Centos8中恢复根目录为默认权限
<p><img style="max-width:100%!important;height:auto!important;"title="Centos8中恢复根目录为默认权限" alt="Centos8中恢复根目录为默认权限" border="0" src="https://zhuji.jb51.net/uploads/img/202305/abbd0db776ab524141d4e9e57f70ac2c.jpg"></p>
<p>
本文中介绍如何从意外运行# chmod -R 777 /命令,在Centos8操作系统上恢复默认权限。
</p>
<p>
本文中我们将故意在一个测试服务器上运行chmod 777命令,并尝试通过运行两个命令进行恢复。就是如下两条命令:
</p>
<ol class="dp-sql">
<li class="alt">
<span><span># rpm </span><span class="comment">--setugids -a</span><span> </span></span>
</li>
<li>
<span></span>
</li>
<li class="alt">
<span># rpm <span class="comment">--setperms -a</span><span> </span></span>
</li>
</ol>
<p>
当再测试机上面执行下面命令之后,所有文件权限都会变成777。
</p>
<ol class="dp-sql">
<li class="alt">
<span><span># chmod -R 777 / </span></span>
</li>
</ol>
<p>
列出根目录下面的内容:
</p>
<ol class="dp-sql">
<li class="alt">
<span><span># ls -al / </span></span>
</li>
</ol>
<p>
<img style="max-width:100%!important;height:auto!important;"title="Centos8中恢复根目录为默认权限" alt="Centos8中恢复根目录为默认权限" border="0" src="https://zhuji.jb51.net/uploads/img/202305/292d25f368f105c1ff11283af9d97fa5.jpg"></p>
<p>
下面是SSH相关的重要文件,需要有正确的权限和所有权。但是,由于运行chmod 777,以下所有文件都具有错误的权限。
</p>
<ol class="dp-sql">
<li class="alt">
<span><span># ll /etc/ssh/ </span></span>
</li>
<li>
<span>total 588 </span>
</li>
<li class="alt">
<span>-rwxrwxrwx. 1 root root 563386 May 11 2019 moduli </span>
</li>
<li>
<span>-rwxrwxrwx. 1 root root 1727 May 11 2019 ssh_config </span>
</li>
<li class="alt">
<span>drwxrwxrwx. 2 root root 28 <span class="keyword">Dec</span><span> 29 2019 ssh_config.d </span></span>
</li>
<li>
<span>-rwxrwxrwx. 1 root root 4444 May 11 2019 sshd_config </span>
</li>
<li class="alt">
<span>-rwxrwxrwx. 1 root ssh_keys 480 <span class="keyword">Dec</span><span> 29 2019 ssh_host_ecdsa_key </span></span>
</li>
<li>
<span>-rwxrwxrwx. 1 root root 162 <span class="keyword">Dec</span><span> 29 2019 ssh_host_ecdsa_key.pub </span></span>
</li>
<li class="alt">
<span>-rwxrwxrwx. 1 root ssh_keys 387 <span class="keyword">Dec</span><span> 29 2019 ssh_host_ed25519_key </span></span>
</li>
<li>
<span>-rwxrwxrwx. 1 root root 82 <span class="keyword">Dec</span><span> 29 2019 ssh_host_ed25519_key.pub </span></span>
</li>
<li class="alt">
<span>-rwxrwxrwx. 1 root ssh_keys 1799 <span class="keyword">Dec</span><span> 29 2019 ssh_host_rsa_key </span></span>
</li>
<li>
<span>-rwxrwxrwx. 1 root root 382 <span class="keyword">Dec</span><span> 29 2019 ssh_host_rsa_key.pub </span></span>
</li>
</ol>
<p>
<img style="max-width:100%!important;height:auto!important;"title="Centos8中恢复根目录为默认权限" alt="Centos8中恢复根目录为默认权限" border="0" src="https://zhuji.jb51.net/uploads/img/202305/0e5d7a8a6840efc23d668af50c27a958.jpg"></p>
<h3>
带有chmod 777权限的SSH
</h3>
<p>
下面尝试通过SSH远程登录服务器。由于主机密钥文件权限都变成了777了,所以登录会被拒绝。
</p>
<p>
下面再终端中ssh登录本机出现下面问题:
</p>
<p>
<img style="max-width:100%!important;height:auto!important;"title="Centos8中恢复根目录为默认权限" alt="Centos8中恢复根目录为默认权限" border="0" src="https://zhuji.jb51.net/uploads/img/202305/d26f7b791ae5b8178de089f0cab1a2af.jpg"></p>
<p>
下面使用Xshell登录服务器,同样不能登录成功:
</p>
<ol class="dp-sql">
<li class="alt">
<span><span>$ ssh root@192.168.43.131 </span></span>
</li>
<li>
<span></span>
</li>
<li class="alt">
<span></span>
</li>
<li>
<span>Connecting <span class="keyword">to</span><span> 192.168.43.131:22... </span></span>
</li>
<li class="alt">
<span><span class="keyword">Connection</span><span> established. </span></span>
