chmod issue - Incorrect Command Issued

Question

From this linked post (answered by @dmourati): How can I make a user and give read only access?

On a CentOS box

When attempting to create a readonly account, the command

chmod -R o+rx /

was executed under the root user.

A bunch of "Operation not Permitted" errors popped up before the command was quickly halted with

^C

Since this event the box is still operational (applications still work), but we can no longer SSH via PuTTY or WinSCP. I am thinking the SSH service was halted or broken. I am a novice Linux user, but it looks like the permissions were attempted to changed for the root user at the top directory.

We were thinking of rebooting the box on-site, but are concerned the box wouldn't come back up at all (applications still work right now) if we did.

Is there another approach that should be taken to reverse the action taken? Thank you for any guidance here. It is greatly appreciated.

Answer 1

ssh isn't working because the command you ran made the ssh host private keys and configuration file world readable. ssh refuses to allow connections in this case because of the security compromise.

Yes, this needs to be handled as a security incident. Not just because of ssh, but because the chmod command made everything on the system world readable that it could do before it was stopped.

The correct permissions look something like this (from a live CentOS 7 system):

[root@farshire ~]# ls -al /etc/ssh
total 624
drwxr-xr-x.  3 root root       4096 Apr 10 16:21 .
drwxr-xr-x. 98 root root       8192 Jul  1 05:51 ..
-rw-r--r--.  1 root root     577388 Apr 10 15:32 moduli
-rw-r--r--.  1 root root       1716 Apr 10 15:32 ssh_config
drwxr-xr-x.  2 root root         28 Apr 10 16:20 ssh_config.d
-rw-------.  1 root root       4748 Apr 10 16:21 sshd_config
-rw-------.  1 root root       3907 Apr 11  2018 sshd_config.20043.2018-12-02@04:15:14~
-rw-------.  1 root root       1159 Dec  2  2018 sshd_config.5202.2019-04-13@19:12:50~
-rw-r-----.  1 root ssh_keys    480 Apr 10 16:21 ssh_host_ecdsa_key
-rw-r--r--.  1 root root        162 Apr 10 16:21 ssh_host_ecdsa_key.pub
-rw-r-----.  1 root ssh_keys    387 Dec  2  2018 ssh_host_ed25519_key
-rw-r--r--.  1 root root         82 Dec  2  2018 ssh_host_ed25519_key.pub
-rw-r-----.  1 root ssh_keys   1679 Dec  2  2018 ssh_host_rsa_key
-rw-r--r--.  1 root root        382 Dec  2  2018 ssh_host_rsa_key.pub

Getting the permissions fixed here should allow sshd to start working again, though for added security you should simply delete all the host keys and restart sshd to regenerate them. Everyone who logs in to this box needs to be notified of the host key change.

You can then work on recovering the rest of the system, though as a commenter noted, you are most likely going to have to blow away and reinstall the OS.

Answer 2

I have never tried this, nor would I advise anybody to, but I would assume you changed the permissions of some essential files in /dev /sys /proc or /run. Somebody with more expertise might be able to answer exactly why your system broke.

If you are trying to achieve a read-only file system you should can simply mount the disk as read-only. You can find a lot of guides just by searching "read only root file system"

Here is just one I found for Debian: https://wiki.debian.org/ReadonlyRoot