Reading guide

This article describes how to run # chmod -R 777 unexpectedly/ command , in Centos 8 restore default permissions on the operating system.

In this article, we will deliberately run chmod 777 on a test server command , and try to recover by running two commands. There are two commands:

# rpm --setugids -a
# rpm --setperms -a

After executing the following command on the retester, all file permissions will become 777.

[root@localhost ~]# chmod -R 777 /

List the contents below the root directory:

[root@localhost ~]# ls -al /

The following are important documents related to SSH, which need to have correct permissions and ownership. However, due to running chmod 777, all of the following files have incorrect permissions.

[root@localhost ~]# ll /etc/ssh/
total 588
-rwxrwxrwx. 1 root root     563386 May 11  2019 moduli
-rwxrwxrwx. 1 root root       1727 May 11  2019 ssh_config
drwxrwxrwx. 2 root root         28 Dec 29  2019 ssh_config.d
-rwxrwxrwx. 1 root root       4444 May 11  2019 sshd_config
-rwxrwxrwx. 1 root ssh_keys    480 Dec 29  2019 ssh_host_ecdsa_key
-rwxrwxrwx. 1 root root        162 Dec 29  2019 ssh_host_ecdsa_key.pub
-rwxrwxrwx. 1 root ssh_keys    387 Dec 29  2019 ssh_host_ed25519_key
-rwxrwxrwx. 1 root root         82 Dec 29  2019 ssh_host_ed25519_key.pub
-rwxrwxrwx. 1 root ssh_keys   1799 Dec 29  2019 ssh_host_rsa_key
-rwxrwxrwx. 1 root root        382 Dec 29  2019 ssh_host_rsa_key.pub

SSH with chmod 777 permission

Next, try to log in to the server remotely through SSH. Since the permissions of the host key file have changed to 777, the login will be rejected.

Next, the following problems occur when you log in to this machine through ssh in the terminal:

Use X below shell If you log in to the server, you cannot log in successfully:

[C:\~]$ ssh root@192.168.43.131


Connecting to 192.168.43.131:22...
Connection established.
To escape to local shell, press 'Ctrl+Alt+]'.
Connection closing...Socket close.

Connection closed by foreign host.

Disconnected from remote host(192.168.43.131:22) at 10:28:06.

Type `help' to learn how to use Xshell prompt.

Restore permissions

To restore permissions, we need to load the system image of Centos8 and boot the CD image:

In VMware Workstation, load the CD and start the machine. Press F2 after power on to enter BIOS and switch to Boot tab. Move the CD-ROM Drive onto the Hard Drive. Press F10 to save and restart.

Select Troubleshooting, and then enter rescue mode.


When you enter the shell interface, select 1 directly.

Use the chroot command to switch / mnt/sysroot to the root directory:

sh-4.4#  chroot /mnt/sysroot

Use the following two commands to restore the permissions of all files, directories and configurations. When you run this command, it raises a permission denied error and cannot access the error. Just ignore the error.

# rpm --setugids -a
# rpm --setperms -a

Parameter Description:

• --setugids - sets the user / group ownership of the RPM package file.
• --setperms - sets the permissions for the RPM package file.
• -a - applies to all installed RPM packages.

After completing the operation, exit and restart:

# exit
# reboot

View permission, SSH connection server test

After logging into the system, check whether the permissions of the root directory are restored to normal:

# ls -l /

Run ssh login and find that you cannot log in. Use netstat -tlunp to find that the ssh port is not listening. Use systemctl status sshd to find that the service is not started. When starting the sshd service, it is found that it cannot be started. Find the reason below:

The permission of the key file found is still 777, and it is not restored:

Set the key file permissions below:

# chmod 644 /etc/ssh/ssh_config
# chmod 600 /etc/ssh/sshd_config
# chmod 640 /etc/ssh/ssh_host_rsa_key /etc/ssh/ssh_host_ecdsa_key /etc/ssh/ssh_host_ed25519_key
# chmod 644 /etc/ssh/ssh_host_rsa_key.pub /etc/ssh/ssh_host_ecdsa_key.pub /etc/ssh/ssh_host_ed25519_key.pub

Now start sshd again and try:

# systemctl enable sshd --now
# netstat -tlunp

You can see that the startup is successful. Try ssh Remote Login and see that the login is successful.

summary

In this way, we have successfully restored the permissions of the installed RPM package and restored the server. Do not use chmod 777 on any file system or configuration. That's how Linux should learn