Do I need to reinstall the OS after a mass chown command if only these two folders were 'affected'?

Question

I am using Ubuntu.

I ran the following command. But I stopped it after a while because I felt it was taking too long.

sudo chown -R $USER:$USER /

This made the sudo command to stop working. So I found a solution to bring back sudo to root by using this command in the emergency console (we can't use SSH with root):

chown root:root /usr/bin/sudo && chmod 4755 /usr/bin/sudo

Then I read comments online that it is advisable to reinstall the OS because many permissions would have been changed.

However I ran find / -user [username] on the server and another instance of the server with a saved image from before I ran the first chown command, I only found a handful of files that had different permissions. Why could that be? Why did only the /usr/bin/sudo file get changed and nothing else?

The only files where the user permissions are different are /proc and /sys/fs/cgroup/systemd/user/. They contain new files with user permissions given to the user that I chowned to. Does this look right or do I need reinstall the OS because these files are different to the saved image?

Thanks!

Answer 1

Most but not all /bin and /usr/bin files (and in fact most of the pre-installed OS files) are owned by root:root (according to the FHS), so if you chown them it will not affect much. However there are some exceptions and this can break some background stuff like sudo, cron, mail, systemd and applications. (And it’s much different in the /var directory, I assume you aborted the chown before that)

So it would be a good idea to get the ownership and permissions from a backup (or a clean new install if you did not much installs/customizing).

Some distributions also can reset permissions and apply security policies, but not sure how well that is supported for your specific system. For example rpm --setperms can do that for the named packages, for dpkg you can use the reinstall option (for example with the aptitude reinstall “~i” filter to work on all already installed packages).