The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

the root of all stupidity

Discussion in 'General Discussion' started by oinkmedia, Nov 6, 2006.

  1. oinkmedia

    oinkmedia Well-Known Member

    Joined:
    Jul 5, 2003
    Messages:
    49
    Likes Received:
    0
    Trophy Points:
    6
    Location:
    SW London (UK)
    Hi

    In a stupid moment of madness, all the files on a cpanel server recently had their ownership modified to root. Can anyone tell me if I need to reinstall the server software from scratch or is this not a big issue. All the user directories have been updated (their permissions re-established so that Perl scripts and mailboxes work) but what other security problems has this moment of madness created?

    Many thanks in advance for your support and advice.
     
  2. zack6924

    zack6924 Member

    Joined:
    Sep 30, 2004
    Messages:
    10
    Likes Received:
    0
    Trophy Points:
    1
    as far as I know cpanel files were always chowned as root.
     
  3. rpmws

    rpmws Well-Known Member

    Joined:
    Aug 14, 2001
    Messages:
    1,824
    Likes Received:
    5
    Trophy Points:
    38
    Location:
    back woods of NC, USA
    couple things that might help
    /scripts/upcp --force
    /scripts/mailperms

    there might be a couple other files in the scripts directory that will fix some permission errors. you have ownership issues also. There may be a rebuild script that will address the home ownerships as well.
     
  4. dgbaker

    dgbaker Well-Known Member
    PartnerNOC

    Joined:
    Sep 20, 2002
    Messages:
    2,578
    Likes Received:
    3
    Trophy Points:
    38
    Location:
    Toronto, Ontario Canada
    cPanel Access Level:
    DataCenter Provider
    Also you can run the following to ensure all users files are correctly owned.

    You can do this running the following commands in shell as root;

    for CPAccess in `ls -A /var/cpanel/users`; do chown -R $CPAccess:$CPAccess /home/$CPAccess; done

    for CPAccess in `ls -A /var/cpanel/users`; do chown -R $CPAccess:mail /home/$CPAccess/etc /home/$CPAccess/mail; done

    for CPAccess in `ls -A /var/cpanel/users`; do chown -R $CPAccess:nobody /home/$CPAccess/public_html; done
     
  5. brianoz

    brianoz Well-Known Member

    Joined:
    Mar 13, 2004
    Messages:
    1,146
    Likes Received:
    6
    Trophy Points:
    38
    Location:
    Melbourne, Australia
    cPanel Access Level:
    Root Administrator
    It's worthwhile checking before contributing to a discussion. System files are owned by a whole variety of users, so it's not trivial to restore after a mishap like this, and yes, some things won't work. I haven't experienced this exact situation myself so I can't tell you how much (or little) won't work, but perhaps one of the gurus will come past here and share their experience ...

    I'd either reinstall, or look at grabbing the user and group ownership information off a working system with similar config. You can then restore this to your broken system and you should get 99% coverage. Even better, you might be able to get usership information off a recent backup.

    The fastest way to recover the ownerships would be to write an awk or perl script to run the chown command on each file based on the ownership information you recovered via the above.

    Good luck, what a pain! :eek:
     
  6. rpmws

    rpmws Well-Known Member

    Joined:
    Aug 14, 2001
    Messages:
    1,824
    Likes Received:
    5
    Trophy Points:
    38
    Location:
    back woods of NC, USA
    exactally!!!! there is a script somehwre that basically does this here. But this info here deserves a sticky.. this would do it for what I was getting at. Then you just have the issue with other services and logs and things like that .was it just ownership? or was it also permissions?? I would check make sure all services are working and run tail -f on the messages log and see if anything shows up in there ..that would point you to where and what to fix. you know thinking about it ..this couldn't hurt security ..only break things ..I can't imagine it making the box less secure anyway ..seeing that root is as high as you can go. Now if permissions were also opened up then you could have security issues from this. correct me if I am wrong guys.
     
  7. oinkmedia

    oinkmedia Well-Known Member

    Joined:
    Jul 5, 2003
    Messages:
    49
    Likes Received:
    0
    Trophy Points:
    6
    Location:
    SW London (UK)
    Thanks for the suggestions so far guys. Permissions were not changed only the ownership.
     
  8. xyber13

    xyber13 Well-Known Member

    Joined:
    May 30, 2006
    Messages:
    63
    Likes Received:
    0
    Trophy Points:
    6
    Permissions vs Ownership

    Perhaps i am just a dumb noob but if ownership is changed how is it that the respective users are will have permission to read/write/execute?

    -Xyber.
     
  9. brianoz

    brianoz Well-Known Member

    Joined:
    Mar 13, 2004
    Messages:
    1,146
    Likes Received:
    6
    Trophy Points:
    38
    Location:
    Melbourne, Australia
    cPanel Access Level:
    Root Administrator
    He changed ownership back on the user files! Ownership is not as critical for many system files, there are just a few that could cause problems.
     
  10. rpmws

    rpmws Well-Known Member

    Joined:
    Aug 14, 2001
    Messages:
    1,824
    Likes Received:
    5
    Trophy Points:
    38
    Location:
    back woods of NC, USA
    he could also do things like eximup , mysqlup .. easy steps that may correct any ownerships as well as easyapache :)
     
Loading...

Share This Page