The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Cannot delete file as root?

Discussion in 'General Discussion' started by screege, Sep 4, 2010.

  1. screege

    screege Well-Known Member

    Joined:
    Aug 11, 2004
    Messages:
    186
    Likes Received:
    0
    Trophy Points:
    16
    Hi recently a site in my server was hacked (was using oscommerce) I terminated the site but found still the directory under /home is active, when trying to delete the /home directory/user it says permission denied, going deep in the directory I saw there is a bunch of .php files in there when giving rm -r -f still gives me permission denied, I have putted the files with chmod 777 even chowned them to root and nothing I just can't simply delete the files.

    root@server1 paypal]# rm -R -f *
    rm: cannot remove `bimar.php': Permission denied
    rm: cannot remove `Confirm.php': Permission denied
    rm: cannot remove `Continue.php': Permission denied
    rm: cannot remove `error_login.htm': Permission denied
    rm: cannot remove `error_login.php': Permission denied
    rm: cannot remove `errors.txt': Permission denied
    rm: cannot remove `index.php': Permission denied
    rm: cannot remove `lettre.html': Permission denied
    rm: cannot remove `mailer.php': Permission denied
    rm: cannot remove directory `paypal': Permission denied
    rm: cannot remove `Processing.php': Permission denied
    rm: cannot remove `redirec.js': Permission denied
    rm: cannot remove `Submit.php': Permission denied
    rm: cannot remove `Thanks.php': Permission denied
    rm: cannot remove `webscr.php': Permission denied

    Can anyone please help?

    Regards
     
    #1 screege, Sep 4, 2010
    Last edited: Sep 4, 2010
  2. screege

    screege Well-Known Member

    Joined:
    Aug 11, 2004
    Messages:
    186
    Likes Received:
    0
    Trophy Points:
    16
    Also I tried to change directory poermissions to 777 untill I get to the particular one which holds the files:

    [root@server1 download]# ls -l
    total 4
    d--------- 3 32101 32103 4096 Sep 4 00:12 paypal

    [root@server1 download]# chmod 777 paypal
    chmod: changing permissions of `paypal': Operation not permitted
    [root@server1 download]# ls -l
    total 4
    d--------- 3 32101 32103 4096 Sep 4 00:12 paypal
    [root@server1 download]# chown root paypal
    chown: changing ownership of `paypal': Operation not permitted
    [root@server1 download]# ls
    paypal

    But cannot change permission or ownership can anyone please help?

    Regards
     
  3. WebScHoLaR

    WebScHoLaR Well-Known Member

    Joined:
    Dec 14, 2005
    Messages:
    511
    Likes Received:
    2
    Trophy Points:
    18
    Location:
    Planet Earth
    Please run the following command and paste the output:

     
  4. cPanelDon

    cPanelDon cPanel Quality Assurance Analyst
    Staff Member

    Joined:
    Nov 5, 2008
    Messages:
    2,557
    Likes Received:
    7
    Trophy Points:
    38
    Location:
    Houston, Texas, U.S.A.
    cPanel Access Level:
    DataCenter Provider
    Twitter:
    I agree that inspecting the directory contents for special attributes should be performed. It is possible that the directory and or its contents may have certain restrictive attributes applied, such as the immutable "i" attribute that may be set using "chattr" and viewed using "lsattr" as indicated by the example command posted by WebScHoLaR.

    For usage information, please review the applicable help and manual "man" documentation using the following commands, entered via SSH access:
    Code:
    # man lsattr
    # man chattr
    When using "lsattr" to view the directory listing I would consider adding the "-a" switch to ensure the displayed output includes files and directories that may have a name beginning with a period (e.g., Apache ".htaccess" files):
    Code:
    # lsattr -a
    # lsattr -a directory_or_file_name
    # lsattr -a /full/path/to/directory_or_file
    # lsattr -a /path/one /path/two /path/three
     
  5. mohit

    mohit Well-Known Member

    Joined:
    Jul 12, 2005
    Messages:
    553
    Likes Received:
    0
    Trophy Points:
    16
    Location:
    Sticky On Internet
    while 2 experts have already posted their expert take on this.

