# I overwrote all file permissions on the entire system to be executable!



## einthusan (Jun 10, 2012)

Please help! I accidentally overwrote all file permissions on the root folder.

In / directory:
`chmod -R 0777 *`

Is there some sort of rollback or "reset to default" command? OMG, I'm so stupid!


----------



## graudeejs (Jun 10, 2012)

You do have backups, don't you?


----------



## AJ (Jun 10, 2012)

Unfortunately the best way to recover from this is to rebuild your system.

*S*ee this: http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/makeworld.html

You may also want to fix up your directory permissions with mtree:


```
# cd /
# mtree -U -f /etc/mtree/BSD.root.dist
# mtree -U -f /etc/mtree/BSD.var.dist
# mtree -U -f /etc/mtree/BSD.include.dist
# mtree -U -f /etc/mtree/BSD.sendmail.dist
# mtree -U -f /etc/mtree/BSD.usr.dist
```


----------



## kpa (Jun 10, 2012)

I believe the specifications in /etc/mtree use relative paths so you have do it this way:


```
cd /
mtree -U -f /etc/mtree/BSD.root.dist
cd /var
mtree -U -f /etc/mtree/BSD.var.dist
...
```


----------



## wblock@ (Jun 10, 2012)

But that only does the base, so then rebuild all ports.  Then manually fix permissions on data files.

From now on, don't use unqualified wildcards.  Also, setting anything to 777 is almost always a mistake.


----------



## throAU (Jun 11, 2012)

The lesson here is thus: be VERY careful with -R.  And as wblock stated, I would not use it with wildcards. At least not without thinking long and hard about what you are doing, first.  And of course, don't run as root if you don't need the power. I've burned myself with this many years ago by doing the following, as root, on a production system (in an effort to fix my dotfile permissions).

[cmd=me@host:~ #] chown -R me .*[/cmd]

Seems innocuous enough?

.* of course matches ".."

So it traversed up into /home and started owning everyone's home directories to myself.  Managed to realise "Hmm that's taking a long time... oh crap!" and killed it before it went too much further, and managed to fix it with an awk script.  Luckily it was an elderly sparc with a fairly busy disk.

But yes.  Be careful.  VERY careful.


----------



## einthusan (Jun 11, 2012)

graudeejs said:
			
		

> You do have backups, don't you?



I only back up my data, not the entire OS.


----------



## einthusan (Jun 11, 2012)

Thanks everyone for the awesome support! Just curious about how dangerous is this? If I'm the only user and ever will be, but if it''s a production machine running a web service, does this make the system vulnerable to attacks from outside?


----------



## ManaHime (Jun 11, 2012)

If you run anything that has a vulnerabilities and chances are you do, then if someone gets in your computer he or she will have access to everything on your computer and it's something you probably don't want


----------



## phoenix (Jun 11, 2012)

Any file with 777 permissions means *anyone* can do *anything* to that file (except delete it; unless the directory also has 777).


----------



## throAU (Jun 11, 2012)

To clarify the above:  it means that if someone was able to get your HTTP daemon (or other daemon) to write to the filesystem, they could modify your startup scripts, firewall rules, etc.

If it is a production web server, you definitely want to secure it.  Whilst it may not be a wide open door in itself, it means that you've removed a huge amount of security from the box.  A small hole can now very easily be exploited into a massive hole.


----------



## einthusan (Jun 11, 2012)

Thanks again for all the clarification.

Okay so I did as everyone suggested, upgraded to the latest stable version and reinstalled all the ports as well. However, I am still a bit worried about if it worked or not. Is this how your root, usr and var directory permissions look like?

