the root of all stupidity

O

oinkmedia

Well-Known Member
Jul 5, 2003
49
0
156
SW London (UK)
Hi

In a stupid moment of madness, all the files on a cpanel server recently had their ownership modified to root. Can anyone tell me if I need to reinstall the server software from scratch or is this not a big issue. All the user directories have been updated (their permissions re-established so that Perl scripts and mailboxes work) but what other security problems has this moment of madness created?

Many thanks in advance for your support and advice.
 
rpmws

rpmws

Well-Known Member
Aug 14, 2001
1,815
9
318
back woods of NC, USA
oinkmedia said:
Hi

In a stupid moment of madness, all the files on a cpanel server recently had their ownership modified to root. Can anyone tell me if I need to reinstall the server software from scratch or is this not a big issue. All the user directories have been updated (their permissions re-established so that Perl scripts and mailboxes work) but what other security problems has this moment of madness created?

Many thanks in advance for your support and advice.
Click to expand...
couple things that might help
/scripts/upcp --force
/scripts/mailperms

there might be a couple other files in the scripts directory that will fix some permission errors. you have ownership issues also. There may be a rebuild script that will address the home ownerships as well.
 
dgbaker

dgbaker

Well-Known Member
PartnerNOC
Sep 20, 2002
2,576
9
343
Toronto, Ontario Canada
cPanel Access Level
DataCenter Provider
Also you can run the following to ensure all users files are correctly owned.

You can do this running the following commands in shell as root;

for CPAccess in `ls -A /var/cpanel/users`; do chown -R $CPAccess:$CPAccess /home/$CPAccess; done

for CPAccess in `ls -A /var/cpanel/users`; do chown -R $CPAccess:mail /home/$CPAccess/etc /home/$CPAccess/mail; done

for CPAccess in `ls -A /var/cpanel/users`; do chown -R $CPAccess:nobody /home/$CPAccess/public_html; done
 
brianoz

brianoz

Well-Known Member
Mar 13, 2004
1,146
7
168
Melbourne, Australia
cPanel Access Level
Root Administrator
zack6924 said:
as far as I know cpanel files were always chowned as root.
Click to expand...
It's worthwhile checking before contributing to a discussion. System files are owned by a whole variety of users, so it's not trivial to restore after a mishap like this, and yes, some things won't work. I haven't experienced this exact situation myself so I can't tell you how much (or little) won't work, but perhaps one of the gurus will come past here and share their experience ...

I'd either reinstall, or look at grabbing the user and group ownership information off a working system with similar config. You can then restore this to your broken system and you should get 99% coverage. Even better, you might be able to get usership information off a recent backup.

The fastest way to recover the ownerships would be to write an awk or perl script to run the chown command on each file based on the ownership information you recovered via the above.

Good luck, what a pain! :eek:
 
rpmws

rpmws

Well-Known Member
Aug 14, 2001
1,815
9
318
back woods of NC, USA
dgbaker said:
Also you can run the following to ensure all users files are correctly owned.

You can do this running the following commands in shell as root;

for CPAccess in `ls -A /var/cpanel/users`; do chown -R $CPAccess:$CPAccess /home/$CPAccess; done

for CPAccess in `ls -A /var/cpanel/users`; do chown -R $CPAccess:mail /home/$CPAccess/etc /home/$CPAccess/mail; done

for CPAccess in `ls -A /var/cpanel/users`; do chown -R $CPAccess:nobody /home/$CPAccess/public_html; done
Click to expand...
exactally!!!! there is a script somehwre that basically does this here. But this info here deserves a sticky.. this would do it for what I was getting at. Then you just have the issue with other services and logs and things like that .was it just ownership? or was it also permissions?? I would check make sure all services are working and run tail -f on the messages log and see if anything shows up in there ..that would point you to where and what to fix. you know thinking about it ..this couldn't hurt security ..only break things ..I can't imagine it making the box less secure anyway ..seeing that root is as high as you can go. Now if permissions were also opened up then you could have security issues from this. correct me if I am wrong guys.
 
X

xyber13

Well-Known Member
May 30, 2006
63
0
156
Permissions vs Ownership

oinkmedia said:
Thanks for the suggestions so far guys. Permissions were not changed only the ownership.
Click to expand...
Perhaps i am just a dumb noob but if ownership is changed how is it that the respective users are will have permission to read/write/execute?

-Xyber.
 
rpmws

rpmws

Well-Known Member
Aug 14, 2001
1,815
9
318
back woods of NC, USA
he could also do things like eximup , mysqlup .. easy steps that may correct any ownerships as well as easyapache :)
 
You must log in or register to reply here.
Thread starter Similar threads Forum Replies Date
C invalid homeroot General Discussion 1
P login as root General Discussion 6
K docroot General Discussion 0
S chroot General Discussion 3
V Unknown Root Access General Discussion 28
Similar threads
invalid homeroot
login as root
docroot
chroot
Unknown Root Access
Top Bottom