Fedora 31 Server Edition filesystem permissions changed to 777
-
I would take the system offline if at all possible before doing anything else.
If you lost access to your root and user accounts because someone changed the credentials then you have a lot that needs to be fixed.
The quickest solution to start by securing this system would be to reviewing this and possibly applying much of it.
As for the system as a whole I don't know if you could ever really trust it.
-
Disabling password authentication for ssh keypair authentication is a super simple first step that should be done in any system.
-
@DustinB3403 Yeah it is offline. I got back my access to root and user account. Thanks for the link. Interesting stuff
-
I would never trust it.
This is a get your data and wipe scenario.
-
I've decided to install my Server from scratch.
I am wondering about:-
How to backup and restore both MySql and Nextcloud content?
/data directory is located on a separate partition. -
Is it possible to restore user credentials?
-
Is there some Fedora / CentOS based howtos?
Any help is very appreciated.
Best regards,
Woti -
-
@Woti Your system is not compromised (yet), as you caused the problem. But because of the global permissions change, it will be trivial to compromise down the road. That is why you have to (should) reinstall from scratch.
Assuming that your current Nextcloud instance is now working again, simply do a normal backup process.
https://docs.nextcloud.com/server/stable/admin_manual/maintenance/migrating.html
Prior to migrating you can also fix you permissions on the existing NC data files.
Assuming default file location:
# All the directories should be 755 find /var/www/html/nextcloud/data -type d -exec chmod 755 {} \; # All of the files should be 644 find /var/www/html/nextcloud/data -type f -exec chmod 644 {} \; -
@Woti said in Fedora 31 Server Edition filesystem permissions changed to 777:
How to backup and restore both MySql and Nextcloud content?
/data directory is located on a separate partition.MySQL / MariaDB has standard backup procedures like mysqldump. Just use those. There's no NextCloud specific information to have here.
Same with the /data directory. Just take a normal backup of it like you would with any file server.
And in doing so, user creds are backed up automatically.
-
@scottalanmiller said in Fedora 31 Server Edition filesystem permissions changed to 777:
@Woti said in Fedora 31 Server Edition filesystem permissions changed to 777:
How to backup and restore both MySql and Nextcloud content?
/data directory is located on a separate partition.MySQL / MariaDB has standard backup procedures like mysqldump. Just use those. There's no NextCloud specific information to have here.
Same with the /data directory. Just take a normal backup of it like you would with any file server.
And in doing so, user creds are backed up automatically.
The linked migration instructions link to that info.
-
@Woti said in Fedora 31 Server Edition filesystem permissions changed to 777:
I've decided to install my Server from scratch.
I am wondering about:-
How to backup and restore both MySql and Nextcloud content?
/data directory is located on a separate partition. -
Is it possible to restore user credentials?
-
Is there some Fedora / CentOS based howtos?
Any help is very appreciated.
Best regards,
WotiYou can adapt this script for your setup.
https://riegers.in/nextcloud-backup-and-restore/ -
-
Hello again
I did a backup og my MariaDB. But I saw under /var/lib/mysql are a couple of folders and files and all of them got permissions 777.
I mean shouldn't it be 640?
When I did the backup of the Nextcloud DB are the (wrong) permissions stored too?
These are the 5 folders:
/.rocksdb
/#rocksdb
/mysql
/nextcloud
/performance_schemaCan you guys be so kindly and check what are the right permissions for /var/lib/mysql folder and subfolders I wrote about?
I just wanna be sure before I delete everything
Best regards,
Woti -
@Woti said in Fedora 31 Server Edition filesystem permissions changed to 777:
Hello again
I did a backup og my MariaDB. But I saw under /var/lib/mysql are a couple of folders and files and all of them got permissions 777.
I mean shouldn't it be 640?
When I did the backup of the Nextcloud DB are the (wrong) permissions stored too?
These are the 5 folders:
/.rocksdb
/#rocksdb
/mysql
/nextcloud
/performance_schemaCan you guys be so kindly and check what are the right permissions for /var/lib/mysql folder and subfolders I wrote about?
