Fedora 31 Server Edition filesystem permissions changed to 777



  • Hello guys,
    I stumbled over this side when I was searching about restoring Fedora filesystem permissions and how to backup and restore Nextcloud content.
    I don't know how I got it done to change the whole filesystem permissions from standard to 777. I lost my root and user access too.
    I got some information about to use those commands:

    for p in $(rpm -qa); do rpm --setperms $p; done
    for p in $(rpm -qa); do rpm --setugids $p; done
    

    I lost my root and user access but I'd fix it with Fedoras rescue mode.
    All the rpm packages are fixed as much I can see it but there are a lot of key files and files / directories which aren't fixed.
    The Nextcloud data directory is untouched, it is mounted on a separat partition but the whole Nextcloud in /var/www/html/... has 777 now. I could fix this back to the right permissions, but anyway I have a feeling about that my system became unsecure.

    My questions are:

    1. Is there any way to get my system secure again?
    2. In case I have to reinstall which is the best way to backup and restore Nextcloud? I have access to all files and /data is mounted on a separat partition.

    Any help is appreciated.

    Beste regards,
    Woti



  • I would take the system offline if at all possible before doing anything else.

    If you lost access to your root and user accounts because someone changed the credentials then you have a lot that needs to be fixed.

    The quickest solution to start by securing this system would be to reviewing this and possibly applying much of it.

    As for the system as a whole I don't know if you could ever really trust it.



  • Disabling password authentication for ssh keypair authentication is a super simple first step that should be done in any system.



  • @DustinB3403 Yeah it is offline. I got back my access to root and user account. Thanks for the link. Interesting stuff πŸ™‚



  • I would never trust it.

    This is a get your data and wipe scenario.



  • I've decided to install my Server from scratch.
    I am wondering about:

    • How to backup and restore both MySql and Nextcloud content?
      /data directory is located on a separate partition.

    • Is it possible to restore user credentials?

    • Is there some Fedora / CentOS based howtos?

    Any help is very appreciated. πŸ™‚

    Best regards,
    Woti



  • @Woti Your system is not compromised (yet), as you caused the problem. But because of the global permissions change, it will be trivial to compromise down the road. That is why you have to (should) reinstall from scratch.

    Assuming that your current Nextcloud instance is now working again, simply do a normal backup process.

    https://docs.nextcloud.com/server/stable/admin_manual/maintenance/migrating.html

    Prior to migrating you can also fix you permissions on the existing NC data files.

    Assuming default file location:

    # All the directories should be 755
    find /var/www/html/nextcloud/data -type d -exec chmod 755 {} \;
    # All of the files should be 644
    find /var/www/html/nextcloud/data -type f -exec chmod 644 {} \;
    


  • @Woti said in Fedora 31 Server Edition filesystem permissions changed to 777:

    How to backup and restore both MySql and Nextcloud content?
    /data directory is located on a separate partition.

    MySQL / MariaDB has standard backup procedures like mysqldump. Just use those. There's no NextCloud specific information to have here.

    Same with the /data directory. Just take a normal backup of it like you would with any file server.

    And in doing so, user creds are backed up automatically.



  • @scottalanmiller said in Fedora 31 Server Edition filesystem permissions changed to 777:

    @Woti said in Fedora 31 Server Edition filesystem permissions changed to 777:

    How to backup and restore both MySql and Nextcloud content?
    /data directory is located on a separate partition.

    MySQL / MariaDB has standard backup procedures like mysqldump. Just use those. There's no NextCloud specific information to have here.

    Same with the /data directory. Just take a normal backup of it like you would with any file server.

    And in doing so, user creds are backed up automatically.

    The linked migration instructions link to that info.



  • @Woti said in Fedora 31 Server Edition filesystem permissions changed to 777:

    I've decided to install my Server from scratch.
    I am wondering about:

    • How to backup and restore both MySql and Nextcloud content?
      /data directory is located on a separate partition.

    • Is it possible to restore user credentials?

    • Is there some Fedora / CentOS based howtos?

