-1

What i tried is this: https://stackoverflow.com/a/29903645/4983983

I executed this:

n=$(which node); \
n=${n%/bin/node}; \
chmod -R 755 $n/bin/*; \
sudo cp -r $n/{bin,lib,share} /usr/local

but now i can not execute for example sudo su command, i get following error:

sudo: /usr/bin/sudo must be owned by uid 0 and have the setuid bit set

I am not sure how can i redo it ?

EDIT: Regarding @Bodo answer:

sudo rpm --setperms mkdir
sudo rpm --setugids mkdir
cd /opt
 mkdir test13121
mkdir: cannot create directory ‘test13121’: Permission denied

BUT:

sudo  chown root:root /usr/bin/mkdir && sudo chmod 4755 /usr/bin/mkdir
mkdir test912121
tryingHard
  • 1,794
  • 4
  • 35
  • 74
  • 2
    Reinstall your machine. – tkausl Apr 19 '19 at 14:53
  • I would like to do it another way :/ And what excatly happened? – tryingHard Apr 19 '19 at 14:53
  • `n` probably ended up empty which means you changed the permissions of all files in `/bin/`. – tkausl Apr 19 '19 at 14:55
  • @tkausl /usr/bin/which: no node in (/usr/local/bin:/usr/bin:/usr/local/sbin:/usr/sbin:/home/username/.local/bin:/home/username/bin) – tryingHard Apr 19 '19 at 14:58
  • and n=${n%/bin/node}; gives nothing – tryingHard Apr 19 '19 at 14:59
  • @tkausl which of this two operation should return something to run this command safely ? – tryingHard Apr 19 '19 at 14:59
  • As I expected. `which node` is the line which should return the path to the node executable if it is installed. – tkausl Apr 19 '19 at 15:01
  • @tkausl I started fixing it with this command from root user:  `chown root:root /usr/bin/sudo && chmod 4755 /usr/bin/sudo` but i am not sure do i have to change every file to 4755 there(in /usr/bin) ? Will this be enough to fix this issue? – tryingHard Apr 19 '19 at 15:22
  • Yeah, why not make every executable setuid root? :D – Petr Skocik Apr 19 '19 at 23:17
  • @PSkocik i am not sure if this is a joke or not? If not do you mean the same command as i do? – tryingHard Apr 20 '19 at 08:07
  • @tryingHard `/usr/bin/*` executables are typiclally root owned. settting the setuid bit would open huge security holes. `chown root:root /usr/bin/sudo && chmod 4755 /usr/bin/sudo` should do it, but you need a root shell to be able to execute it. – Petr Skocik Apr 20 '19 at 09:47
  • It is normal for `cd /opt && mkdir test13121` to fail because `mkdir` is NOT suid-root. You would have to run it as `root`, e.g. with `sudo`. IMHO `rpm --setugids package_name` requires a package name, not a binary. I don't know if there is a package named `mkdir`. – Bodo Apr 29 '19 at 09:00

1 Answers1

1

The difficulty is to find out the normal permissions of the files you have changed.

You can try to reset the file permissions based on the information in the package management.

See e.g. https://www.cyberciti.biz/tips/reset-rhel-centos-fedora-package-file-permission.html

Citation from this page:

Reset the permissions of the all installed RPM packages

You need to use combination of rpm and a shell for loop command as follows:

for p in $(rpm -qa); do rpm --setperms $p; done
for p in $(rpm -qa); do rpm --setugids $p; done

I suggest to read the linked page completely and try this for a single package first. I guess you can somehow ask rpm to find the package name that contains e.g. /usr/bin/sudo. and try if the commands work for a single package.

Edit: If the setuid or setgid bits are not correct, you can try to change the order of the commands and use --setugids before --setperms. (In some cases chown resets setuid or setgid bits; don't know if this applies to the rpm commands.)

There are sources in the internet that propose to combine --setugids and--setperms in one command or to use option -a instead of a loop like

rpm -a --setperms

Read the documentation. (I don't have an RPM based system where I could test the commands.)

Community
  • 1
  • 1
Bodo
  • 9,287
  • 1
  • 13
  • 29
  • I have updated question - why is the differnce here ? – tryingHard Apr 23 '19 at 07:45
  • It does not work well with for example `chage` it is now `-rwxr-xr-x.` but was `-rwsr-xr-x.` the `s` is the difference. – tryingHard Apr 23 '19 at 14:25
  • @tryingHard I don't have an RPM based system for testing. Please read my edit and read the documentation or search for information about "setugids" and "setperms" in the internet. – Bodo Apr 29 '19 at 08:56