the root of all stupidity
Hi
In a stupid moment of madness, all the files on a cpanel server recently had their ownership modified to root. Can anyone tell me if I need to reinstall the server software from scratch or is this not a big issue. All the user directories have been updated (their permissions re-established so that Perl scripts and mailboxes work) but what other security problems has this moment of madness created?
Many thanks in advance for your support and advice.
as far as I know cpanel files were always chowned as root.
couple things that might helpOriginally Posted by oinkmedia
/scripts/upcp --force
/scripts/mailperms
there might be a couple other files in the scripts directory that will fix some permission errors. you have ownership issues also. There may be a rebuild script that will address the home ownerships as well.
Just keeping my "eye" on things....
R. Paul Mathews
RPMWS - diehard cPanel Nutcase
Also you can run the following to ensure all users files are correctly owned.
You can do this running the following commands in shell as root;
for CPAccess in `ls -A /var/cpanel/users`; do chown -R $CPAccess:$CPAccess /home/$CPAccess; done
for CPAccess in `ls -A /var/cpanel/users`; do chown -R $CPAccess:mail /home/$CPAccess/etc /home/$CPAccess/mail; done
for CPAccess in `ls -A /var/cpanel/users`; do chown -R $CPAccess:nobody /home/$CPAccess/public_html; done
Regards,
David
Forum Moderator
It's worthwhile checking before contributing to a discussion. System files are owned by a whole variety of users, so it's not trivial to restore after a mishap like this, and yes, some things won't work. I haven't experienced this exact situation myself so I can't tell you how much (or little) won't work, but perhaps one of the gurus will come past here and share their experience ...
I'd either reinstall, or look at grabbing the user and group ownership information off a working system with similar config. You can then restore this to your broken system and you should get 99% coverage. Even better, you might be able to get usership information off a recent backup.
The fastest way to recover the ownerships would be to write an awk or perl script to run the chown command on each file based on the ownership information you recovered via the above.
Good luck, what a pain!
exactally!!!! there is a script somehwre that basically does this here. But this info here deserves a sticky.. this would do it for what I was getting at. Then you just have the issue with other services and logs and things like that .was it just ownership? or was it also permissions?? I would check make sure all services are working and run tail -f on the messages log and see if anything shows up in there ..that would point you to where and what to fix. you know thinking about it ..this couldn't hurt security ..only break things ..I can't imagine it making the box less secure anyway ..seeing that root is as high as you can go. Now if permissions were also opened up then you could have security issues from this. correct me if I am wrong guys.
Just keeping my "eye" on things....
R. Paul Mathews
RPMWS - diehard cPanel Nutcase
Thanks for the suggestions so far guys. Permissions were not changed only the ownership.
Permissions vs Ownership
Perhaps i am just a dumb noob but if ownership is changed how is it that the respective users are will have permission to read/write/execute?
-Xyber.
He changed ownership back on the user files! Ownership is not as critical for many system files, there are just a few that could cause problems.
he could also do things like eximup , mysqlup .. easy steps that may correct any ownerships as well as easyapache
Just keeping my "eye" on things....
R. Paul Mathews
RPMWS - diehard cPanel Nutcase
LinkBack URL
About LinkBacks
Reply With Quote