SUMMARY: Restoring OS permissions

From: Villén Pizarro, Julia <jvillen_at_indra.es> Date: Tue Jul 23 2002 - 09:27:38 EDT · This archive was generated by hypermail 2.1.8 : Thu Mar 03 2016 - 06:42:49 EST

Hello:
Sorry for the delay. I got a lot of answers, thanks a lot.

The main proposal was to do:

pkgchk -f

Other suggestions were:

"If you had another Sol 7 system it wouldn9t be too hard to write a perl
script to take the ls -lR / output from the good one and parse it out and
reset the perms on the bad one."

"You need to check you umask settings I think."

"I don't know of any way to restore the correct permissions to all files,
but
I'm not sure I'd want to as system security may have been compromised.
Personally, I'd organise a downtime window and reinstall the OS. To quote
a
famous movie "It's the only way to be sure".

"Well, take a look at the /var/sadm/install/contents file. It contains
all perms for all installed 'packages'... You
can create a scipt to either read it and reset the perms or juest
manipulte teh file into a script.
But, this will not catch stuff like /dev, /devices, etc..."

"We have two servers on our network that have been mangled by wellmeaning
(but illinformed) people with root access.  What I ended up doing (since
we couldn't take the boxes offline and re-install them), was to go to a
healthy machine, and do a find of all files, create a list of all
permissions (and ownership) of those files and use that as input to a
chmod/chown script (also custom written).  That fixed most of the
problems.
Or at least enough of them to allow a reasonable stability of the boxes
in question."

"I had to do this once so I wrote a simple script.
You will need to go to a good system and take a snapshot of the files and
perms,
e.g. ls -lR from / directory, dump the output to a file, make sure that
you only see
filenames, if you need directories to chmod, then you will need to modify
my scrip a
little. Here is the script:
#!/bin/ksh
#
# probably you will need to run this only once.
# will change owner:group of file according to feeded file in format
# owner:group:filename
#
for name in `cat list`
        do
        tUSER=`echo $name | cut -d : -f1`
        tGRP=`echo $name | cut -d : -f2-`
        FILE=`echo $name | cut -d : -f3-`
        if [ -f $FILE ]; then
# the following line works if echoed but may not work if echo
# is taken out, you can redirect the output to a file and run
# that output file
        echo        /usr/bin/chown $TUSER:$tGRP $FILE
        fi
done
"

Thanks a lot,

Bye
Julia
_______________________________________________
sunmanagers mailing list
sunmanagers@sunmanagers.org
http://www.sunmanagers.org/mailman/listinfo/sunmanagers