</li>
<li>
<span><span class="keyword">To</span><span> </span><span class="keyword">escape</span><span> </span><span class="keyword">to</span><span> </span><span class="keyword">local</span><span> shell, press </span><span class="string">'Ctrl+Alt+]'</span><span>. </span></span>
</li>
<li class="alt">
<span><span class="keyword">Connection</span><span> closing...Socket </span><span class="keyword">close</span><span>. </span></span>
</li>
<li>
<span></span>
</li>
<li class="alt">
<span><span class="keyword">Connection</span><span> closed </span><span class="keyword">by</span><span> </span><span class="keyword">foreign</span><span> host. </span></span>
</li>
<li>
<span></span>
</li>
<li class="alt">
<span>Disconnected <span class="keyword">from</span><span> remote host(192.168.43.131:22) </span><span class="keyword">at</span><span> 10:28:06. </span></span>
</li>
<li>
<span></span>
</li>
<li class="alt">
<span>Type `help' <span class="keyword">to</span><span> learn how </span><span class="keyword">to</span><span> use Xshell prompt. </span></span>
</li>
</ol>
<p>
<img style="max-width:100%!important;height:auto!important;"title="Centos8中恢复根目录为默认权限" alt="Centos8中恢复根目录为默认权限" border="0" src="https://zhuji.jb51.net/uploads/img/202305/2f4189612c0e885f61f39d1e344e5f69.jpg"></p>
<h3>
恢复权限
</h3>
<p>
<img style="max-width:100%!important;height:auto!important;"title="Centos8中恢复根目录为默认权限" alt="Centos8中恢复根目录为默认权限" border="0" src="https://zhuji.jb51.net/uploads/img/202305/092b31b8c9bb82b1aca6dd0ad4d6ec1b.jpg"></p>
<p>
需要恢复权限,我们需要加载Centos8的系统镜像,开机启动光盘镜像:
</p>
<p>
在VMware Workstation中,加载光盘,并开机器用。开机按F2,进入BIOS,切换到Boot选项卡。将CD-ROM Drive移动到Hard Drive上面。按F10保存并重启。
</p>
<p>
<img style="max-width:100%!important;height:auto!important;"title="Centos8中恢复根目录为默认权限" alt="Centos8中恢复根目录为默认权限" border="0" src="https://zhuji.jb51.net/uploads/img/202305/410d25d3d5674892f067ccc83edcf533.jpg"></p>
<p>
选择Troubleshooting,然后选择进入救援模式。
</p>
<p>
<img style="max-width:100%!important;height:auto!important;"title="Centos8中恢复根目录为默认权限" alt="Centos8中恢复根目录为默认权限" border="0" src="https://zhuji.jb51.net/uploads/img/202305/bf7ff5ca54694930d98f84a4c9c9a459.jpg"></p>
<p>
<img style="max-width:100%!important;height:auto!important;"title="Centos8中恢复根目录为默认权限" alt="Centos8中恢复根目录为默认权限" border="0" src="https://zhuji.jb51.net/uploads/img/202305/134c59723b6a9c7629891db580d88cd9.jpg"></p>
<p>
当进入下面界面时,选择1,直接进入shell界面。
</p>
<p>
<img style="max-width:100%!important;height:auto!important;"title="Centos8中恢复根目录为默认权限" alt="Centos8中恢复根目录为默认权限" border="0" src="https://zhuji.jb51.net/uploads/img/202305/a0fffeb5d5791f97a50b4ffd471902ef.jpg"></p>
<p>
使用chroot命令将/mnt/sysroot切换为根目录:
</p>
<ol class="dp-sql">
<li class="alt">
<span><span>sh-4.4# chroot /mnt/sysroot </span></span>
</li>
</ol>
<p>
<img style="max-width:100%!important;height:auto!important;"title="Centos8中恢复根目录为默认权限" alt="Centos8中恢复根目录为默认权限" border="0" src="https://zhuji.jb51.net/uploads/img/202305/80ff1062394d5e7fb1fd768db2e18f51.jpg"></p>
<p>
使用以下两个命令运行,以恢复所有文件,目录和配置的权限。运行此命令时,它将引发权限被拒绝错误,并且无法访问错误。只是忽略错误。
</p>
<ol class="dp-sql">
<li class="alt">
<span><span># rpm </span><span class="comment">--setugids -a</span><span> </span></span>
</li>
<li>
<span># rpm <span class="comment">--setperms -a</span><span> </span></span>
</li>
</ol>
<p>