    Any help is very appreciated. πŸ™‚

    Best regards,
    Woti

    You can adapt this script for your setup.
    https://riegers.in/nextcloud-backup-and-restore/



  • Hello again πŸ™‚

    I did a backup og my MariaDB. But I saw under /var/lib/mysql are a couple of folders and files and all of them got permissions 777.
    I mean shouldn't it be 640?
    When I did the backup of the Nextcloud DB are the (wrong) permissions stored too?
    These are the 5 folders:
    /.rocksdb
    /#rocksdb
    /mysql
    /nextcloud
    /performance_schema

    Can you guys be so kindly and check what are the right permissions for /var/lib/mysql folder and subfolders I wrote about?

    I just wanna be sure before I delete everything πŸ™‚

    Best regards,
    Woti



  • @Woti said in Fedora 31 Server Edition filesystem permissions changed to 777:

    Hello again πŸ™‚

    I did a backup og my MariaDB. But I saw under /var/lib/mysql are a couple of folders and files and all of them got permissions 777.
    I mean shouldn't it be 640?
    When I did the backup of the Nextcloud DB are the (wrong) permissions stored too?
    These are the 5 folders:
    /.rocksdb
    /#rocksdb
    /mysql
    /nextcloud
    /performance_schema

    Can you guys be so kindly and check what are the right permissions for /var/lib/mysql folder and subfolders I wrote about?

    I just wanna be sure before I delete everything πŸ™‚

    Best regards,
    Woti

    You don’t backup the DB by backing up a folder. you are not doing something that you were told.



  • @Woti said in Fedora 31 Server Edition filesystem permissions changed to 777:

    I did a backup og my MariaDB. But I saw under /var/lib/mysql are a couple of folders and files and all of them got permissions 777.

    To back up any database like this, you have to shut it down completely before taking the backup. No database is meant to be backed up that way. You should always use the DB's own backup tools to get a working backup. Anything taken this way is an unreliable copy - any corruption is expected.



  • @Woti said in Fedora 31 Server Edition filesystem permissions changed to 777:

    But I saw under /var/lib/mysql are a couple of folders and files and all of them got permissions 777.
    I mean shouldn't it be 640?

    A correct backup and restore could not change them. What action did you take to do your backup and restore? The mysqldump commands cannot change the file permissions.



  • The permissions has been changed before. As I wrote in the beginning thread the entire filesystem has been changed to 777.
    I could fix it via the rpm command but that command can just fix default files and folders, no user files and folders.

    To backup the database I used this command as recommented:

    mysqldump --single-transaction -h localhost -u nextadmin -pnextcloudPassword nextcloud > /mnt/cloud/Nextcloud-DB_`date +"%Y%m%d"`.sql
    


  • @Woti then you take that resulting file and copy it to the new system and restore it. The permissions of the sql backup file are irrelevant as long and it can be read.



  • I'll see soon. I've reinstalled Fedora 31 Server from scratch. I'm using newer and stronger certificates following those two guides:
    https://linuxize.com/post/secure-apache-with-let-s-encrypt-on-centos-8/
    https://riegers.in/nextcloud-installation-guide-ubuntu-18-04/

    Next step is to restore Nextcloud DB and get Nextcloud up and running again. I'm not working with the server every day, that's why it takes some time πŸ™‚

    Best regards,
    Woti



  • @Woti said in Fedora 31 Server Edition filesystem permissions changed to 777:

    I'll see soon. I've reinstalled Fedora 31 Server from scratch. I'm using newer and stronger certificates following those two guides:
    https://linuxize.com/post/secure-apache-with-let-s-encrypt-on-centos-8/
    https://riegers.in/nextcloud-installation-guide-ubuntu-18-04/

    Next step is to restore Nextcloud DB and get Nextcloud up and running again. I'm not working with the server every day, that's why it takes some time πŸ™‚

    Best regards,
    Woti

    Good luck. post here with questions. Busy but will always help if I can.



