Inadvertently nuked my disk permission structure - why?

permissions chown

I was trying to chown within /opt and for some reason chown jumped up to the parent and chowned everything.

Can anyone suggest why/how this might happen, and how to avoid doing it in future? It's a bit concerning that running a command in a given dir can effectively jump up and run it in root dir.

ubuntu: /opt > sudo chown -R root:www-data .*
chown: changing ownership of '../var/lib/lxcfs/proc/cpuinfo': Operation not permitted
chown: changing ownership of '../var/lib/lxcfs/proc/meminfo': Operation not permitted
chown: changing ownership of '../var/lib/lxcfs/proc/stat': Operation not permitted
chown: changing ownership of '../var/lib/lxcfs/proc/uptime': Operation not permitted
chown: changing ownership of '../var/lib/lxcfs/proc/diskstats': Operation not permitted
chown: changing ownership of '../var/lib/lxcfs/proc/swaps': Operation not permitted
chown: changing ownership of '../var/lib/lxcfs/proc': Operation not permitted
chown: changing ownership of '../var/lib/lxcfs/cgroup/devices': Operation not permitted
chown: changing ownership of '../var/lib/lxcfs/cgroup/blkio': Operation not permitted
chown: changing ownership of '../var/lib/lxcfs/cgroup/hugetlb': Operation not permitted
chown: changing ownership of '../var/lib/lxcfs/cgroup/rdma': Operation not permitted
chown: changing ownership of '../var/lib/lxcfs/cgroup/pids': Operation not permitted
chown: changing ownership of '../var/lib/lxcfs/cgroup/freezer': Operation not permitted
chown: changing ownership of '../var/lib/lxcfs/cgroup/cpuset': Operation not permitted
chown: changing ownership of '../var/lib/lxcfs/cgroup/memory': Operation not permitted
chown: changing ownership of '../var/lib/lxcfs/cgroup/perf_event': Operation not permitted
chown: changing ownership of '../var/lib/lxcfs/cgroup/cpu,cpuacct': Operation not permitted
chown: changing ownership of '../var/lib/lxcfs/cgroup/net_cls,net_prio': Operation not permitted
chown: changing ownership of '../var/lib/lxcfs/cgroup/name=systemd': Operation not permitted
chown: changing ownership of '../var/lib/lxcfs/cgroup/unified': Operation not permitted
chown: changing ownership of '../var/lib/lxcfs/cgroup': Operation not permitted
chown: changing ownership of '../var/lib/lxcfs': No such file or directory
^C
:ubuntu: /opt >

Solution 1:

The shell glob .* matches .. (the parent directory) in this case unfortunately that's /:

steeldriver@t400s:/opt$ ls .*
.:

..:
bin  boot  cdrom  dev  etc  home  initrd.img  initrd.img.old  lib  lib32  lib64
libx32  lost+found  media  mnt  opt  proc  root  run  sbin  snap  srv  swapfile  sys
tmp  usr  var  vmlinuz  vmlinuz.old

For additional discussion see:

  • Does “chmod 777 .* -R” chmod parent directories (..)?
  • how to glob every hidden file except current and parent directory

Solution 2:

This happened because you used:

sudo chown -R root:www-data .*

when you should have used this instead:

sudo chown -R root:www-data ./*

First, -R is recursive for all directories under the target directory.

Additionally, * will match all files and directories under the current directory. Next, .* will match all files and directories one level above the current directory.

To avoid this in the future, you can use the ls command to verify the path before you execute the chown command like in these examples:

ls -a ./*
ls -a *
ls -a .*
ls -a ../*

Another way to avoid this is to always use the full path to the directory you wish to run a command to.

Here is an example:

sudo chown -R root:www-data /opt/*

Edit:

You can use the following command to chmod all hidden files or directories directly under /opt (assuming the first character after the . that makes them hidden is a letter, a number, a dash or an underscore which should be true for most files). 

for i in /opt/.[A-Za-z0-9-_]*; do sudo chmod root:www-data "/opt/$i"; done

You can verify what files this will chmod by running the following command:

ls /opt/.[A-Za-z0-9-_]*

The first part of the command: for i in /opt/.[A-Za-z0-9-_]* says that, for all the results of the glob /opt/.[A-Za-z0-9-_]* assign each result to the variable "i".

The glob here says that the first character must be . and that the next character [A-Za-z0-9-_] must be any character that is A-Z or a-z or any number 0-9 or a - or a _.

This will exclude the results . and .. which represent the current directory and the directory above the current directory and will only include hidden files and directories.

The second part of the command: do sudo chmod root:www-data "/opt/$i" says to run the command for all variables that match the current value of $i.

The third part of the command: done says that I am finished.

Additionally, you used the -R option with chmod and the -R option is recursive and will apply to all directories and files.

When you only only use the chmod command with no options, the command will only apply to the specific file or directory you gave it and will not apply recursively to directories.

Related

How to start xampp GUI
How to open Mac documents .page, on LibreOffice
Install Ubuntu without making Windows license void
Why is this python script running in background consuming 100 % CPU?
Which Norton Commander style filemanager do you recommend?
Alternatives to Google Notifier
How to enforce sandbox rules for the particular app?
Can I re-use an email address for a new Apple ID that was previously a secondary email address?
Don't Sleep Network Connection / VPN
Stop blue dots from appearing next to updated apps?
Software to draw on the trackpad
Newest version of HomeBrew, versions no longer supported