| View previous topic :: View next topic |
| Author |
Message |
rdx
n00b
Joined: 05 Sep 2002
Posts: 54
Location: Switzerland
|
 Posted: Fri Jun 06, 2003 5:39 pm Post subject: Wrong permissions on /etc = lots of errors! HOWTO FIX? |
 |
|
hi guys..
i really messed it up this time.. i thought i'm smart so i chmod'ed all files on /etc to rwx------. after that, all users (except root) had big problems, like linking issues:
| Quote: | cypress fclub # divx2vcd \[SML\]_FightClub_low_880_480x384_MP3_96.avi
tcprobe: error while loading shared libraries: libMagick-5.5.5-Q16.so.0: cannot open shared object file: No such file or directory |
and it's there!
| Quote: | cypress fclub # ls /usr/lib/libMagick*
/usr/lib/libMagick++-5.5.6-Q16.so.0 /usr/lib/libMagick-5.5.6-Q16.so.0
/usr/lib/libMagick++-5.5.6-Q16.so.0.0.0 /usr/lib/libMagick-5.5.6-Q16.so.0.0.0
/usr/lib/libMagick++.a /usr/lib/libMagick.a
/usr/lib/libMagick++.la /usr/lib/libMagick.la
/usr/lib/libMagick++.so /usr/lib/libMagick.so |
and it comes even worst... normal users (even if they are in group wheel) can't login anymore via sshd.. log:
| Quote: | Jun 6 20:34:39 cypress sshd(pam_unix)[25818]: authentication failure; logname= uid=0 euid=0 tty=NODEVssh ruser= rhost=192.168.1.14 user=dn
Jun 6 20:34:42 cypress sshd[25818]: Accepted password for dn from 192.168.1.14 port 1143 ssh2
Jun 6 20:34:42 cypress sshd[25820]: fatal: login_get_lastlog: Cannot find account for uid 1001
Jun 6 20:34:42 cypress PAM-env[25820]: Unable to open config file: Permission denied |
as you see, something is really bad within my box..
 what is the right permission for files in /etc without running into probs?
i don't want to set them to 777  i know i would have no probs then, but... security first 
any hints??
many thanks! |
|
| Back to top |
|
 |
paranode
l33t
Joined: 06 Mar 2003
Posts: 679
Location: Texas
|
| Posted: Fri Jun 06, 2003 5:58 pm Post subject: |
|
|
| Code: |
# ls -l
total 362
-rw-r--r-- 1 root root 2328 Apr 28 13:41 DIR_COLORS
drwxr-xr-x 14 root root 632 Apr 21 14:01 X11
-rw-r--r-- 1 root root 46 May 12 13:29 adjtime
drwxr-xr-x 2 root root 80 May 8 16:36 aide
drwxr-xr-x 3 root root 216 Mar 25 16:54 apache
drwxr-xr-x 3 root root 216 May 29 14:02 apache2
drwxr-xr-x 3 root root 96 May 6 15:42 bootsplash
drwxr-xr-x 2 root root 536 May 6 15:42 conf.d
drwxr-xr-x 2 root root 72 Mar 12 06:42 cron.d
drwxr-xr-x 2 root root 128 Apr 13 21:09 cron.daily
drwxr-xr-x 2 root root 72 Mar 11 16:30 cron.hourly
drwxr-xr-x 2 root root 72 Mar 11 16:30 cron.monthly
drwxr-xr-x 2 root root 72 Mar 11 16:30 cron.weekly
-rw-r--r-- 1 root root 563 Mar 12 06:42 crontab
-rw-r--r-- 1 root root 1255 Jun 6 13:48 csh.env
drwxr-xr-x 5 root root 320 May 8 10:42 cups
drwxr-xr-x 2 root root 72 Mar 11 16:05 default
