Ownership of etc folder is changed how to restore it using commandline?

permissions login etc rescue

20,888

Solution 1

Doing:

sudo chown -R root.root /etc

on the commandline will set /etc and everything underneath to owner root and group root

However on my system (Ubuntu 12.04) not everything under /etc is in group root. The following list might help (generated with sudo find /etc ! -gid 0 -ls | cut -c 29-):

root     dovecot      5348 Apr  8  2012 /etc/dovecot/dovecot-sql.conf.ext
root     dovecot       782 Apr  8  2012 /etc/dovecot/dovecot-dict-sql.conf.ext
root     dovecot       410 Apr  8  2012 /etc/dovecot/dovecot-db.conf.ext
root     shadow       2009 Dec 23 16:10 /etc/shadow
root     lp           4096 Mar 12 19:38 /etc/cups
root     lp            540 Mar 12 19:38 /etc/cups/subscriptions.conf
root     lp            108 Sep  1  2012 /etc/cups/classes.conf
root     lp           4096 Oct  8  2012 /etc/cups/ppd
root     lp           2751 Mar 12 07:38 /etc/cups/printers.conf
root     lp           2751 Mar 11 21:06 /etc/cups/printers.conf.O
root     lp            108 Jun  6  2012 /etc/cups/classes.conf.O
root     lp            540 Mar 12 19:24 /etc/cups/subscriptions.conf.O
root     lp           4096 Mar 28  2012 /etc/cups/ssl
root     sasl        12288 Jun  6  2012 /etc/sasldb2
root     daemon        144 Oct 25  2011 /etc/at.deny
root     dialout        66 Oct 31  2012 /etc/wvdial.conf
root     lightdm         0 Apr 21  2012 /etc/mtab.fuselock
root     shadow        981 Feb 19 23:38 /etc/gshadow
root     dovecot      1306 Jun  6  2012 /etc/ssl/certs/dovecot.pem
root     ssl-cert     4096 Jun  6  2012 /etc/ssl/private
root     dovecot      1704 Jun  6  2012 /etc/ssl/private/dovecot.pem
root     ssl-cert     1704 Apr 21  2012 /etc/ssl/private/ssl-cert-snakeoil.key
root     fuse          216 Oct 18  2011 /etc/fuse.conf
root     dip          4096 Oct 31  2012 /etc/ppp/peers
root     dip          1093 Mar 28  2012 /etc/ppp/peers/provider
root     dip          4096 Mar 28  2012 /etc/chatscripts
root     dip           656 Mar 28  2012 /etc/chatscripts/provider

Solution 2

Since you can modify /etc/passwd, you can remove password verification on the root account. Edit /etc/passwd and change the line

root:x:0:0:root:/root:/bin/sh

root::0:0:root:/root:/bin/sh

(i.e. the second colon-separated field must be empty). Now you can run su and become root without typing a password. (I think this works on Ubuntu, but if empty passwords are disabled, you can put aaxSuH/.jTvGs in the second field instead and use the password changeme.)

Repair the permissions by running

cd /etc
chown -R root:root /etc
chgrp shadow shadow gshadow

and a whole bunch more chgrp commands — Anthon's list is a good start.

Once you've done that, check on another terminal that you can use sudo normally.

Then change root's password back to being disabled or the one in /etc/shadow: edit /etc/password and put x (or *) as the second field.

Finally, send a nasty email to Walesa and tell him not to pull such stunts anymore. It's the equivalent of closing your eyes and throwing a knife in the air hoping that it'll fall down just right to cure your hangnail.

Solution 3

Thanks to Anthon's answer above login problem was solved:

I found an old kubuntu 12.04 alternate CD, entered rescue shell, where

sudo chown -R root.root /etc

could be run. Then we could log in and everything seemed perfect

But sudo did not work with this error:

/etc/sudoers is world writable
no valid sudoers sources found, quitting...
unable to initialise policy plug-in

I seached the errors and found this thread, in which this command:

pkexec visudo

weirdly solved sudo probelm, the error /etc/sudoers is world writable persisting (but not interfering). wierdly because I think I did not change anything manually (or if so, I tried to avoid saving).

Then in the same thread, these:

chmod u=rwx,g=rx,o=rx /etc/sudoers.d/
chmod u=r,g=r,o= /etc/sudoers.d/*

removed sudo's persisting error. Still there may be issues (probably not serious).

Solution 4

I just changed all of my files in /etc to user:user then changed them back to root:root once they're changed, you have to change your user to superuser : su then provide your credentials for the superuser account.

once you're the superuser, just run chown -R root:root /etc and you're back

View more solutions

20,888

Minimus Heximus

Updated on September 18, 2022

Comments

Minimus Heximus over 1 year

I have a computer with Ubuntu 13.10 installed. The user (say Walesa) has changed the ownership of etc folder and all its subfolders from root to Welesa using a privileged file manager. As sudo was disabled, he rebooted hoping it will be re-enabled again. But security does not allow log-in after entering username and password saying "owner of etc/profile is not root".

But a commandline login with I have no name!@Walesa is possible. Is there a way to restore ownership of etc and all its subfolders to root using this commandline?
Minimus Heximus about 10 years

but sudo is disabled with this error: etc/sudoers is owned by uid 1000 should be 0.
derobert about 10 years

@MinimusHeximus rebooting with single on your kernel command line (edit it in grub) might get you a root shell. If not, you can try init=/bin/bash on the kernel line instead. Note that later method will leave you with no init scripts run, so you'll have to mount filesystems (etc.) yourself.
Anthon about 10 years

@MinimusHeximus see my answer here unix.stackexchange.com/a/119393/33055 to get into single user mode as root, from there you should be able to change the permissions with the command in my answer.
Eric about 10 years

can you just use su ? get root priviliges then use the command from this answer without sudo?