Accidently ran "chown www-data:www-data / -R" as root

root linux ubuntu chown

I just ran this a few seconds ago. I managed to do Ctrl - C as soon as I realized what I started doing.

So far the only directory it's started going through is /bin.

I'm afraid to do anything else. So far I realized I can't use su as my normal user anymore.

Luckily I still have another root terminal open. What do I do?


Most everything in /bin/ should be owned by root:root, so if you run the following you can fix the ownership on those files:

chown root:root -R /bin/

You may also want to make sure the setuid bit is properly set on /bin/su, which you can fix with the following:

chmod 4755 /bin/su

Redhat user:

chown 0:0 /bin/rpm && rpm -qa | xargs rpm --setugids

Debian/Ubuntu user:

chown 0:0 /bin/*  /usr/bin/*
chown daemon:daemon /usr/bin/at
chown 0:utmp /usr/bin/screen
chmod 02755 /usr/bin/screen
chmod u+s /bin/fusermount /bin/mount /bin/su /bin/mount
chmod u+s /usr/bin/sudo /usr/bin/passwd
screen

While screen is running do this at least twice:

dpkg --get-selections | awk '{ if ($2 == "install") print $1}' \
    | xargs apt-get install --reinstall --

Pay very close attention to the output because if it complains about something having the wrong permissions, you should fix it on another screen window.

Crash course in screen:

Control+A     - command key
Control+A a   - emit a control+A
Control+A n   - next "screen"
Control+A c   - create "screen"

Solaris user:

You're fucked.

pkgchk -R / -f -a

will reset all the permissions, but setuid-ness will still be broken. Use a backup, or another solaris machine to look for setuid/setgid scripts and files and fix them up manually.

THE IMPORTANT THING ABOUT BACKUPS

Is that you can recover them, not that you take them.

Other people have given you advice to take backups, but I want to add that you should be testing them. If you're using a unixish system, there is no reason whatsoever that you can't dump the files onto another machine periodically and make sure everything works.


Be aware that the set-uid flags on any affected binaries may have been removed, too; this is a security feature of chown. Check with some other system which binaries have the set-uid or set-gid flags and be sure to set them on your binaries as well.

Related

How to run VMWare ESX or ESXi in a virtual machine?
What to look for in a server rack?
systemd: Grant an unprivileged user permission to alter one specific service
Debugger for Iptables
Preventing brute force attacks against ssh?
Wildcard SSL certificate for second-level subdomain
How I can identify which process is making UDP traffic on Linux?
SFTP logging: is there a way?
How do I redirect subdomains to a different port on the same server?
What solutions exist to allow the use of revision control for server configuration files? [closed]
What is a good SSH server to use on Windows? [closed]
Non-volatile cache RAID controllers: what kind of protection is there against NVCACHE failure?