But the doc pointed out that the user "root" might not use the bash shell. What if he was a psychopath and used csh? In that case you'd have to look for a bunch of .c* files. I immediately realized the best thing to do was to wildcard this task:
chmod 600 /root/.*And then I moved on.
But within a few minutes... something was wrong. In another window, as user "doug", I tried to list a directory.
-bash: ls: command not foundWhat? I couldn't even list my home directory. As a matter of fact, I couldn't execute any command.
This is where your heart kind of skips a beat. As root I could list anything, including /bin/ls. So as root, I tried to switch to user doug:
su: warning: cannot changeto directory /home/doug:Oh crap!
Permission denied
su: /bin/bash: Permission denied
Eventually it occurred to me. Consider this situation:
ls -a /rootWhen I used the dot-splat wild card, it must have picked up dot-dot, which would be the root directory. From there it probably reset the permissions on /bin, /etc, and so on. I just needed to reset those perms to 755.
. .. .bashrc .bash_logout .bash_profile
No luck. As a matter of fact, every directory seemed to be correct. I could not see any permission that was wrong. And then... in a stroke of unparalleled genius, I tried something else. I looked at the only set of directory permissions you can never see:
# ls -ld /What about:
drw------- 24 root root 4096 Aug 22 22:51 /
# chmod 755 /And now everything works.
# ls -ld /
drwxr-xr-x 24 root root 4096 Aug 22 22:51 /
Whew.
In the end, however, I do have to admit one thing: The system was significantly hardened. Hard as a brick!
No comments:
Post a Comment