Fixing Mass Permissions Issue
-
Saw this and had to share. So let's troubleshoot. Besides murdering that person, how would you fix this (after fixing the user so they don't reproduce)?
-
As far as I know, outside of a reinstall, I don't think you can restore permissions to the system after something like that. Time to lock down su or root.
-
Or at least change the password, after firing this guy.
-
Did they have a backup?
-
@coliver said:
Did they have a backup?
No clue. You know what I know, which is what that post shows.
-
I think this would be hard if they didn't have a backup. Would auditd be able to tell what the permissions were changed from?
-
Pretty much a backup is required. This is a blanket change to every file on the system. Each one needs to be rolled back to previously unknown states. You can pretty much guess at this if you are good and are willing to invest the time in a high level UNIX admin to guess at ti, test files and have end users testing constantly to see if you are getting it right.
Pretty much, this simply means that you are restoring everything.
-
@scottalanmiller said:
Pretty much a backup is required. This is a blanket change to every file on the system. Each one needs to be rolled back to previously unknown states. You can pretty much guess at this if you are good and are willing to invest the time in a high level UNIX admin to guess at ti, test files and have end users testing constantly to see if you are getting it right.
Pretty much, this simply means that you are restoring everything.
That's what I figured too.
-
@scottalanmiller
Never really thought about it but it makes sense. Not to mention the amount of time needed to go file by file.. it's not practical. If they don't have a backup,... sucks to be them. -
@g.jacobse said:
@scottalanmiller
Never really thought about it but it makes sense. Not to mention the amount of time needed to go file by file.. it's not practical. If they don't have a backup,... sucks to be them.If they have no backup, time to rebuild the machine, physical or VM, and restore any databases, etc. Other than that, not much I can think to do.
-
@g.jacobse said:
@scottalanmiller
Never really thought about it but it makes sense. Not to mention the amount of time needed to go file by file.. it's not practical. If they don't have a backup,... sucks to be them.Pretty much. It's pretty bad.
-
@thanksaj said:
If they have no backup....
They need to rethink why they have computers at all.
-
@scottalanmiller said:
@thanksaj said:
If they have no backup....
They need to rethink why they have computers at all.
True that.
-
We had something like this once on a wordpress installation, when the user changed permission on the whole site folder, and used a script which is still available in the internet, which scans and fixes the whole directory when you give the WP owner and group usernames. We still have the scripts saved on all our servers, just to do a quick permission fix to avoid a mass restore and re deploy the site.
-
I don't see much hope other than starting over in a case like this. It's more or less the same as doing the infamous rm -rf / except far better because at least you can take a final backup and recover, file by file, anything specific that you need.