Re: Mandrake 8.1 Desktop Gone

On 20 Mar 2007, in the Usenet newsgroup alt.os.linux, in article
<1174425448.294854.3860@xxxxxxxxxxxxxxxxxxxxxxxxxxxx>, ffitz2@xxxxxxxxx wrote:

I screwed up... but I'm not sure how. I'm afraid I'm knowledgable
enough to get into trouble, but not quite enough to get out of it.

That happens - that's how you learn

This is on Mandrake 8.1.

EIGHT POINT ONE??? Wow that is obsolete. Support for that ended
over three years ago. Is there any specific reason you have to be
using something that old?

What I wanted to do:
Tighten down permissions so that ms ie7 ftp wouldn't navigate into the
root.

Read the man page for the FTP server (what-ever it is) and look for the
word 'chroot'.

What I did:
Use chmod to remove "others" access to all directories in root.

And how exactly? Well, you know not to do THAT again.

What happened:
Websites were no longer accessible. GUI (KDE) wouldn't come up.

Then I restored the r-x for others for all directories in root.

Again - what did you do exactly? By the way, /tmp/ wants to be
'drwxrwxrws' which you get as 'chmod 1777 /tmp'

Websites came back up.
GUI (KDE) still down.

As root '/bin/rpm -Va' and see what all has gotten screwed. It's
probably going to be a lot. You can use rpm to restore permissions
of the stuff it knows about using

[compton ~]$ rpm --help | grep -A2 -- --set
--setperms - set the file permissions to those in the package
database using the same package specification
options as -q
--setugids - set the file owner and group to those in the
package database using the same package
specification options as -q
[compton ~]$

so if I read this correctly, that would be 'rpm --setperms -a' but no
guarantees. Repeat the 'rpm -Va' and see how it improves things.

So...
1. How do I prevent IE7 ftp from getting to places it shouldn't
get to, without killing websites.

You don't give access to idiots using IE7 as root. If you do want to give
them access and want to limit their access, man the FTP server and look at
setting it up in a chroot jail. AT THE VERY LEAST set them up in an
account with minimal access.

[compton ~]$ whatis chroot
chroot (1) - run command or interactive shell with special root directory
chroot (2) - change root directory
[compton ~]$

Warning - this can be more hassle than it's worth. Better way is to not to
allow idiots near the system.

2. How do I get KDE back?

Install a current distribution. The permissions of /tmp are probably wrong
as well.

Old guy
.

Relevant Pages

  • Re: Mandrake 8.1 Desktop Gone
    ... Read the man page for the FTP server and look for the ... Use chmod to remove "others" access to all directories in root. ... setting it up in a chroot jail. ... chroot - run command or interactive shell with special root directory ...
    (alt.os.linux)
  • Re: Chroot bug
    ... outside the subtree rooted at the root directory. ... Which is behaviour chroot preserves properly. ... And yet it is the dot-dot entry which is used to access files outside ...
    (Linux-Kernel)
  • Re: Chroot bug (was: sys_chroot+sys_fchdir Fix)
    ... The root directory, '/' is changed, and if the process is capable of using ... chroot, it may change the root directory again. ... You know you're in trouble when packet floods are competing to flood you. ...
    (Linux-Kernel)
  • Chroot bug (was: sys_chroot+sys_fchdir Fix)
    ... Miloslav Semler pointed out that a root process can chdirout of its chroot. ... Although this is documented in the man page, it conflicts with the essential function, which is to change the root directory of the process. ... In addition to any creative uses, for example Philipp Marek's loading dynamic libraries, it seems clear that the prime purpose of chroot is to aid security. ...
    (Linux-Kernel)
  • Re: sys_chroot+sys_fchdir Fix
    ... I don't hope to secure Linux ... within chroot, simply to fix chroot so that it does what it says it ... new root, dot-dot is promised to keep you within that root; ... So the OpenBSD man page seems to be in the minority here. ...
    (Linux-Kernel)