Cause of the problem
I intended to add group write permission on hidden files like '.hgignore' with the following:
# pwd
/opt
# sudo chmod -R g+w .*
The problem is that '..' matched this pattern, and now the entire RHEL filesystem has g+w set. The immediate problems are the following:
- /etc/sudoers needs to be set to 440, not 460, so now users cannot use sudo.
- Some similar mechanism to the above doesn't allow ssh access. (Remote ssh clients receive the message "ssh_exchange_identification: Connection closed by remote host" error)
Question
In order to regain the ability to log in remotely, someone with physical access to the server needs to be instructed on how to fix the system.
The question now is: what important files and directories need to have their permission reverted in order to restore ssh and sudo functionality?
Note about "closed as duplicate"
The question Why is "chmod -R 777 /" destructive? provides detailed explanations on what effect recursively expanding permissions can have. This question is intended to answer to question of how to regain remote access via ssh so that more extensive restoration and repairs can be performed.
No comments:
Post a Comment