Krdytkyu

I wrote and have been using for several years a couple of Ruby scripts to rsync permissions and ownership. Script get-filesystem-acl collects all the information by recursively traversing all the files and puts it all into the file .acl. Script .acl-restore will read .acl and apply all the chown's and chmod's.

You can run get-filesystem-acl on a similar Ubuntu installation and then copy over the .acl file to your chmod-damaged box, put .acl and .acl-restore in /, and run .acl-restore.

You will need to have root so fix your sudo as Marco Ceppi suggested.

I can generate and give you the .acl file for my Ubuntu.

get-filesystem-acl

#!/usr/bin/ruby



RM   = "/bin/rm"

SORT = "/usr/bin/sort"

TMP  = "/tmp/get_acl_#{Time.now.to_i}_#{rand * 899 + 100}"



require 'find'



IGNORE = [".git"]



def numeric2human(m)

  return sprintf("%c%c%c%c%c%c%c%c%c",

            (m & 0400 == 0 ? ?- : ?r),

            (m & 0200 == 0 ? ?- : ?w),

            (m & 0100 == 0 ? (m & 04000 == 0 ? ?- : ?S) :

                             (m & 04000 == 0 ? ?x : ?s)),

            (m & 0040 == 0 ? ?- : ?r),

            (m & 0020 == 0 ? ?- : ?w),

            (m & 0010 == 0 ? (m & 02000 == 0 ? ?- : ?S) :

                             (m & 02000 == 0 ? ?x : ?s)),

            (m & 0004 == 0 ? ?- : ?r),

            (m & 0002 == 0 ? ?- : ?w),

            (m & 0001 == 0 ? (m & 01000 == 0 ? ?- : ?T) :

                             (m & 01000 == 0 ? ?x : ?t)))

end





File.open(TMP, "w") do |acl_file|



  # TODO: Instead of the current dir, find the .git dir, which could be

  #       the same or outside of the current dir

  Find.find(".") do |path|



    next if IGNORE.collect {|ig| !!(path[2..-1] =~ /A#{ig}/)}.include? true

    next if File.symlink?(path)



    stat = File.lstat(path)

    group_id = stat.gid

    rules    = "#{type}#{numeric2human(stat.mode)}" 



    acl_file.puts "#{path} #{rules} #{owner_id} #{group_id}"

  end

end



`#{SORT} #{TMP} > .acl`

`#{RM}   #{TMP}`

.acl-restore

#!/usr/bin/ruby



# This script will only work with .acl_ids



# Restore from...

FROM  = ".acl"



MKDIR = "/bin/mkdir"

CHMOD = "/bin/chmod"

CHOWN = "/bin/chown"

known_content_missing = false





def numeric2human(m)

  return sprintf("%c%c%c%c%c%c%c%c%c",

            (m & 0400 == 0 ? ?- : ?r),

            (m & 0200 == 0 ? ?- : ?w),

            (m & 0100 == 0 ? (m & 04000 == 0 ? ?- : ?S) :

                             (m & 04000 == 0 ? ?x : ?s)),

            (m & 0040 == 0 ? ?- : ?r),

            (m & 0020 == 0 ? ?- : ?w),

            (m & 0010 == 0 ? (m & 02000 == 0 ? ?- : ?S) :

                             (m & 02000 == 0 ? ?x : ?s)),

            (m & 0004 == 0 ? ?- : ?r),

            (m & 0002 == 0 ? ?- : ?w),

            (m & 0001 == 0 ? (m & 01000 == 0 ? ?- : ?T) :

                             (m & 01000 == 0 ? ?x : ?t)))

end



def human2chmod(mode)

  raise unless mode =~ /([r-][w-][xtsTS-])([r-][w-][xtsTS-])([r-][w-][xtsTS-])/

  triple = [$1, $2, $3]

  u,g,o = triple.collect do |i|

    i.sub('s', 'sx').sub('t', 'tx').downcase.gsub('-', '')

  end



  return "u=#{u},g=#{g},o=#{o}" 

end







File.open(FROM).each do |acl|

  raise unless acl =~ /A(([^ ]*? )+)([^ ]+) ([^ ]+) ([^ ]+)Z/

  path, rules, owner_id, group_id = $1, $3, $4, $5

  path = path.strip

  owner_id = owner_id.to_i

  group_id = group_id.to_i



  if !File.exists?(path) and !File.symlink?(path)

    if rules =~ /Ad/

      STDERR.puts "Restoring a missing directory: #{path}"

      STDERR.puts "Probably it was an empty directory. Git goes not track them."