<img style="max-width:100%!important;height:auto!important;"title="Centos8中恢复根目录为默认权限" alt="Centos8中恢复根目录为默认权限" border="0" src="https://zhuji.jb51.net/uploads/img/202305/8850bb37774856b88abe06335e08fc88.jpg"></p>
<p>
参数说明:
</p>
<p>
--setugids - 设置RPM包文件的用户/组所有权。
</p>
<p>
--setperms - 设置RPM包文件的权限。
</p>
<p>
-a - 适用于所有已安装的RPM软件包。
</p>
<p>
完成操作之后,退出,并重启:
</p>
<ol class="dp-sql">
<li class="alt">
<span><span># exit </span></span>
</li>
<li>
<span></span>
</li>
<li class="alt">
<span># reboot </span>
</li>
</ol>
<h3>
查看权限、SSH连接服务器测试
</h3>
<p>
<img style="max-width:100%!important;height:auto!important;"title="Centos8中恢复根目录为默认权限" alt="Centos8中恢复根目录为默认权限" border="0" src="https://zhuji.jb51.net/uploads/img/202305/e45f83865571908d73e9ab9949738cd5.jpg"></p>
<p>
下面登录系统之后,看一下根目录的权限是否恢复正常:
</p>
<ol class="dp-sql">
<li class="alt">
<span><span># ls -l / </span></span>
</li>
</ol>
<p>
<img style="max-width:100%!important;height:auto!important;"title="Centos8中恢复根目录为默认权限" alt="Centos8中恢复根目录为默认权限" border="0" src="https://zhuji.jb51.net/uploads/img/202305/5e6d4cc4ae9e654875dea9bfd20ef31e.jpg"></p>
<p>
运行ssh登录,发现不能登录。使用netstat -tlunp发现ssh端口没有监听中,使用systemctl status sshd发现服务没有启动,启动sshd服务时发现不能启动,下面查找原因:
</p>
<p>
发现密钥文件的权限还是777,没有还原:
</p>
<p>
<img style="max-width:100%!important;height:auto!important;"title="Centos8中恢复根目录为默认权限" alt="Centos8中恢复根目录为默认权限" border="0" src="https://zhuji.jb51.net/uploads/img/202305/b7836b67d6514739f896f1e6c8715155.jpg"></p>
<p>
下面设置密钥文件权限:
</p>
<ol class="dp-sql">
<li class="alt">
<span><span># chmod 644 /etc/ssh/ssh_config </span></span>
</li>
<li>
<span># chmod 600 /etc/ssh/sshd_config </span>
</li>
<li class="alt">
<span># chmod 640 /etc/ssh/ssh_host_rsa_key /etc/ssh/ssh_host_ecdsa_key /etc/ssh/ssh_host_ed25519_key </span>
</li>
<li>
<span># chmod 644 /etc/ssh/ssh_host_rsa_key.pub /etc/ssh/ssh_host_ecdsa_key.pub /etc/ssh/ssh_host_ed25519_key.pub </span>
</li>
</ol>
<p>
<img style="max-width:100%!important;height:auto!important;"title="Centos8中恢复根目录为默认权限" alt="Centos8中恢复根目录为默认权限" border="0" src="https://zhuji.jb51.net/uploads/img/202305/856e4dca89a897369f2b2eb72ade4778.jpg"></p>
<p>
下面再次启动sshd试一下:
</p>
<ol class="dp-sql">
<li class="alt">
<span><span># systemctl enable sshd </span><span class="comment">--now</span><span> </span></span>
</li>
<li>
<span># netstat -tlunp </span>
</li>
</ol>
<p>
<img style="max-width:100%!important;height:auto!important;"title="Centos8中恢复根目录为默认权限" alt="Centos8中恢复根目录为默认权限" border="0" src="https://zhuji.jb51.net/uploads/img/202305/c3c710c745fd7815ff9d7dc3626b0aef.jpg"></p>
<p>
可以看到启动成功了。ssh远程登录试一下,看到登录成功了。
</p>
<p>
<img style="max-width:100%!important;height:auto!important;"title="Centos8中恢复根目录为默认权限" alt="Centos8中恢复根目录为默认权限" border="0" src="https://zhuji.jb51.net/uploads/img/202305/8d7dbe26a7c3095e248594cb036721fe.jpg"></p>
<h3>
总 结
</h3>
<p>
就这样,我们已经成功还原了已安装的RPM软件包的权限并恢复了服务器。切勿在任何文件系统或配置上使用chmod 777。
</p>
<p>
<img style="max-width:100%!important;height:auto!important;"title="Centos8中恢复根目录为默认权限" alt="Centos8中恢复根目录为默认权限" border="0" src="https://zhuji.jb51.net/uploads/img/202305/82bb47e94dd7128b0c0fa42435952c65.jpg"></p>
<p>
本文转载自微信公众号「Linux就该这么学」,可以通过以下二维码关注。转载本文请联系Linux就该这么学公众号。
</p>
<p>
<img style="max-width:100%!important;height:auto!important;"title="Centos8中恢复根目录为默认权限" alt="Centos8中恢复根目录为默认权限" border="0" src="https://zhuji.jb51.net/uploads/img/202305/1ed45994424e1c24363516ee78d08cae.jpg"></p>
<p>
原文链接:https://mp.weixin.qq.com/s/N_Fy4FmQkE77gVWYltuzdw
</p>
頁:
[1]