I just wanna be sure before I delete everything
Best regards,
WotiYou donβt backup the DB by backing up a folder. you are not doing something that you were told.
-
@Woti said in Fedora 31 Server Edition filesystem permissions changed to 777:
I did a backup og my MariaDB. But I saw under /var/lib/mysql are a couple of folders and files and all of them got permissions 777.
To back up any database like this, you have to shut it down completely before taking the backup. No database is meant to be backed up that way. You should always use the DB's own backup tools to get a working backup. Anything taken this way is an unreliable copy - any corruption is expected.
-
@Woti said in Fedora 31 Server Edition filesystem permissions changed to 777:
But I saw under /var/lib/mysql are a couple of folders and files and all of them got permissions 777.
I mean shouldn't it be 640?A correct backup and restore could not change them. What action did you take to do your backup and restore? The mysqldump commands cannot change the file permissions.
-
The permissions has been changed before. As I wrote in the beginning thread the entire filesystem has been changed to 777.
I could fix it via the rpm command but that command can just fix default files and folders, no user files and folders.To backup the database I used this command as recommented:
mysqldump --single-transaction -h localhost -u nextadmin -pnextcloudPassword nextcloud > /mnt/cloud/Nextcloud-DB_`date +"%Y%m%d"`.sql -
@Woti then you take that resulting file and copy it to the new system and restore it. The permissions of the sql backup file are irrelevant as long and it can be read.
-
I'll see soon. I've reinstalled Fedora 31 Server from scratch. I'm using newer and stronger certificates following those two guides:
https://linuxize.com/post/secure-apache-with-let-s-encrypt-on-centos-8/
https://riegers.in/nextcloud-installation-guide-ubuntu-18-04/Next step is to restore Nextcloud DB and get Nextcloud up and running again. I'm not working with the server every day, that's why it takes some time
Best regards,
Woti -
@Woti said in Fedora 31 Server Edition filesystem permissions changed to 777:
I'll see soon. I've reinstalled Fedora 31 Server from scratch. I'm using newer and stronger certificates following those two guides:
https://linuxize.com/post/secure-apache-with-let-s-encrypt-on-centos-8/
https://riegers.in/nextcloud-installation-guide-ubuntu-18-04/Next step is to restore Nextcloud DB and get Nextcloud up and running again. I'm not working with the server every day, that's why it takes some time
Best regards,
WotiGood luck. post here with questions. Busy but will always help if I can.
-
Everyone's busy that's why good things take time
-
My attempt to get running Nextcloud is stopped of a strange issue.
I get these following errors:
ssl_error_log:
[ssl:warn] AH01909: woti.dedyn.io:443:0 server certificate does NOT include an ID which matches the server name
Googling AH01909 gives a lot of answers but I can't figure it out.http_error_log:
[lbmethod_heartbeat:notice] AH02282: No slotmem from mod_heartmonitor
Googling AH02282 gives me different answers, not sure if I need this modul at all? Never had this notice in my prior Fedora system.Is there any way to completely undo certificate creation and start from scratch igjen without reinstalling the whole system?
Best regards,
Woti -
@Woti said in Fedora 31 Server Edition filesystem permissions changed to 777:
My attempt to get running Nextcloud is stopped of a strange issue.
I get these following errors:
ssl_error_log:
[ssl:warn] AH01909: woti.dedyn.io:443:0 server certificate does NOT include an ID which matches the server name
Googling AH01909 gives a lot of answers but I can't figure it out.http_error_log:
[lbmethod_heartbeat:notice] AH02282: No slotmem from mod_heartmonitor
Googling AH02282 gives me different answers, not sure if I need this modul at all? Never had this notice in my prior Fedora system.Is there any way to completely undo certificate creation and start from scratch igjen without reinstalling the whole system?
Best regards,
WotiAny reason you're not using certbot from Let's Encrypt?
