Unix root directory owner wrong AIX 5.3

UNIX AIX
1

The a chown was done and instead of using ./ a / was used and root ownership files got changed.

I need to change the ownership of the files/directory back - backups are not working and I am concerned a reboot will not be successful.

Can anyone provide the ownership of these files/directories or direct me to where I can find what the default ownership of root and subdir should be?
Below is an ls of the /

drwxr-xr-x  25 root     system         4096 Dec  5 01:12 .
drwxr-xr-x  25 root     system         4096 Dec  5 01:12 ..
drwxrwxr-x   3 root     system          256 Dec 21 2006  .SPOT
-rw-------   1 root     system         7260 Apr 11 2007  .sh_history
lrwxrwxrwx   1 root     system           20 May 11 2007  .udlibs71 -> /app/ud71/lib/uddlls
lrwxrwxrwx   1 root     system           20 Jul 14 2010  .udlibs72 -> /app/ud72/lib/uddlls
-r--r--r--   1 root     staff            20 Jul 14 2010  .unishared
-rw-------   1 root     system           74 Apr 11 2007  .vi_history
drwxr-xr-x   2 root     system         4096 Mar  7 2008  TT_DB
drwxr-xr-x  10 root     system         4096 May 27 2009  aixmaint
drwxrwxr-x  20 datatel  usr            4096 Apr 18 2011  app
drwxr-x---   2 root     audit           256 Dec 21 2006  audit
-rwxr-x---   1 root     system           25 Dec 17 2007  autobackup
lrwxrwxrwx   1 bin      bin               8 Dec 21 2006  bin -> /usr/bin
-rw-rw----   1 root     system         1323 Dec  4 03:03 bosinst.data
drwxrwx---   2 root     system          256 Sep 10 2007  cdrom
drwxrwxr-x   5 root     system         8192 Dec  8 00:00 dev
drwxr-xr-x  27 root     system         8192 Dec  5 01:15 etc
drwx------   3 root     system         4096 Dec  2 09:59 hlp
drwxr-xr-x   9 datatel  bin            4096 Mar 27 2009  home
-rw-rw----   1 root     system        10544 Dec  4 03:03 image.data
lrwxrwxrwx   1 bin      bin               8 Dec 21 2006  lib -> /usr/lib
drwx------   2 datatel  system          256 Dec 21 2006  lost+found
drwxr-xr-x 139 bin      bin            8192 Mar 31 2009  lpp
drwxr-xr-x   3 root     system          256 Dec 21 2006  mfg
drwxr-xr-x   5 root     system          256 Jun 13 2010  mkcd
drwxr-xr-x   2 bin      bin             256 Dec 21 2006  mnt
drwxr-xr-x  11 root     system         4096 Apr 11 2007  opt
dr-xr-xr-x   1 root     system            0 Dec  8 09:33 proc
drwxrwx---   2 root     system          256 Aug 27 2007  restore
drwxr-xr-x   3 bin      bin             256 Oct 29 2008  sbin
-rw-r--r--   1 root     system          700 Apr 11 2007  smit.log
-rw-r--r--   1 root     system          159 Apr 11 2007  smit.script
-rw-r--r--   1 root     system          307 Apr 11 2007  smit.transaction
drwxrwxr-x   2 root     system          256 Dec 21 2006  tftpboot
drwxrwxrwt  11 datatel  system        20480 Dec  8 09:33 tmp
lrwxrwxrwx   1 bin      bin               5 Dec 21 2006  u -> /home
lrwxrwxrwx   1 root     system           21 Dec 21 2006  unix -> /usr/lib/boot/unix_64
drwxrwxrwx  43 bin      bin            4096 Jul 14 2010  usr
drwxr-xr-x  27 datatel  bin            4096 Mar  6 2008  var
ksh: 1167506 Quit(coredump)

Thank you

2 
ksh: 1167506 Quit(coredump)

Is this showing up since the accident happened?
Was the chown recursive?
If this is the case and you don't get a solution, I'd recommend to take the permissions from a fresh installed box that hasn't been modified. Else, if possible you might want to backup your box's data and reinstall it, or restore a mksysb if possible.

If it is just the root directory and you don't get an answer; I can post a listing on monday.

