How to chmod without /usr/bin/chmod?
Solution 1
You can run the loader directly, and pass it the command you want to run:
/lib/ld-linux.so /bin/chmod +x /bin/chmod
Your path to the loader might vary. On a 64-bit system you need to choose the right one based on how chmod
was compiled; the 64-bit version is named something like /lib64/ld-linux-x86-64.so.2
Solution 2
The chmod
utility relies on the chmod()
system call (see man 2 chmod
). So you could do this with a few lines of C, or just about any other language that has a wrapper around it (which would be most of them). Very few *nix systems are going to lack a C compiler and a perl interpreter; most linux distros require the later to work.
perl -e 'chmod 0755, "foobar.file"'
Solution 3
Some systems also have busybox
installed in which case you may run:
busybox chmod +x /bin/chmod
Since you were asking for hacks, I just thought of another one:
mv /bin/chmod /bin/chmod.orig
cp -a /bin/chown /bin/chmod
Now you have a /bin/chmod
that's executable but it's actually chown
(i.e. some other binary). Now all we have to do is overwrite it with the original binary.
dd if=/bin/chmod.orig of=/bin/chmod
It keeps the +x flag so you just stole the +x of another file for this one.
Of course, if all those alternative binaries (including the loader, perl, python, gcc et cetera) were chmod -x, fixing it from a rescue system may be the only option.
Solution 4
Easy. What you can do is prepare some other executable file, and then cp chmod
over it.
$ cp /bin/ls chmod
$ cp /bin/chmod .
The first cp
creates a file called chmod
with executable permissions, but which is really the ls
executable. The second cp
populates this file with the binary code of chmod
, while preserving the execute permissions of the target file (because we did not specify any options to carry over permissions of the source file).
Another approach is to use the install
utility which is a glorified copying program which can set permissions in one step. (See the -m
argument.)
$ install -m a+x /bin/chmod .
$ ./chmod # executes
The install
program isn't part of the Unix specification, but it is found in BSD, and in GNU Coreutils. Both support the -m
option with chmod-like syntax, both symbolic and octal.
Solution 5
First things off the top of my head,
- Boot from any other source (network book, cd, etc.) and use the chmod on that source to set the permissions.
- Write a tiny C program to change the permissions.
- Write a perl script (ruby, php, python, etc.) to change the permissions
/usr/bin/chmod
is just making a system call to change the permissions, you can make that system call yourself in any number of ways.
Related videos on Youtube
Sundar R
Updated on September 18, 2022Comments
-
Sundar R over 1 year
Today I was told a tale by a Unix trainer where the root password got leaked to the students, and one of the fellas removed the execute permission from
/usr/bin/chmod
itself. How do you recoverchmod
in this case and make it executable again? Let's say getting it from an external source or recompiling it is not a preferable option, is there some smart hack that can recover thischmod
itself?Note that this happened a long time ago and I'm not looking for a solution for some current problem, just curious about what ways Unix provides us around such an issue.
-
Admin almost 11 yearsSince all the answers provided are equally "right answers" here, I'm not marking any one of them in particular. Thanks to everyone who answered, every answer was educative in some way.
-
Admin almost 11 yearsNote that the "how do I do this without rebooting?" is as important an exercise as "How do I boot a rescue/installation media and fix this?". In my opinion you need to be able to do both - it might be a job saver some day.
-
Admin almost 11 yearsThe same question (and similar answers) exists on ServerFault, too.
-
Admin almost 11 years@SpellingD Thanks. It's weird reading that thread, like an alternate universe version of this question with only slightly different answers. And someone there answers they've seen the question previously on slideshare, and someone comments on that one that they've seen it on Reddit too!
-
Admin over 8 yearsSimilar: How can I execute a file without execute permissions? at AskUbuntu
-
Admin almost 4 years@Gilles'SO-stopbeingevil' This is not the same as your proposed duplicate. In that question, the whole directory was changed, no executable file remains to execute any action. Here, all executable files are available except chmod. The solutions for each problem are quite different.
-
Admin almost 4 years@Isaac Yes, ok, all solutions from unix.stackexchange.com/questions/77852/… work, but here there are more solutions.
-
-
EightBitTony almost 11 yearsI love any day where I learn something new.
-
Sundar R almost 11 yearsThanks, that's sweet. I just tried it out in Perl and it worked.
-
Sundar R almost 11 yearsThanks. What permissions does ld-linux.so itself have? (I have only cygwin and it doesn't seem to have this file.) Is this an easy way to override the executable permission bit then?
-
ruakh almost 11 yearsRe: "most linux distros require the [perl interpreter] to work": Really? Can you elaborate a bit on that?
