oinkmedia

Well-Known Member
Jul 5, 2003
49
0
156
SW London (UK)
Hi

In a stupid moment of madness, all the files on a cpanel server recently had their ownership modified to root. Can anyone tell me if I need to reinstall the server software from scratch or is this not a big issue. All the user directories have been updated (their permissions re-established so that Perl scripts and mailboxes work) but what other security problems has this moment of madness created?

Many thanks in advance for your support and advice.
 

rpmws

Well-Known Member
Aug 14, 2001
1,787
10
318
back woods of NC, USA
Hi

In a stupid moment of madness, all the files on a cpanel server recently had their ownership modified to root. Can anyone tell me if I need to reinstall the server software from scratch or is this not a big issue. All the user directories have been updated (their permissions re-established so that Perl scripts and mailboxes work) but what other security problems has this moment of madness created?

Many thanks in advance for your support and advice.
couple things that might help
/scripts/upcp --force
/scripts/mailperms

there might be a couple other files in the scripts directory that will fix some permission errors. you have ownership issues also. There may be a rebuild script that will address the home ownerships as well.
 

dgbaker

Well-Known Member
PartnerNOC
Sep 20, 2002
2,531
10
343
Toronto, Ontario Canada
cPanel Access Level
DataCenter Provider
Also you can run the following to ensure all users files are correctly owned.

You can do this running the following commands in shell as root;

for CPAccess in `ls -A /var/cpanel/users`; do chown -R $CPAccess:$CPAccess /home/$CPAccess; done

for CPAccess in `ls -A /var/cpanel/users`; do chown -R $CPAccess:mail /home/$CPAccess/etc /home/$CPAccess/mail; done

for CPAccess in `ls -A /var/cpanel/users`; do chown -R $CPAccess:nobody /home/$CPAccess/public_html; done
 

brianoz

Well-Known Member
Mar 13, 2004
1,146
7
168
Melbourne, Australia
cPanel Access Level
Root Administrator
as far as I know cpanel files were always chowned as root.
It's worthwhile checking before contributing to a discussion. System files are owned by a whole variety of users, so it's not trivial to restore after a mishap like this, and yes, some things won't work. I haven't experienced this exact situation myself so I can't tell you how much (or little) won't work, but perhaps one of the gurus will come past here and share their experience ...

I'd either reinstall, or look at grabbing the user and group ownership information off a working system with similar config. You can then restore this to your broken system and you should get 99% coverage. Even better, you might be able to get usership information off a recent backup.

The fastest way to recover the ownerships would be to write an awk or perl script to run the chown command on each file based on the ownership information you recovered via the above.

Good luck, what a pain! :eek:
 

rpmws

Well-Known Member
Aug 14, 2001
1,787
10
318
back woods of NC, USA
Also you can run the following to ensure all users files are correctly owned.

You can do this running the following commands in shell as root;

for CPAccess in `ls -A /var/cpanel/users`; do chown -R $CPAccess:$CPAccess /home/$CPAccess; done

for CPAccess in `ls -A /var/cpanel/users`; do chown -R $CPAccess:mail /home/$CPAccess/etc /home/$CPAccess/mail; done

for CPAccess in `ls -A /var/cpanel/users`; do chown -R $CPAccess:nobody /home/$CPAccess/public_html; done
exactally!!!! there is a script somehwre that basically does this here. But this info here deserves a sticky.. this would do it for what I was getting at. Then you just have the issue with other services and logs and things like that .was it just ownership? or was it also permissions?? I would check make sure all services are working and run tail -f on the messages log and see if anything shows up in there ..that would point you to where and what to fix. you know thinking about it ..this couldn't hurt security ..only break things ..I can't imagine it making the box less secure anyway ..seeing that root is as high as you can go. Now if permissions were also opened up then you could have security issues from this. correct me if I am wrong guys.
 

xyber13

Well-Known Member
May 30, 2006
63
0
156
Permissions vs Ownership

Thanks for the suggestions so far guys. Permissions were not changed only the ownership.
Perhaps i am just a dumb noob but if ownership is changed how is it that the respective users are will have permission to read/write/execute?

-Xyber.
 

rpmws

Well-Known Member
Aug 14, 2001
1,787
10
318
back woods of NC, USA
he could also do things like eximup , mysqlup .. easy steps that may correct any ownerships as well as easyapache :)