1

We have a minor disaster on a Centos7 system. A bug in a config script recursively set /, /bin, and /usr/bin, to 400 permissions. This means that basic commands like, chmod, mount, and almost everything else is un-executable. I'm pretty confident I can fix this by booting from a live-usb, but I'd have to make one. Also, the damaged machine is our router, so when it goes down, we lose our internet access.

I have another box with linux x64 binaries for chmod, bash, mount and the rest, is there some clever way to execute them from a usb (or the network or whatever) without rebooting?

Charlweed
  • 249
  • 3
  • 14

1 Answers1

0

On centos7 64 bit, the ld program is located at /lib64/ld-2.17.so. I would not have found it unless I had another centos7 system running. I used the binary ld-2.17.so to execute /bin/chmod , and fixed /bin, /usr/bin, and /bin/chmod. That was enough to allow me to start correcting everything else. On the other centos system, I ran:

for dir in /* ; do getfacl -pR "$dir" > /root/"$dir"_acls.txt  ; done

This gave me references on what the correct permissions are for my distro. I copied these txt files to the damaged system, and the for bin,boot,dev,etc, and home, I ran

for perm in /root/perms/*_acls.txt ; do setfacl --restore $perm ; done

This was not an exact match in files, but it is much better than doing every file at once, or every file individually.

Charlweed
  • 249
  • 3
  • 14
  • I think those commands could fail on certain characters in filenames. If filenames contains whitespace or shell control characters, they may not do what you think. – kasperd May 05 '17 at 00:24
  • @kasperd I highly doubt there is directory with space in name in `/` – Alexey Ten May 05 '17 at 05:22
  • @AlexeyTen On my first reading of the commands I thought they could fail on such names anywhere since they do run recursively. But you are right, it is actually only a problem for names in the root. So that would only be a very minor risk. – kasperd May 05 '17 at 06:42