debian: permission denied for all users except of root
Mea culpa, I DID change permissons at the root dir level. Most of /* directories where on 750 or -rwxr-x---
If you got similar errors, check
ls -ld /
ls -l /
which should result in
drwxr-xr-x
for
/
/home
/lib
/opt
/var
/mnt
/boot
To restore permission flags in /
chmod 0755 /
chmod 0755 /*
chmod 0777 /tmp
I got my inspiration here: source
Related videos on Youtube
BavYeti
Updated on September 18, 2022Comments
-
BavYeti over 1 year
I wrote a bash script today which might destroyed some of my user settings and/or permissions. Now I know it was quite stupid to test the script on my live-system ;).
What is not working? Every Process which is running as another user than root (postfix, ftp, dovecot, etc).
EDIT: The folder structur is various in case of owners and permissions. So it doesn't look like I changed something on root dir level. I'm also not able to login or run something as a newly added user (see test below). proftpd log shows me
Unable to open password file /etc/passwd for reading: Permission denied
su test
Cannot execute /bin/bash: Permission denied
ls -l
drwxrwxr-x 23 root root 4096 Aug 15 15:26 / drwxr-xr-x 90 root root 4096 Aug 15 16:38 etc -rw-rw-r-- 1 root root 1971 Aug 15 16:25 /etc/passwd -rw-r----- 1 root shadow 2151 Aug 15 16:25 /etc/shadow drwxrwxr-x 2 root root 4096 Aug 15 16:38 bin -rwxr-xr-x 1 root root 941252 Sep 25 2014 /bin/bash
The script
#!/bin/bash path="/var/www" if [ $(id -u) -eq 0 ]; then echo "Enter directory name" read dirname pathdir="$path/$dirname" echo $pathdir echo "File doesn't exist. Creating now" mkdir $pathdir mkdir $pathdir/conf mkdir $pathdir/docs mkdir $pathdir/logs mkdir $pathdir/tmp mkdir $pathdir/php-fcgi echo "Folder structure created" read -p "Enter username : " username read -s -p "Enter password : " password egrep "^$username" /etc/passwd >/dev/null if [ $? -eq 0 ]; then echo "$username exists!" exit 1 else pass=$(perl -e 'print crypt($ARGV[0], "password")' $password) useradd -d $pathdir -p $pass $username [ $? -eq 0 ] && echo "User has been added to system!" || echo "Failed to add a user!" fi adduser www-data $username chown root:$user $pathdir chmod 750 $pathdir chown $username:$username $pathdir/* chmod 750 $pathdir/* confdir=$pathdir/conf chmod 550 $confdir cp ./php.ini $confdir sed -i -e 's#;open_basedir =#open_basedir = '$pathdir'/docs/:'$pathdir'/tmp/#g' $confdir/php.ini sed -i -e 's#;upload_tmp_dir =#upload_tmp_dir = '$pathdir'/tmp/#g' $confdir/php.ini sed -i -e 's#;session.save_path =#session.save_path = '$pathdir'/tmp/#g' $confdir/php.ini chown $username:$username $confdir/php.ini chmod 440 $confdir/php.ini generate php-fcgi-starter cat > $pathdir/php-fcgi/php-fcgi-starter << EOF #!/bin/sh PHPRC="${confdir}/" export PHPRC export TMPDIR=${pathdir}/tmp exec /usr/bin/php5-cgi EOF chmod 750 $pathdir/php-fcgi/php-fcgi-starter chattr +i -V $pathdir/php-fcgi/php-fcgi-starter generate apache vhost echo "Domain:" read domain cat > /etc/apache2/sites-available/$domain << EOF <VirtualHost *:80> ServerAdmin [email protected] ServerName ${domain} ServerAlias www.${domain} SuexecUserGroup ${username} ${username} AddHandler fcgid-script .php DocumentRoot "${pathdir}/docs" DirectoryIndex index.htm index.html index.php <Directory /> Options FollowSymLinks AllowOverride None </Directory> <Directory "${pathdir}/docs"> Options Indexes MultiViews FollowSymLinks +ExecCGI FCGIWrapper ${pathdir}/php-fcgi/php-fcgi-starter .php Order allow,deny allow from all </Directory> LogLevel warn CustomLog ${pathdir}/logs/access.log combined ServerSignature On </VirtualHost> EOF a2ensite $domain echo "Ready" else echo "run as root" exit 2 fi
-
Cyrus over 8 yearsRestore a backup.
-
BavYeti over 8 yearsyep, that's the plan as soon as I loose the feeling that it's only a simple permisson or owner setting
-
-
BavYeti over 8 yearsMost of the owner settings seem to be correct. For sure the home directories. AND I get the same error with newly added users. Actually my first idea was, that I accendently runned the script and it changed something on the root dir level. But the owners and permisson of files in subdirs are to various
-
BavYeti over 8 yearsGood Idea, but unfortunatly not the reason ls -ld /
drwxrwxr-x 23 root root 4096 Aug 15 15:26 /
which is 775 (default value?)