-
Bratchley almost 11 yearsminor correction: 64 bit libraries are usually under
/lib64
-
Nils almost 11 years@ruakh I would say this is rather true for
python
. -
Jonathan Callen almost 11 yearsOn x86 (32-bit) Linux, the dynamic linker must be at exactly the path
/lib/ld-linux.so.2
, on x86-64 (64-bit) Linux, the dynamic linker must be at exactly the path/lib64/ld-linux-x86-64.so.2
. Both of these are normally symlinks to the correct file, but that exact path is required to be present. -
slm almost 11 yearsYou hit a homerun with this answer 8-).
-
dribler almost 11 years@ruakh, on Debian-based systems the perl-base package is marked as essential. Not having perl-base will make the package manager pretty unhappy. There are a large number of other essential/important tools like adduser that require perl, and are installed in an absolute bare-bones setup.
-
gerrit almost 11 yearsWhat if those too get their execution bit unset?
-
Thorbjørn Ravn Andersen almost 11 yearsNote: this is for Linux, not Ubix in general.
-
Jack Aidley almost 11 yearsWhat would happen if you
chmod
'd ld-linux.so? -
goldilocks almost 11 years@ruakh The reason it is more true of perl than anything else is that perl 5 was around during linux's infancy, while (eg) python 2 was not. It is kind of the original "dynamically typed, object oriented interpreted" language. So in general the 3 most fundamental languages in the linux world would be 1) C, 2) bash, and 3) perl. Python has probably eclipsed it in popularity in recent years, but it is just not as historically relevant and thus less likely to be essential -- although in reality both of them are usually available anyway.
-
ruakh almost 11 years@goldilocks: I didn't mean "as opposed to Python" (since you didn't mention Python); I meant "as opposed to C"!
-
Daniel López Lacalle almost 11 years@JonathanCallen, not true. NixOS is an example of a Linux-based OS distribution where directories
/lib
and/lib64
do not even exist. -
goldilocks almost 11 years@ruakh: Because most distos are binary based -- you don't need a C compiler, because everything is already compiled. However, you need bash to run the shell scripts, and if perl is fundamental, you need a perl interpreter too. So, eg., a default fedora or ubuntu install will probably include perl, but not gcc. Of course, C is the ground of everything (perl, python, and bash are written in C) but there does not need to be any C code at all on a running system, because it's all been compiled.
-
ruakh almost 11 years@goldilocks: Interesting! The Single Unix Specification does mark
cc
as "LEGACY" (and therefore optional), but I didn't realize that Linux distros were actually taking it up on that. :-P (Of course, it doesn't listperl
at all, even as an optional utility.) -
jw013 almost 11 yearsCouldn't you just use
cat
instead ofdd
? -
Sundar R almost 11 yearsI think this is the simplest and neatest solution here, tested on my Cygwin too, have an upboat.
-
Sverre Rabbelier almost 11 years@Rotsor I believe NixOS actually has to do something to each binary to use the right linker paths, instead of the hardcoded one.
-
frostschutz almost 11 yearsYes... I ended up using
dd
because at first I thought it may needconv=notrunc
or similar to prevent replacing the file entirely, but it does work with most commands that write files after all (includingcat
,cp
, ...). -
Matthew Crumley almost 11 yearsJust make sure you're not inside /bin when you do this, or the first step will overwrite the real chmod.
-
frostschutz almost 11 years+1 for
install
. So many solutions. :) -
user1813706 almost 11 yearsThis doesn't work if the filesystem is mounted with noexec. As it should!
-
S edwards about 10 yearsgreat hack, really clever
-
user about 10 years@AndresRiofrio Why on Earth would
/
,/lib
,/bin
or/usr/bin
be mounted noexec? Your linked question is about/tmp
which is a different beast entirely. -
user1813706 about 10 years@MichaelKjörling I think it's because I was trying to execute another program in /tmp using this technique.
-
Unnikrishnan almost 10 yearsThat one was brilliant man :)
-
lepe over 9 years/lib/x86_64-linux-gnu/ld-linux-x86-64.so.2 , /lib64/ld-linux-x86-64.so.2 are other path alternatives. If not, use "locate ld-linux" to find it out.
-
hildred about 9 yearsthis is a cool trick, but you may want to explain what you are doing, and how it works.
-
New Atech over 8 yearsBest solution, all you need to know is that
cp
doesn't necessarily copy file attributes, it can copy only the content (but you can tell it to copy the attributes too). -
G-Man Says 'Reinstate Monica' over 8 years+1, but why tamper with an existing system file at all? Why not just do
cp /bin/tr /bin/newchmod && cp /bin/chmod /bin/newchmod
? It seems that you don't need to specify any options tocp
. (I chosetr
because it's a small file with a short, easy-to-type name; obviously, any executable file, such as/bin/chown
, will work.) -
frostschutz over 8 years@G-Man, good point, might be less confusing that way for package managers that track files by timestamps or something.
-
sleepycal over 8 yearsThis made me chuckle, nice little hack