/

```
total 138
-rw-r--r--   2 root  wheel  1012 Jun 10 03:10 .cshrc
-rw-r--r--   2 root  wheel   259 Jun 10 03:10 .profile
-r--r--r--   1 root  wheel  6200 Jun 10 03:10 COPYRIGHT
drwxr-xr-x   2 root  wheel    46 Jun 11 02:30 bin
drwxr-xr-x   8 root  wheel    43 Jun 11 02:30 boot
dr-xr-xr-x  10 root  wheel   512 Jun 10 22:34 dev
-rw-------   1 root  wheel  4096 Jun 10 03:59 entropy
drwxr-xr-x  20 root  wheel   105 Jun 11 02:56 etc
drwxr-xr-x   3 root  wheel    48 Jun 11 02:30 lib
drwxr-xr-x   3 root  wheel     7 Jun 11 02:30 libexec
drwxr-xr-x   2 root  wheel     2 Jan  3 02:55 media
drwxr-xr-x   2 root  wheel     2 Jan  3 02:55 mnt
dr-xr-xr-x   2 root  wheel     2 Jan  3 02:55 proc
drwxr-xr-x   2 root  wheel   142 Jun 11 02:30 rescue
drwxr-xr-x   3 root  wheel     9 Jun 10 06:49 root
drwxr-xr-x   2 root  wheel   131 Jun 11 02:30 sbin
lrwxr-xr-x   1 root  wheel    11 Jun 11 02:30 sys -> usr/src/sys
drwxrwxrwt   6 root  wheel   680 Jun 11 03:01 tmp
drwxr-xr-x  16 root  wheel    16 Jun 11 01:49 usr
drwxr-xr-x  23 root  wheel    23 Jun 10 22:34 var
```

/var

```
total 179
drwxr-xr-x  2 root    wheel    2 Jan  3 02:55 account
drwxr-xr-x  4 root    wheel    4 Jan  3 02:55 at
drwxr-x---  2 root    audit    2 Jan  3 02:55 audit
drwxr-x---  2 root    wheel    9 Jun 11 03:01 backups
drwxr-x---  2 root    wheel    2 Jan  3 02:55 cache
drwxr-x---  2 root    wheel    3 Jan  3 02:57 crash
drwxr-x---  3 root    wheel    3 Jan  3 02:55 cron
drwxr-xr-x  9 root    wheel   13 Jun 11 03:02 db
dr-xr-xr-x  2 root    wheel    2 Jan  3 02:55 empty
drwxrwxr-x  2 root    games    2 Jan  3 02:55 games
drwx------  2 root    wheel    2 Jan  3 02:55 heimdal
drwxr-xr-x  2 root    wheel   29 Jun 11 03:01 log
drwxrwxr-x  2 root    mail     3 Jun 11 03:02 mail
drwxr-xr-x  2 daemon  wheel    3 Jun  8 18:36 msgs
drwxr-xr-x  5 root    wheel    5 Jan  3 02:55 named
drwxr-xr-x  2 root    wheel    2 Jan  3 02:55 preserve
drwxr-xr-x  5 root    wheel   21 Jun 11 03:02 run
drwxrwxr-x  2 root    daemon   2 Jan  3 02:55 rwho
drwxr-xr-x  8 root    wheel    8 Jan  3 02:55 spool
drwxrwxrwt  7 root    wheel    7 Jun 11 03:02 tmp
drwxr-xr-x  2 root    wheel    4 Jun 11 02:30 yp
```

/usr

```
total 143
drwxr-xr-x   2 root  wheel  477 Jun 11 02:56 bin
drwxr-xr-x   2 root  wheel   16 Jun 11 02:30 games
drwxr-xr-x   2 root  wheel    2 Jun  8 11:22 home
drwxr-xr-x  53 root  wheel  283 Jun 11 02:30 include
drwxr-xr-x   7 root  wheel  556 Jun 11 02:30 lib
drwxr-xr-x   4 root  wheel  571 Jun 11 02:30 lib32
drwxr-xr-x   5 root  wheel    5 Jan  3 02:55 libdata
drwxr-xr-x   6 root  wheel   62 Jun 11 02:30 libexec
drwxr-xr-x  13 root  wheel   13 Jun 10 01:18 local
drwxr-xr-x   4 root  wheel    4 Jun 11 02:16 obj
drwxr-xr-x  69 root  wheel   85 Jun 11 02:51 ports
drwxr-xr-x   2 root  wheel  286 Jun 11 02:30 sbin
drwxr-xr-x  27 root  wheel   27 Jan  3 02:57 share
drwxr-xr-x  22 root  wheel   31 Jun 11 01:43 src
```


----------



## jabseko (Jun 16, 2012)

I was too looking for the solution for this particular problem and found this thread thanks for helping each other guys.


----------

