The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Changed group to 'nobody' of all files.. how to secure server again

Discussion in 'General Discussion' started by Miss Jacky, Mar 13, 2006.

  1. Miss Jacky

    Miss Jacky Well-Known Member

    Joined:
    Mar 4, 2004
    Messages:
    91
    Likes Received:
    0
    Trophy Points:
    6
    Hi,

    Mistyped . with / and I had "chgrp -R nobody /" running for a while... *aaa*

    So now I have a lot of files with group 'nobody' which aren't supposed to be that way... any tips on securing the most important files, or getting things generally fixed again?

    Thanks in advance for any response, laughter included.
     
  2. Miss Jacky

    Miss Jacky Well-Known Member

    Joined:
    Mar 4, 2004
    Messages:
    91
    Likes Received:
    0
    Trophy Points:
    6
    mysql and mail problems all over now due to this group change. Could anyone help me maybe with some example directory listings of important mail/mysql dirs to see what group the files have?

    tnx!!
     
  3. richy

    richy Well-Known Member

    Joined:
    Jun 30, 2003
    Messages:
    276
    Likes Received:
    1
    Trophy Points:
    16
    On the whole server? *gulp*

    Have a look in /scripts/ , there should be some scripts to help - but I doubt there's an easy way to do this.
     
  4. dgbaker

    dgbaker Well-Known Member
    PartnerNOC

    Joined:
    Sep 20, 2002
    Messages:
    2,578
    Likes Received:
    3
    Trophy Points:
    38
    Location:
    Toronto, Ontario Canada
    cPanel Access Level:
    DataCenter Provider
    The best you might be able to do if you have another server, is go directory by directory and match them up. If home permissions are messed up, I did have script somewhere in the forum (can't remember where at the moment) that fixed those permissions. But /usr /var are the real critical ones you'll need to match back up.

    If I can, I'll try and find the /home script (unless someelse knows off-hand what thread it was in).
     
  5. Miss Jacky

    Miss Jacky Well-Known Member

    Joined:
    Mar 4, 2004
    Messages:
    91
    Likes Received:
    0
    Trophy Points:
    6
    Thanks for the info, that /home script would be great

    Don't have access to another server :-( Second one coming soon, I wish we had it already so I had a mirror to look at..

    Some mysql sites actually do work! But most get:

    Warning: mysql_pconnect(): Can't connect to local MySQL server through socket '/var/lib/mysql/mysql.sock' (13) in /home/USER/public_html/Connections/script.php on line 9

    Fatal error: Can't connect to local MySQL server through socket '/var/lib/mysql/mysql.sock' (13) in /home/USER/public_html/Connections/script.php on line 9

    Could that be a hint for a mysql solution?
     
  6. spector

    spector Well-Known Member

    Joined:
    Jun 27, 2005
    Messages:
    51
    Likes Received:
    0
    Trophy Points:
    6
    chown mysql:mysql /var/lib/mysql -R
    however I doubt this is permision problem with mysql socket. Rather mysql server is NOT RUNNING
     
  7. Miss Jacky

    Miss Jacky Well-Known Member

    Joined:
    Mar 4, 2004
    Messages:
    91
    Likes Received:
    0
    Trophy Points:
    6
    I did chown mysql:mysql /var/lib/mysql -R, and the mysql server is running, but the problem remains.

    What I really need is a directory (ownership) listing of mysql dirs etc... or a 'list-only' login on a fedora cpanel server :s so I can match the ownerships

    anyone?
     
  8. spector

    spector Well-Known Member

    Joined:
    Jun 27, 2005
    Messages:
    51
    Likes Received:
    0
    Trophy Points:
    6
    all mysql dirs and files are to be owned by user mysql. Socket is accessible by any program because /var and /var/lib and /var/lib/mysql and /var/lib/mysql/mysql.sock should have permissions to be readable by anyone (world permissions).

    I suggest to confirm if mysql server is really running
    ps -u mysql

    and if not then check logfile in /var/lib/mysql/hostname.err

    I might not know all but about mysql I know much, because I host mysql4 and mysql5 simultaneously with own interface, instalation(...)
     
  9. sawbuck

    sawbuck Well-Known Member

    Joined:
    Jan 18, 2004
    Messages:
    1,367
    Likes Received:
    5
    Trophy Points:
    38
    cPanel Access Level:
    Root Administrator
  10. Miss Jacky

    Miss Jacky Well-Known Member

    Joined:
    Mar 4, 2004
    Messages:
    91
    Likes Received:
    0
    Trophy Points:
    6
    outside of /var/lib/mysql, is there anywhere else files should have 'mysql' as group?

    ps -u mysql confirms that the server is running

    /var/lib/mysql/hostname.err:
    060313 19:47:32 mysqld started
    060313 19:47:32 Warning: Asked for 196608 thread stack, but got 126976
    060313 19:47:32 InnoDB: Started
    /usr/sbin/mysqld: ready for connections.
    Version: '4.0.20-standard' socket: '/var/lib/mysql/mysql.sock' port: 3306

    Maybe upgrading mysql to get things working again? I'm a little scared the upgrade will go bananas with the groups messed up like this.

    That /home script did something, altough it's not a 100% succesfull it seems, leaves some users unaffected. But thanks anyway!
     
  11. Miss Jacky

    Miss Jacky Well-Known Member

    Joined:
    Mar 4, 2004
    Messages:
    91
    Likes Received:
    0
    Trophy Points:
    6
    Mysql problem is solved by adding public read and execute permissions to the /var/lib/mysql folder.

    Is this insecure in any way?
     
Loading...

Share This Page