1 Like
3

On my only remaining 5.3 box at TL08 I got this:

/home/root # cd /
/ # ls -l
total 23132
drwxr-x---    2 root     audit           256 18 Dec 2008  audit
lrwxrwxrwx    1 bin      bin               8 18 Mar 2010  bin -> /usr/bin
-rw-r--r--    1 root     system         6067 08 Aug 18:09 bosinst.data
drwxrwxr-x    8 4000     4000           2048 28 Apr 2008  cdrom
-rw-r--r--    1 root     system     13393920 05 Jun 2009  core
drwxr-xr-x    2 root     system          256 19 Jun 2009  db2bkups_new
drwxrwxr-x    5 root     system         8192 08 Dec 18:16 dev
drwxr-xr-x    6 root     system          256 28 May 2009  .dt
-rwxr-xr-x    1 root     system         3970 28 May 2009  .dtprofile
drwxr-xr-x   15 esaadmin system         4096 18 Dec 2008  esa
drwxr-xr-x   28 root     system        12288 08 Dec 18:16 etc
drwxr-xr-x   14 bin      bin            4096 12 Apr 2011  home
-rw-r--r--    1 root     system        10505 08 Aug 18:09 image.data
lrwxrwxrwx    1 bin      bin               8 18 Mar 2010  lib -> /usr/lib
drwx------    2 root     system          256 18 Mar 2010  lost+found
drwxr-xr-x  153 bin      bin           12288 04 Jul 12:17 lpp
drwxr-xr-x    2 root     system          256 19 Jun 2009  lv00_fs
drwxr-xr-x    3 root     system          256 26 Jan 2009  mkcd
drwxr-xr-x    3 bin      bin             256 27 Sep 23:51 mnt
drwxr-xr-x   13 root     system         4096 18 Mar 2010  opt
dr-xr-xr-x    1 root     system            0 08 Dec 18:17 proc
-rw-r--r--    1 root     system           36 18 Dec 2008  .rhosts
drwxr-xr-x    3 bin      bin             256 18 Dec 2008  sbin
-rw-------    1 root     system         1360 29 May 2009  .sh_history
drwxrwxr-x    3 root     system          256 18 Dec 2008  .SPOT
drwxrwxr-x    2 root     system          256 18 Dec 2008  tftpboot
drwxrwxrwt   15 bin      bin            8192 08 Dec 18:16 tmp
drwxr-xr-x    2 root     system         4096 29 May 2009  TT_DB
lrwxrwxrwx    1 bin      bin               5 18 Mar 2010  u -> /home
lrwxrwxrwx    1 root     system           21 18 Mar 2010  unix -> /usr/lib/boot/unix_64
drwxr-xr-x   43 bin      bin            4096 18 Mar 2010  usr
drwxr-xr-x   30 bin      bin            4096 26 Oct 2010  var
-rw-rw-r--    1 root     system            3 28 May 2009  .wmrc
-rw-------    1 root     system          123 28 May 2009  .Xauthority

HTH

1 Like
4

What was your current directory and what EXACT command did you execute?
What user were you at the time? If it was "root", please tell us.

If you have command history enabled, please retrieve the EXACT command.

(Sorry to shout).

What is you backup status?

Ps. The tail end of your post is "ksh: 1167506 Quit(coredump)". This is ominous. Please be prepared for a full system restore from last good backup. In the meantime DO NOT LOG OUT until you have gathered all the information you need.

Sorry to be overcritical but this is just too vague (but I get the gist that a chown command was typed for the root directory when it should have been relative to the current directory). What was actually typed and what was the current directory at the time? Were you logged in as "root"?

1 Like
5

Right, comparing with dukessd's useful post we can see that the owner "datatel" has appeared in spike1's directory list for some directories which should be owned by user "root". Directories with 777 permissions are irrelevant. The problem here looks like /var.

The big question remains. What EXACT command was typed, in what current directory and by which user?
This might be reversible (but don't hold your breath).

I'm in UK time. If this runs through the night in UK, please can someone pick up the thread.