    Are you able to create/remove directories on other folders in the server ?

    I just want you to check that root user you are logged in, is superuser.
    may be the hacker altered access permission on user root.

    Also letting cpanel team analyze your server could help identifying any security holes.
     
  6. konrath

    konrath Well-Known Member

    Joined:
    May 3, 2005
    Messages:
    367
    Likes Received:
    0
    Trophy Points:
    16
    Location:
    Brasil
    Try

    chattr -i bimar.php

    rm bimar.php -rf
     
    #6 konrath, Sep 4, 2010
    Last edited: Sep 4, 2010
  7. screege

    screege Well-Known Member

    Joined:
    Aug 11, 2004
    Messages:
    186
    Likes Received:
    0
    Trophy Points:
    16
    Ok first thing:

    [root@server1 download]# lsattr paypal
    ------------- paypal/error_login.php
    ------------- paypal/Submit.php
    ------------- paypal/bimar.php
    ------------- paypal/index.php
    ------------- paypal/mailer.php
    ------------- paypal/paypal
    ------------- paypal/Thanks.php
    ------------- paypal/Processing.php
    ------------- paypal/webscr.php
    ------------- paypal/errors.txt
    ------------- paypal/Continue.php
    ------------- paypal/Confirm.php
    ------------- paypal/redirec.js
    ------------- paypal/error_login.htm
    ------------- paypal/lettre.html

    Then

    [root@server1 paypal]# chattr -i bimar.php
    [root@server1 paypal]# rm bimar.php
    rm: remove regular file `bimar.php'? y
    rm: cannot remove `bimar.php': Permission denied
    [root@server1 paypal]#

    Also:

    [root@server1 relojeri]# mkdir prueba
    [root@server1 relojeri]# ls
    access-logs cpbackup-exclude.conf error_log etc mail prueba public_ftp public_html tmp www
    [root@server1 relojeri]# rm -r prueba
    rm: remove directory `prueba'? y
    [root@server1 relojeri]#

    [root@server1 relojeri]# id
    uid=0(root) gid=0(root) groups=0(root),1(bin),2(daemon),3(sys),4(adm),6(disk),10(wheel)

    Thanks a lot
     
    #7 screege, Sep 5, 2010
    Last edited: Sep 5, 2010
  8. Infopro

    Infopro cPanel Sr. Product Evangelist
    Staff Member

    Joined:
    May 20, 2003
    Messages:
    14,460
    Likes Received:
    195
    Trophy Points:
    63
    Location:
    Pennsylvania
    cPanel Access Level:
    Root Administrator
    Twitter:
    Try this instead logged in as root:

    chown -R screege:screege /home/screege/public_html/path/to/paypal

    Of course change screege username to the account username and the path to where ever that directory is located. It's always safer to use the full path, IMHO.

    Might help.
     
  9. screege

    screege Well-Known Member

    Joined:
    Aug 11, 2004
    Messages:
    186
    Likes Received:
    0
    Trophy Points:
    16
    [root@server1 download]# chown -R root:root /home/imprimel/public_html/download/paypal
    chown: changing ownership of `/home/imprimel/public_html/download/paypal': Operation not permitted
     
  10. konrath

    konrath Well-Known Member

    Joined:
    May 3, 2005
    Messages:
    367
    Likes Received:
    0
    Trophy Points:
    16
    Location:
    Brasil
    Strange.

    I saw that you created a directory with success.

    If you can not create directories and files, I would recommend a FSCK

    You've asked for help in the datacenter?
     
  11. screege

    screege Well-Known Member

    Joined:
    Aug 11, 2004
    Messages:
    186
    Likes Received:
    0
    Trophy Points:
    16
    chattr -i did the trick

    Thanks for your replies =o)
     
Loading...

Share This Page