drwxr-xr-x 2 root root 72 Mar 11 16:30 devfs.d
-rw-r--r-- 1 root root 4991 Apr 28 13:41 devfsd.conf
drwxr-xr-x 2 root root 160 May 12 13:30 dhcpc
-rw-r--r-- 1 root root 513 Jun 6 13:47 dispatch-conf.conf
drwxr-xr-x 4 root root 368 May 22 15:15 env.d
-rw-r--r-- 1 root root 1629 Jun 6 13:47 etc-update.conf
-rw-r--r-- 1 root root 1246 Mar 11 13:07 fdprm
lrwxrwxrwx 1 root root 19 Apr 28 13:41 filesystems -> ../proc/filesystems
drwxr-xr-x 2 root root 144 May 22 15:54 fonts
-rw-r--r-- 1 root root 1100 Mar 12 06:46 fstab
-rw-r--r-- 1 root root 35 Apr 28 13:41 gentoo-release
-rw-r--r-- 1 root root 707 May 2 12:21 group
-rw------- 1 root root 707 Apr 13 21:09 group-
drwxr-xr-x 2 root root 120 Mar 14 16:43 gtk-2.0
-rw-r--r-- 1 root root 21 Mar 12 06:47 hostname
-rw-r--r-- 1 root root 605 Mar 13 14:13 hosts
drwxr-xr-x 2 root root 1248 Jun 4 14:43 init.d
-rw-r--r-- 1 root root 1493 Apr 28 13:41 inittab
-rw-r--r-- 1 root root 3753 Apr 28 13:41 inputrc
-rw------- 1 root root 60 May 12 13:30 ioctl.save
-rw-r--r-- 1 root root 836 May 5 17:05 john-mail.conf
-rw-r--r-- 1 root root 183 May 5 17:05 john-mail.msg
-rw-r--r-- 1 root root 9901 May 5 17:05 john.ini
-rw-r--r-- 1 root root 33463 Jun 6 13:48 ld.so.cache
-rw-r--r-- 1 root root 304 Jun 6 13:48 ld.so.conf
-rw-r--r-- 1 root root 0 Jun 6 13:47 ld.so.preload
-rw-r--r-- 1 root root 725 May 19 13:08 limits
lrwxrwxrwx 1 root root 35 Mar 12 04:43 localtime -> /usr/share/zoneinfo/America/Chicago
-rw------- 1 root root 2058 May 19 13:08 login.access
-rw-r--r-- 1 root root 3229 Mar 25 15:59 login.defs
drwxr-xr-x 2 root root 72 Mar 12 06:41 mail
-rw-r--r-- 1 root root 2235 Mar 12 06:41 mailcap
-rw-r--r-- 1 root root 13195 Jun 6 13:53 make.conf
-rw-r--r-- 1 root root 12063 May 22 10:32 make.conf~
-rw-r--r-- 1 root root 2612 Jun 6 13:47 make.globals
lrwxrwxrwx 1 root root 37 Mar 11 11:09 make.profile -> /usr/portage/profiles/default-x86-1.4
-rw-r--r-- 1 root root 4629 May 5 09:58 man.conf
drwxr-xr-x 2 root root 80 Mar 12 06:41 metalog
-rw-r--r-- 1 root root 400 Apr 28 13:41 modules.autoload
-rw-r--r-- 1 root root 1810 May 12 08:30 modules.conf
-rw-r--r-- 1 root root 1810 May 12 08:30 modules.conf.old
drwxr-xr-x 2 root root 120 Mar 11 16:31 modules.d
-rw-r--r-- 1 root root 3516 Mar 25 15:59 modules.devfs
-rw-r--r-- 1 root root 163 Jun 5 16:38 mtab
drwxr-xr-x 2 root root 112 Mar 14 09:29 nessus
-rw-r--r-- 1 root root 297 Apr 28 13:41 networks
-rw-r--r-- 1 root root 1158 Mar 25 15:53 nscd.conf
-rw-r--r-- 1 root root 498 Apr 28 13:41 nsswitch.conf
-rw-r--r-- 1 root root 298 May 8 11:10 nsswitch.conf-winbind
-rw-r--r-- 1 root root 390 May 8 11:10 nsswitch.conf-wins
-rw-r--r-- 1 root root 200 May 12 13:30 ntp.conf
-rw-r--r-- 1 root root 200 Mar 12 14:37 ntp.conf.sv
drwxr-xr-x 2 root root 72 Mar 11 16:30 opt