1 Like
6

I was in a data directory (not a system directory) when I typed the command:
I was in /app/datatel/coll18/coll18_live/apphome
when I typed

chown -R / datatel

when I should have typed

chown -R ./ datatel

I was attempting to change owner under the apphome directory but with my syntax error I changed the owner under root. I stopped the command before it completely disrupted the system.

I was able to set a number of the ownerships back to what I am think they should be and the system is running, rebooting, and getting backups.

Most of the damage was done under the var directory ALSO the /home ownership is still in question. Should it be root?

Thank you for posting some responses!

---------- Post updated at 09:55 AM ---------- Previous update was at 09:51 AM ----------

ksh: 1167506 Quit(coredump)

I cannot say definetly is this is showing up since the chown command - I believe so.

I am not the Unix Administrator so I usually do not take not of these system files.

thanks

---------- Post updated at 10:11 AM ---------- Previous update was at 09:55 AM ----------

I apoligize... I am new to this forum:

The exact command I typed when I was in

pwd
/app/datatel/coll18/coll18_live/apphome/

was

find . -name "*" | xargs chown datatel

When I should have typed

find ./ -name "*" | xargs chown datatel
 
The list was too long to chown using a recurrsive so I used the xargs.
 
My previous post of 

chown -R datatel

was incorrect. That was the command I had entered prior to using the xargs.

I do not have the history.

I did not log off or reboot until I was sure I was able to log in. As mentioned earlier I had issues with the /home directory. Root user could not log in.

I was able to go to the security directory and change the profile file to redirect roots home directory to / instead of /home/root and then I was able to log in.

I am now trying to confirm the ownership of the files I have changed.

Thank you to all that have been responding.

---------- Post updated at 10:13 AM ---------- Previous update was at 10:11 AM ----------

Yes, I was root at the time I executed this command

---------- Post updated at 10:14 AM ---------- Previous update was at 10:13 AM ----------

Thank you for posting the listing. I will use it to compare to what I have changed the ownership to.

---------- Post updated at 10:34 AM ---------- Previous update was at 10:14 AM ----------

thank you dukessd for posting the listing.
I compared the ownership to the what I changed the ownership back to in the root directory.

I based a number of the ownership based on the group that was set on the file (because I had not changed these or the permissions).

DUKESSD listing for home directory has an owner of bin.
I changed my home directory owner to bin and this caused complete chaos. Users were kicked off the system (at that point the system was still functioning) and the root user could not log in. Certain commands would hang for example

ls -al

would cause the system to hang but

ls -l

would work.

I could not do a

pwd

Once I changed the

/etc/passwd

entry for the home directory of root to be

/

I was able to log in as root and I changed the permission back to user datatel on the home file only because when it was user datatel we would log in and process command.

I an now concerned about having to change the owner back to bin on the home directory.

teamaix(root): /etc -> more passwd
root:!:0:0::/:/usr/bin/ksh
daemon:!:1:1::/etc:
bin:!:2:2::/bin:
sys:!:3:3::/usr/sys:
adm:!:4:4::/var/adm:
uucp:!:5:5::/usr/lib/uucp:

I also added user datatel to system groups trying to increase privileges in case I the root user could not log in.

teamaix(root): /etc -> more group
system:!:0:root,hlp,ezadmin,udmsmgr,udms,datatel,uiusers,dmiadmin
staff:!:1:ipsec,sshd,datatel,staftp,stfftp,uiusers,dmiadmin
bin:!:2:root,bin,datatel,uiusers,dmiadmin
sys:!:3:root,bin,sys,datatel
adm:!:4:bin,adm,ezadmin,datatel
uucp:!:5:uucp,nuucp
mail:!:6:
security:!:7:root
cron:!:8:root
printq:!:9:lp
audit:!:10:root
ecs:!:28:
nobody:!:4294967294:nobody,lpd

Could there be some other reason that changing the home directory owner to bin caused such problems?

7

The home directory for the root account must be on the root filesystem. Your issue was probably that /home was not mounted when you wanted to log in as root in single user. Nowadays the home directory for root is usually /root .

Providing that directory /home has permissions 755 I don't think it matters who owns it. It would normally be root.

Suggest you run a "find" from root and check every file or directory still owned by user "datatel".

e.g.

find // -follow -user "datatel" -print | while read filename
do
         ls -lad "${filename}"
done
1 Like