Accidentally changed ownership-unable to SSH into server.

shiek.kaleem · April 25, 2013, 5:57am

Hi All,

Accidentally changed ownership of /var directory as root thinking that I am changing ownership of var directory in other location in the file system:D.Now unable to SSH into the server:(.
By gods grace I was able to regain the access again as server was in control of me at that time.Other wise hell would have broke down.

Is there any way I can set a message to be displayed a warning when I am changing the owner ship from root to some thing else for a particular directory .:wall:.I have tried upon all the ACL but didnt get worthy idea .

bitlord · April 25, 2013, 10:17am

I would setup a program like monit, or conary. Basically these are programs that will set file permissions or setting back to what they are where. If your core files are changed from the baseline, then it will email you. If you have it set up it will change them back after a certain time.

shiek.kaleem · April 26, 2013, 4:57am

Thanks for the suggestion .But I can not afford to add up one more mail demon to the running server .( Security reason's) .It will be a good thing to run a simple script to check out this thing and echo a message " The file permissions or ownership have been modified for the "...." directory ".

bitlord · April 26, 2013, 9:22am

The program could most likely be setup not to not email you. The email is to warn you about what the program is about to do. It would be bad if the program is changing things in the middle of a install. Usually you would turn off the program before system maintenance.

shiek.kaleem · April 26, 2013, 2:17pm

Is there a way that I can Just take the logic in the code for checking ownership and permission in code so that i can make into a simple script rather than installing it in total..as I dnt have the full set of permissions for installing as most of the servers are in remote client location

Corona688 · April 26, 2013, 2:42pm

Rather than altering chown, or invoking widespread changes to your filesystem, you could make a chown function which you put in root's ~/.profile or equivalent:

chown() {

        # Get rid of switches
        while [ "${1:0:1}" = "-" ]
        do
                OPTIONS="$OPTIONS $1"
                shift
        done

        for FILE in "$@"
        do
                set -- `ls -l "$FILE"`
                if [ "$3" = "root" ]
                then
                        echo "ERROR altering file/folder owned by root"
                        return 1
                fi
        done

        echo /usr/bin/chown $OPTIONS "$@"
}

Remove the 'echo' once you've tested and are sure you want. And be careful testing it in case you call the real chown by accident! Run it on something harmless.

This won't catch everything modified by a chown -R.