperms openssh-server-5.3p1-84.1.el6.x86_64
[root@rhel6-test1 ssh]# ls -ltr
total 160
-rwxrwxrwx. 1 raman raman   3872 Dec 13  2012 sshd_config.org
-rw-r--r--. 1 raman raman   2047 Dec 13  2012 ssh_config
-rw-------. 1 raman raman 125811 Dec 13  2012 moduli
-rwxrwxrwx. 1 raman raman    627 Aug 30  2016 ssh_host_key.pub
-rwxrwxrwx. 1 raman raman    963 Aug 30  2016 ssh_host_key
-rwxrwxrwx. 1 raman raman    382 Aug 30  2016 ssh_host_rsa_key.pub
-rwxrwxrwx. 1 raman raman   1675 Aug 30  2016 ssh_host_rsa_key
-rwxrwxrwx. 1 raman raman    668 Aug 30  2016 ssh_host_dsa_key
-rwxrwxrwx. 1 raman raman    590 Aug 30  2016 ssh_host_dsa_key.pub
-rw-------. 1 raman raman   3872 Apr 27 18:33 sshd_config

[root@rhel6-test1 ssh]# rpm --setugids openssh-5.3p1-84.1.el6.x86_64 openssh-askpass-5.3p1-84.1.el6.x86_64 openssh-clients-5.3p1-84.1.el6.x86_64 openssh-server-5.3p1-84.1.el6.x86_64

[root@rhel6-test1 ssh]# ls -ltr
total 160
-rwxrwxrwx. 1 raman raman   3872 Dec 13  2012 sshd_config.org
-rw-r--r--. 1 root  root    2047 Dec 13  2012 ssh_config
-rw-------. 1 root  root  125811 Dec 13  2012 moduli
-rwxrwxrwx. 1 raman raman    627 Aug 30  2016 ssh_host_key.pub
-rwxrwxrwx. 1 raman raman    963 Aug 30  2016 ssh_host_key
-rwxrwxrwx. 1 raman raman    382 Aug 30  2016 ssh_host_rsa_key.pub
-rwxrwxrwx. 1 raman raman   1675 Aug 30  2016 ssh_host_rsa_key
-rwxrwxrwx. 1 raman raman    668 Aug 30  2016 ssh_host_dsa_key
-rwxrwxrwx. 1 raman raman    590 Aug 30  2016 ssh_host_dsa_key.pub
-rw-------. 1 root  root    3872 Apr 27 18:33 sshd_config

It worked only on 3 files… why…??

[root@rhel6-test1 ssh]# repoquery -ql "openssh*" |grep -i "/etc/ssh/*"
/etc/ssh
/etc/ssh/moduli
/etc/ssh/ssh_config
/etc/ssh/sshd_config

It will make our system usable, but don’t expect to work on user created files and dirs.

[root@rhel6-test1 ~]# rpm --setperms --setugids -f /etc/ssh/sshd_config

How to reset default permission on all installed packages?

[root@rhel6-test1 ~]# for i in $(rpm -qa); do rpm --setperms $i; done
OR
[root@rhel6-test1 ~]# rpm --setperms –a

How to reset default ownership on all installed packages?

[root@rhel6-test1 ~]# for i in $(rpm -qa); do rpm --setugids $i; done
OR
[root@rhel6-test1 ~]# rpm --setugids -a

What if I messed up with permission of several files and unable to login?


Boot the system with CD-ROM,

































After that I need to reboot the system, but reboot was not working.
I skipped to take the snapshot, but error is as follows

#shutdown –r now
#shutdown
shutdown: unable to shutdown system

#reboot
#init 0
#init 6
init: failed to connect to socket /com/ubuntu/upstart: connection refused

What I did is as,

# cat /proc/sys/kernel/sysrq
0
# echo 1 > /proc/sys/kernel/sysrq

# echo b > /proc/sysrq-trigger

Then system booted, now we have to run following.

[root@rhel6-test1 ~]# for i in $(rpm -qa); do rpm --setperms $i; done
OR
[root@rhel6-test1 ~]# rpm --setperms –a


[root@rhel6-test1 ~]# for i in $(rpm -qa); do rpm --setugids $i; done
OR
[root@rhel6-test1 ~]# rpm --setugids -a





Posted by at
Labels: ,

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)