drwxr-xr-x 2 root root 640 May 19 13:08 pam.d
drwxr-xr-x 2 root root 112 Mar 14 16:15 pango
drwxr-xr-x 2 root root 80 Apr 3 13:46 partimaged
-rw-r--r-- 1 root root 1874 May 2 12:21 passwd
-rw------- 1 root root 1835 May 2 12:21 passwd-
drwxr-xr-x 2 root root 96 Jun 3 11:01 php4
drwxr-xr-x 2 root root 104 Mar 11 16:30 ppp
-rw-r--r-- 1 root root 772 Apr 28 13:41 profile
-rw-r--r-- 1 root root 1257 Jun 6 13:48 profile.env
-rw-r--r-- 1 root root 1846 Apr 28 13:41 protocols
-rw-r--r-- 1 root root 134 Dec 4 2002 pwdb.conf
-rw-r--r-- 1 root root 2822 Mar 14 10:56 rc.conf
-rw-r--r-- 1 root root 2821 Mar 12 06:48 rc.conf~
-rw-r--r-- 1 root root 104 May 12 13:30 resolv.conf
-rw-r--r-- 1 root root 104 Mar 11 11:12 resolv.conf.sv
lrwxrwxrwx 1 root root 13 Mar 11 11:09 rmt -> /usr/sbin/rmt
-rw-r--r-- 1 root root 1615 Mar 25 15:53 rpc
drwxr-xr-x 2 root root 72 Mar 11 15:56 rsync
drwxr-xr-x 6 root root 152 Dec 3 2002 runlevels
drwxr-xr-x 3 root root 240 May 8 11:26 samba
-rw------- 1 root root 230 May 19 13:08 securetty
drwxr-xr-x 2 root root 272 Mar 11 16:01 security
-rw-r--r-- 1 root root 2948 Dec 4 2002 serial.conf
-rw-r--r-- 1 root root 13521 Apr 28 13:41 services
drwxr-xr-x 2 root root 416 May 8 15:43 sgml
-rw------- 1 root root 533 May 2 12:21 shadow
-rw------- 1 root root 507 Apr 24 17:04 shadow-
-rw-r--r-- 1 root root 196 Apr 28 13:41 shells
drwxr-xr-x 2 root root 104 Mar 11 16:30 skel
drwxr-xr-x 3 root root 2112 Apr 22 15:04 snort
drwxr-xr-x 2 root root 376 May 26 12:14 ssh
drwxr-xr-x 6 root root 176 Mar 11 16:18 ssl
drwxr-xr-x 2 root root 112 Mar 12 06:41 ssmtp
-r--r----- 1 root root 685 Mar 26 13:30 sudoers
-rw-r--r-- 1 root root 381 Apr 28 13:41 sysctl.conf
drwxr-xr-x 2 root root 80 Mar 25 17:28 t1lib
-rw-r--r-- 1 root root 578 Apr 17 19:55 updatedb.conf
drwxr-xr-x 2 root root 72 Mar 11 16:29 wget
drwxr-xr-x 2 root root 152 May 14 13:53 xinetd.d
drwxr-xr-x 2 root root 120 May 8 15:42 xml
-rw-r--r-- 1 root root 33 May 12 13:30 yp.conf
-rw-r--r-- 1 root root 33 Mar 12 14:37 yp.conf.sv
|
If you went recursively down into directories then I dunno what to say, you messed up somethin' fierce!
_________________
Meh. |
|
| Back to top |
|
|
slartibartfasz
Veteran
Joined: 29 Oct 2002
Posts: 1462
Location: Vienna, Austria
|
| Posted: Sat Jun 07, 2003 8:11 am Post subject: |
|
|
sorry to say this so explicitly, but this was a really dumb idea - at least u learned why /etc/passwd has to be readable by all users...
maybe 'emerge baselayout' will restore some of your permissions - its worth a try at least - however i guess u will have to set a lot of permissions manually...
_________________
To an engineer the glass is neither half full, nor half empty - it is just twice as big as it needs to be. |
|
| Back to top |
|
|
|
Networking & Security
