Score:8

Ubuntu

Any recover from sudo chmod 600 /

Roko

10/4/23, 8:41 PM

I was configuring ssl certificate on server and while following documentation I accidentally pasted terminal command without checking.

sudo chmod 600 / usr/local/nginx/ssl/my-ssl.key

It immediately kicked me out of the server because I guess this result in changing permissions of ubuntu root folder. What can I do?

EDIT: I used chmod not chown command

1021

1 + 4

chmod

Rinzwind

10/4/23, 8:52 PM

You did NOT use -R? Then yes should be simple. 1 moment. and you are sure you did `chown 600` and not `chmod 600`?

Roko

10/4/23, 9:17 PM

@Rinzwind I didn't use recursive -R flag and you are right I used chmod not chwon

Rinzwind

10/4/23, 9:28 PM

no problem :) see if my edit is good enough. You might need to fix some stuff in your / that I do not have.

BЈовић

10/5/23, 7:28 AM

oh lol sorry cant stop laughing

Score:11

Ubuntu

Rinzwind

10/4/23, 8:55 PM

In case sudo does not work this needs to be done from a live session.

If this is a cloud instance you need to go to the cloud console, create a new instance, mount your disk in the new instance and then fix it on the mountpoint. After that re-attach the disk to boot from it.

Everything in / except for mountpoints is set to root so this will revert your command:

sudo chown root /

Then do a

sudo chown $USER {mountpoints}

for every mountpoint you have.

edit: When using chmod:

sudo chmod 777 /lib*/ /tmp/ /sbin/ /bin/
sudo chmod 770 /cdrom/ 
sudo chmod 750 /usr/ /sys/ /srv/ /snap/ /run/ /proc/ /opt/ /mnt/ 
sudo chmod 750 /media/ /home/ /etc/ /dev/ /boot/ 
sudo chmod 700 /root/ /lost+found/
sudo chmod 600 /swapfile

In case I missed anything this it what it should look like:

drwxr-xr-x  14 root     root           4096 mrt 30  2022 usr
drwxr-xr-x   2 root     root           4096 mrt 30  2022 srv
drwxr-xr-x   2 root     root           4096 mrt 30  2022 mnt
drwxr-xr-x  14 root     root           4096 mrt 30  2022 var
drwx------   2 root     root          16384 apr  3  2022 lost+found
-rw-------   1 root     root     1942548480 apr  3  2022 swapfile
lrwxrwxrwx   1 root     root              8 apr  3  2022 sbin -> usr/sbin
lrwxrwxrwx   1 root     root             10 apr  3  2022 libx32 -> usr/libx32
lrwxrwxrwx   1 root     root              9 apr  3  2022 lib64 -> usr/lib64
lrwxrwxrwx   1 root     root              9 apr  3  2022 lib32 -> usr/lib32
lrwxrwxrwx   1 root     root              7 apr  3  2022 lib -> usr/lib
lrwxrwxrwx   1 root     root              7 apr  3  2022 bin -> usr/bin
drwxrwxr-x   2 root     root           4096 apr  3  2022 cdrom
drwxr-xr-x   3 root     root           4096 apr  3  2022 home
drwxr-xr-x   3 root     root           4096 apr  8 20:29 media
drwxr-xr-x  14 root     root           4096 apr 18 08:35 snap
drwx------   7 root     root           4096 jul 18 20:33 root
drwxr-xr-x   4 root     root           4096 sep 21 06:36 boot
dr-xr-xr-x  13 root     root              0 okt  3 23:23 sys
dr-xr-xr-x 378 root     root              0 okt  3 23:23 proc
drwxr-xr-x  36 root     root            960 okt  4 17:29 run
drwxr-xr-x 143 root     root          12288 okt  4 17:30 etc
drwxr-xr-x   6 root     root           4096 okt  4 17:53 opt
drwxr-xr-x  19 root     root           4800 okt  4 18:49 dev
drwxrwxrwt  35 root     root           4096 okt  4 23:24 tmp

edit:

And you also need to do

sudo chmod 600 /usr/local/nginx/ssl/my-ssl.key

;)

+ 9

Oskar Skog

10/5/23, 5:52 AM

How is running anything possible after `chmod 600 /`?

Oskar Skog

10/5/23, 7:02 AM

But how can he even access `/sbin/sudo` (or whatever the path is) if he lacks execute rights to `/`?

Rinzwind

10/5/23, 7:06 AM

I am not going to test it on my machine ;-) so I added a live session option :D

TooTea

10/5/23, 8:48 AM

@OskarSkog Nothing on the system is going to work unless running as root (overriding DAC), so you're right that sudo is not the answer (the chown effectively disabled all non-root users). This is where an actual root login would come in handy. Assuming OP can't just ssh in as root, it means rebooting and fixing it from initramfs, or `init=/bin/sh`, or just launching a shell as root if this is a container.

TooTea

10/5/23, 8:51 AM

BTW, as OP didn't use `-R`, there's no point trying to fix permissions/ownership on mountpoints or essentially anything except for `/` (as nothing else got touched). The answer could thus be trimmed down considerably.

Rinzwind

10/5/23, 9:22 AM

@TooTea -the contents of the mp- need to be changed.

TooTea

10/5/23, 9:48 AM

@Rinzwind Sorry, I don't understand that comment. My point is that OP only ran `chmod 0600 /`, which changes the permissions on the root directory `/` itself, not on anything contained in it. Reverting it is thus only about changing the permissions on that one directory.

Rinzwind

10/5/23, 10:51 AM

no it is the contents of that one directory.

glglgl

10/5/23, 11:05 AM

@Rinzwind This would be true if he had used `sudo chmod 600 /*`. Indeed, it is only the one directory entry which represents `/`. You can try this out in a chroot.

Elon Musk

I sit in a Tesla and translated this thread with Ai:

EN: Any recover from sudo chmod 600 /

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.