  • Everyone's busy that's why good things take time πŸ˜ƒ



  • My attempt to get running Nextcloud is stopped of a strange issue.
    I get these following errors:
    ssl_error_log:
    [ssl:warn] AH01909: woti.dedyn.io:443:0 server certificate does NOT include an ID which matches the server name
    Googling AH01909 gives a lot of answers but I can't figure it out.

    http_error_log:
    [lbmethod_heartbeat:notice] AH02282: No slotmem from mod_heartmonitor
    Googling AH02282 gives me different answers, not sure if I need this modul at all? Never had this notice in my prior Fedora system.

    Is there any way to completely undo certificate creation and start from scratch igjen without reinstalling the whole system?

    Best regards,
    Woti



  • @Woti said in Fedora 31 Server Edition filesystem permissions changed to 777:

    My attempt to get running Nextcloud is stopped of a strange issue.
    I get these following errors:
    ssl_error_log:
    [ssl:warn] AH01909: woti.dedyn.io:443:0 server certificate does NOT include an ID which matches the server name
    Googling AH01909 gives a lot of answers but I can't figure it out.

    http_error_log:
    [lbmethod_heartbeat:notice] AH02282: No slotmem from mod_heartmonitor
    Googling AH02282 gives me different answers, not sure if I need this modul at all? Never had this notice in my prior Fedora system.

    Is there any way to completely undo certificate creation and start from scratch igjen without reinstalling the whole system?

    Best regards,
    Woti

    Any reason you're not using certbot from Let's Encrypt?



  • Yes I do using certbot from Let's Encrypt. I did using it before re-installation too.
    I was using this tutorial: https://linuxize.com/post/secure-apache-with-let-s-encrypt-on-centos-8/

    certbot certonly --agree-tos --email [email protected] --apache -w /var/www/html -d woti.dedyn.io
    
    openssl x509 -in /etc/letsencrypt/live/woti.dedyn.io/fullchain.pem -noout -subject
    subject=CN = woti.dedyn.io
    
    openssl x509 -in /etc/letsencrypt/live/woti.dedyn.io/fullchain.pem -noout -text | grep DNS
    DNS:woti.dedyn.io
    


  • It looks like something is missing. I rolled back from https to default http and I can reach Apache's default welcome side by using IP address. But if I try to reach Nextcloud by IP the browser is showing me the sourcecode of Nextcloud's index.php file.
    Using https again brings me just Internal Server Error.
    The same happens with a clean installation of Nextcloud.
    Am I missing something here?

    Got fixes those two errors I wrote about above.
    But getting now:
    AH01071: Got error 'Primary script unknown'



  • Likely in your configs http has instructions to read index.php and https is missing that directive.



  • Can someone tell me what that entries mean? I found it access_log file.
    access_log.png

    https://github.com/robertdavidgraham/masscan



  • @Woti said in Fedora 31 Server Edition filesystem permissions changed to 777:

    Can someone tell me what that entries mean? I found it access_log file.
    access_log.png

    https://github.com/robertdavidgraham/masscan

    It's quite straightforward, but the name is so bizarre that it makes it confusing. It's not anything weird, other than the name.

    The position in the log represents the "browser" identifier. The browser's name (Chrome, Firefox, etc.) is masscan and the browser version is 1.0. People are likely to be confused by that, so the "browser" ID includes the URL of the browser's code so that you can look it up.

    So in this case, it tells us that someone using masscan made a request to your site. It's someone port scanning you.



  • If you wanted to test / demonstrate this, you could download masscan to another computer from the given URL and use it to scan your own site. You should get an identical log entry, except with your IP address listed of course.



  • Thanks for your reply. It is scary.



  • @scottalanmiller What means the line with IP 217.131.28.231



  • @Woti said in Fedora 31 Server Edition filesystem permissions changed to 777:

    @scottalanmiller What means the line with IP 217.131.28.231

    That field, the first one, is the IP address of the browser making a request. Try accessing your own site from a public IP that you know, and then look for that IP in the log to see how it works. But that first field is just the requesting public IP field.


Log in to reply