AIX Linux Permissions Problems and Solution of CHMOD 0
Nuking your permissions problems on a server is typically just as bad as wiping out the server. Before you start trying to compare permissions server to server based on what they were elsewhere on a similar host, take a backup of the already misconfigured host. Yeah your system is already messed up but at least you can get back to square one if something goes haywire:
mksysb -ip /backup/folder/$(hostname).mksysb; # AIX
The steps here were forwarded to me from a good colleague of mine and how he went about solving this one:
First things first, get the list of files with no permissions. Here's the source with 000 or no permissions on the problem server, acquired with this command:
find / -ls |grep "\———-" |grep -v save |grep -v "\/proc" >/tmp/noperm.out
Here are some example files with the permission problem:
/tmp/noperm.out;95113 25 ———- 1 root system 24670 Jan 22 2008 /usr/sbin/dnssec-signkey95114 64 ———- 1 root system 65442 Mar 9 2012 /usr/sbin/dnssec-signzone94626 65 ———- 1 root system 66335 Nov 15 2011 /usr/sbin/dpid294684 6 ———- 1 root system 5532 Mar 30 2009 /usr/sbin/fingerd95111 2388 ———- 1 root system 2445108 Mar 9 2012 /usr/sbin/gated94986 42 ———- 1 root system 42216 Mar 9 2012 /usr/sbin/gdc94845 7 ———- 1 root system 6754 Aug 4 2011 /usr/sbin/gettable
for FILE in $(cat /tmp/noperm.out |awk '{print $11}'); dols -l $FILE >>/tmp/goodperm.out;done
/tmp/goodperm.out-r-xr-xr– 1 root system 24670 Jan 22 2008 /usr/sbin/dnssec-signkey-r-xr-xr– 1 root system 65442 Mar 9 2012 /usr/sbin/dnssec-signzone-rwxr-x— 1 root system 66335 Nov 15 2011 /usr/sbin/dpid2-r-xr-xr-x 1 root system 5532 Mar 30 2009 /usr/sbin/fingerd-r-xr-xr– 1 root system 2445108 Mar 9 2012 /usr/sbin/gated-r-xr-xr– 1 root system 42216 Mar 9 2012 /usr/sbin/gdc-rwxr-xr-x 1 root system 6754 Aug 4 2011 /usr/sbin/gettable
#!/bin/kshif [[ -a /tmp/perm-chmod.out ]]thenrm /tmp/perm-chmod.out # Delete existing target File for chmods if it exists.ficat /tmp/goodperm.out|awk '{if ( NF == "9" ){{perms=0if(substr($1,2,1) == "r")perms = perms + 400if(substr($1,3,1) == "w")perms = perms + 200if(substr($1,4,1) == "x")perms = perms + 100if(substr($1,4,1) == "S")perms = perms + 4000if(substr($1,4,1) == "s")perms = perms + 4100if(substr($1,5,1) == "r")perms = perms + 40if(substr($1,6,1) == "w")perms = perms + 20if(substr($1,7,1) == "x")perms = perms + 10if(substr($1,7,1) == "S")perms = perms + 2000if(substr($1,7,1) == "s")perms = perms + 2010if(substr($1,8,1) == "r")perms = perms + 4if(substr($1,9,1) == "w")perms = perms + 2if(substr($1,10,1) == "x")perms = perms + 1if(substr($1,10,1) == "T")perms = perms + 1000if(substr($1,10,1) == "t")perms = perms + 1001printf("\nchmod %d %s # %s ",perms,$9,$1)}}}' >/tmp/perm-chmod.outchmod 755 /tmp/perm-chmod.out
/tmp/perm-chmod.outchmod 554 /usr/sbin/dnssec-keygen # -r-xr-xr–chmod 554 /usr/sbin/dnssec-makekeyset # -r-xr-xr–chmod 554 /usr/sbin/dnssec-signkey # -r-xr-xr–chmod 554 /usr/sbin/dnssec-signzone # -r-xr-xr–chmod 750 /usr/sbin/dpid2 # -rwxr-x—chmod 555 /usr/sbin/fingerd # -r-xr-xr-xchmod 554 /usr/sbin/gated # -r-xr-xr–chmod 554 /usr/sbin/gdc # -r-xr-xr–chmod 755 /usr/sbin/gettable # -rwxr-xr-x
set -x /tmp/perm-chmod.out
rm /tmp/perm-chmod.out
TK