      `#{MKDIR} -p '#{path}'` # Creating the any parents

    else

      known_content_missing = true

      STDERR.puts "ERROR: ACL is listed but the file is missing: #{path}"

      next

    end

  end



  s = File.lstat(path)

  t = s.ftype[0..0].sub('f', '-') # Single character for the file type

                                  # But a "-" istead of "f"



  # Actual, but not neccesarely Desired 

  actual_rules    = "#{t}#{numeric2human(s.mode)}"

  actual_owner_id = s.uid 

  actual_group_id = s.gid 



  unless [actual_rules, actual_owner_id, actual_group_id] ==

    [rules, owner_id, group_id]



    chmod_argument = human2chmod(rules)



    # Debug

    #p chmod_argument

    #p s.mode



    ## Verbose

    puts path

    puts "Wrong: #{[actual_rules, actual_owner_id, actual_group_id].inspect}"

    puts "Fixed: #{[rules, owner_id, group_id].inspect}"

    `#{CHMOD} #{chmod_argument} '#{path}'`



    #puts

  end



end



if known_content_missing

  STDERR.puts "-" * 80 

  STDERR.puts "Some files that are listed in #{FROM.inspect} are missing in " +

              "the current directory."

  STDERR.puts

  STDERR.puts "Is #{FROM.inspect} outdated?"

  STDERR.puts "(Try retrograding the current directory to an earlier version)"

  STDERR.puts

  STDERR.puts "Or is the current directory incomplete?"

  STDERR.puts "(Try to recover the current directory)"

  STDERR.puts "-" * 80 

end

In long: you can. You'll need to mount the the file system from the a Live CD and begin reverting the permissions in the appropriate places. At a minimum to get sudo back you'll want to run sudo chmod u+s /usr/bin/sudo while in the LiveCD session - that will fix the must be setuid root.

However, it would likely be easier to simply reinstall the system.

I would try to reinstall all packages with apt-get install --reinstall, possibly using the output of dpkg --get-selections | grep install to get a list of them.

Alright, I haven't tested this (so use at your own risk), but it still might work. I Will test this in a virtual machine when I get the chance to:

First, in a still working system, I did the following to get all file permissions in a list, skipping the /home/ directory:

sudo find / -not -path /home -printf "%m:%p" > /tmp/fileper.log

This will print the permissions and file name for each file or directory on the system, followed by a character (this is needed later on to deal with weird file names such as those containing newlines).

Then, on a system where the file permissions have been compromised:

while IFS=: read -r -d '' perm file; do  

    chmod "$perm" "$file"

done < /tmp/fileper.log 

This will read each line of fileper.log, saving the permissions as$perm and the file name as $file and then will set the file (or directory's) permissions to whatever was listed in the fileper.log

A few things to note here:

• While outputting to the file: /tmp/fileper.log, you might be listing custom settings, and proc, etc.


• you might not be able to boot, or run commands,

What I would suggest is boot up a LiveCD with the Linux version you have on your disk, run the command, modify the path to where you have the local disk mounted, and run the second command!

I have tested that when booted from an Ubuntu CD/USB, I can choose not to format disk, meaning it will replace everything in the / directory, BUT skip the /home/ directory. Meaning your users will have the configuration of apps/DATA(Music,Video,Documents) still intact. And by replacing the system files, the chmod is set to there proper number.

(I know I shouldn't comment in an answer, but not enough reputation to comment.)

blade19899's answer worked for me except for symlinks. E.g. it applied 755 to /bin/bash, but then applied 777 to the symlink /bin/rbash, effectively 777-ing /bin/bash.

As I already had the fileper.log file, I just modified the destination-end command:

while IFS=: read -r -d '' perm file; do  

    if [[ ! -L "$file" ]]; then    

        chmod "$perm" "$file"

    fi

done < /tmp/fileper.log 

You can try restoring permissions with apt-get.

If you can not run these commands with sudo you may need to boot to recovery mode and run them as root.

For booting to recovery mode see https://wiki.ubuntu.com/RecoveryMode.

From http://hyperlogos.org/page/Restoring-Permissions-Debian-System

Note: This was originally posted on the Ubuntu Forums but I can not find the original post.

Try, in order,

sudo apt-get --reinstall install `dpkg --get-selections | grep install | grep -v deinstall | cut -f1`

If that fails:

sudo apt-get --reinstall install `dpkg --get-selections | grep install | grep -v deinstall | cut -f1 | egrep -v '(package1|package2)'`

And finally, as a last resort,

sudo dpkg --get-selections | grep install | grep -v deinstall | cut -f1 | xargs apt-get --reinstall -y --force-yes install

Using apt-get

Here's the relevant snip, EDITED FOR CORRECTNESS and reformatted:

sudo apt-get --reinstall install `dpkg --get-selections | grep install | grep -v deinstall | cut -f1`

Let's say you get messages about some packages that can't be reinstalled, and the command fails. Here's one way to fix it by skipping the packages in question:

sudo apt-get --reinstall install `dpkg --get-selections | grep install | grep -v deinstall | cut -f1 | egrep -v '(package1|package2)'`

And finally, if you should somehow have so many things installed that the above command fails saying your argument list is too long, here's the fix, which will run apt-get many more times than you might like:

sudo dpkg --get-selections | grep install | grep -v deinstall | cut -f1 | xargs apt-get --reinstall -y --force-yes install

Note the -y and --force-yes options, which will stop apt-get from prompting you over and over again. These are always fun options, if you're sure you know what you're doing.