Please whitelist cPanel in your adblocker so that you’re able to see our version release promotions, thanks!

The Community Forums

Interact with an entire community of cPanel & WHM users!

Changed group to 'nobody' of all files.. how to secure server again

Discussion in 'General Discussion' started by Miss Jacky, Mar 13, 2006.

  1. Miss Jacky

    Miss Jacky Well-Known Member

    Joined:
    Mar 4, 2004
    Messages:
    91
    Likes Received:
    0
    Trophy Points:
    156
    Hi,

    Mistyped . with / and I had "chgrp -R nobody /" running for a while... *aaa*

    So now I have a lot of files with group 'nobody' which aren't supposed to be that way... any tips on securing the most important files, or getting things generally fixed again?

    Thanks in advance for any response, laughter included.
     
  2. Miss Jacky

    Miss Jacky Well-Known Member

    Joined:
    Mar 4, 2004
    Messages:
    91
    Likes Received:
    0
    Trophy Points:
    156
    mysql and mail problems all over now due to this group change. Could anyone help me maybe with some example directory listings of important mail/mysql dirs to see what group the files have?

    tnx!!
     
  3. richy

    richy Well-Known Member

    Joined:
    Jun 30, 2003
    Messages:
    276
    Likes Received:
    1
    Trophy Points:
    168
    On the whole server? *gulp*

    Have a look in /scripts/ , there should be some scripts to help - but I doubt there's an easy way to do this.
     
  4. dgbaker

    dgbaker Well-Known Member
    PartnerNOC

    Joined:
    Sep 20, 2002
    Messages:
    2,574
    Likes Received:
    3
    Trophy Points:
    343
    Location:
    Toronto, Ontario Canada
    cPanel Access Level:
    DataCenter Provider
    The best you might be able to do if you have another server, is go directory by directory and match them up. If home permissions are messed up, I did have script somewhere in the forum (can't remember where at the moment) that fixed those permissions. But /usr /var are the real critical ones you'll need to match back up.

    If I can, I'll try and find the /home script (unless someelse knows off-hand what thread it was in).
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  5. Miss Jacky

    Miss Jacky Well-Known Member

    Joined:
    Mar 4, 2004
    Messages:
    91
    Likes Received:
    0
    Trophy Points:
    156
    Thanks for the info, that /home script would be great

    Don't have access to another server :-( Second one coming soon, I wish we had it already so I had a mirror to look at..

    Some mysql sites actually do work! But most get:

    Warning: mysql_pconnect(): Can't connect to local MySQL server through socket '/var/lib/mysql/mysql.sock' (13) in /home/USER/public_html/Connections/script.php on line 9

    Fatal error: Can't connect to local MySQL server through socket '/var/lib/mysql/mysql.sock' (13) in /home/USER/public_html/Connections/script.php on line 9

    Could that be a hint for a mysql solution?
     
  6. spector

    spector Well-Known Member

    Joined:
    Jun 27, 2005
    Messages:
    51
    Likes Received:
    0
    Trophy Points:
    156
    chown mysql:mysql /var/lib/mysql -R
    however I doubt this is permision problem with mysql socket. Rather mysql server is NOT RUNNING
     
  7. Miss Jacky

    Miss Jacky Well-Known Member

    Joined:
    Mar 4, 2004
    Messages:
    91
    Likes Received:
    0
    Trophy Points:
    156
    I did chown mysql:mysql /var/lib/mysql -R, and the mysql server is running, but the problem remains.

    What I really need is a directory (ownership) listing of mysql dirs etc... or a 'list-only' login on a fedora cpanel server :s so I can match the ownerships

    anyone?
     
  8. spector

    spector Well-Known Member

    Joined:
    Jun 27, 2005
    Messages:
    51
    Likes Received:
    0
    Trophy Points:
    156
    all mysql dirs and files are to be owned by user mysql. Socket is accessible by any program because /var and /var/lib and /var/lib/mysql and /var/lib/mysql/mysql.sock should have permissions to be readable by anyone (world permissions).

    I suggest to confirm if mysql server is really running
    ps -u mysql

    and if not then check logfile in /var/lib/mysql/hostname.err

    I might not know all but about mysql I know much, because I host mysql4 and mysql5 simultaneously with own interface, instalation(...)
     
  9. sawbuck

    sawbuck Well-Known Member

    Joined:
    Jan 18, 2004
    Messages:
    1,366
    Likes Received:
    6
    Trophy Points:
    168
    cPanel Access Level:
    Root Administrator
  10. Miss Jacky

    Miss Jacky Well-Known Member

    Joined:
    Mar 4, 2004
    Messages:
    91
    Likes Received:
    0
    Trophy Points:
    156
    outside of /var/lib/mysql, is there anywhere else files should have 'mysql' as group?

    ps -u mysql confirms that the server is running

    /var/lib/mysql/hostname.err:
    060313 19:47:32 mysqld started
    060313 19:47:32 Warning: Asked for 196608 thread stack, but got 126976
    060313 19:47:32 InnoDB: Started
    /usr/sbin/mysqld: ready for connections.
    Version: '4.0.20-standard' socket: '/var/lib/mysql/mysql.sock' port: 3306

    Maybe upgrading mysql to get things working again? I'm a little scared the upgrade will go bananas with the groups messed up like this.

    That /home script did something, altough it's not a 100% succesfull it seems, leaves some users unaffected. But thanks anyway!
     
  11. Miss Jacky

    Miss Jacky Well-Known Member

    Joined:
    Mar 4, 2004
    Messages:
    91
    Likes Received:
    0
    Trophy Points:
    156
    Mysql problem is solved by adding public read and execute permissions to the /var/lib/mysql folder.

    Is this insecure in any way?
     
Loading...

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice