Accidentally set permissions on / to 775 - not sure where to go from here

[thewoj]

Apologies if this is posted in the wrong place, I'm new to these forums!

Version - TrueNAS CORE 13.0-release

I was SSH'd into my server to do some bulk reorganizing in my media libraries, I was typing too quickly and hit chmod 775 /* instead of chmod 775 * and set the permissions on the root directory to 775 by mistake.

I didn't realize I had made the mistake until I clicked back to the GUI and got a "404 Not Found" for the login page, and all my SMB shares are now broken.

Things in jails are still running properly, and I didn't put an -R in my command, so am fairly certain this action was not recursive. If I could find out what the permissions are supposed to be for everything in the directory, I could theoretically just re-set those, and I should be good, right?

Code:

drwxrwxrw-  20 root  wheel  uarch          27 Feb  5 20:34 ./
drwxrwxrw-  20 root  wheel  uarch          27 Feb  5 20:34 ../
-rw-r--r--   2 root  wheel  uarch        1023 Jan 18  2012 .cshrc
-rw-r--r--   2 root  wheel  uarch         507 Jan 18  2012 .profile
lrwxr-xr-x   1 root  wheel  uarch          13 Jan 18  2012 .rnd@ -> /var/tmp/.rnd
drwxrwxr-x   2 root  wheel  uarch          47 Jan 18  2012 bin/
drwxrwxr-x  15 root  wheel  uarch          70 Feb  5 20:33 boot/
drwxrwxr-x   3 root  wheel  uarch           3 Jan 18  2012 compat/
drwxrwxr-x   3 root  wheel  uarch           3 Dec 31  2011 conf/
-rwxrwxr-x   1 root  wheel  uarch        6109 Jan 18  2012 COPYRIGHT*
drwxrwxr-x   6 root  wheel  uarch          13 Feb  5 21:39 data/
drwxrwxr-x  14 root  wheel  -             512 Feb  5 21:49 dev/
-rwxrwxr-x   1 root  wheel  uarch,nodump 4096 Feb  5 20:34 entropy*
drwxrwxr-x  34 root  wheel  uarch        8960 Feb  5 21:39 etc/
drwxrwxr-x   5 root  wheel  uarch          58 Jan 18  2012 lib/
drwxrwxr-x   3 root  wheel  uarch           4 Jan 18  2012 libexec/
drwxrwxr-x   2 root  wheel  uarch           2 Jan 18  2012 media/
drwxrwxr-x   3 root  wheel  uarch         128 Feb  5 20:34 mnt/
drwxrwxr-x   2 root  wheel  uarch           2 Jan 18  2012 net/
drwxrwxr-x   2 root  wheel  uarch           2 Jan 18  2012 proc/
drwxrwxr-x   2 root  wheel  uarch         145 Jan 18  2012 rescue/
drwxrwxr-x   5 root  wheel  uarch          18 Feb  5 21:48 root/
drwxrwxr-x   2 root  wheel  uarch         142 Jan 18  2012 sbin/
-rwxrwxr-x   1 root  wheel  uarch        4114 Jan 18  2012 storcli.log*
lrwxr-xr-x   1 root  wheel  uarch           8 Jan 18  2012 tmp@ -> /var/tmp
drwxrwxr-x  13 root  wheel  uarch          13 Jan 18  2012 usr/
drwxrwxr-x  27 root  wheel  uarch        1728 Feb  5 20:34 var/

I'm afraid to disconnect from the server in case I can't SSH back into it afterward.

Thanks in advance!

 

[Samuel Tai]

This is my /:

Code:

root@raven:/ # ls -lo
total 182
drwxr-xr-x   3 root  wheel  uarch            3 Jan 30  2021 .cache/
-rw-r--r--   2 root  wheel  uarch         1040 Nov 17 19:41 .cshrc
-rw-r--r--   2 root  wheel  uarch          507 Nov 17 19:32 .profile
lrwxr-xr-x   1 root  wheel  uarch           13 Nov 17 19:32 .rnd@ -> /var/tmp/.rnd
drwxr-xr-x   2 root  wheel  uarch           47 Nov 17 19:32 bin/
drwxr-xr-x  15 root  wheel  uarch           70 Jan  7 08:42 boot/
drwxr-xr-x   3 root  wheel  uarch            3 Nov 17 19:33 compat/
drwxr-xr-x   3 root  wheel  uarch            3 Mar 13  2019 conf/
-r--r--r--   1 root  wheel  uarch         6109 Nov 17 19:32 COPYRIGHT
drwxr-xr-x   8 root  wheel  uarch           16 Feb  5 22:44 data/
dr-xr-xr-x  62 root  wheel  -              512 Jan  7 08:43 dev/
-rw-------   1 root  wheel  uarch,nodump  4096 Jan  7 08:44 entropy
drwxr-xr-x  35 root  wheel  uarch         9088 Feb  3 17:41 etc/
drwxr-xr-x   5 root  wheel  uarch           58 Nov 17 19:33 lib/
drwxr-xr-x   3 root  wheel  uarch            4 Nov 17 19:33 libexec/
drwxr-xr-x   2 root  wheel  uarch            2 Nov 17 19:34 media/
drwxr-xr-x   3 root  wheel  uarch          128 Feb  4 08:45 mnt/
drwxr-xr-x   2 root  wheel  uarch            2 Nov 17 19:34 net/
dr-xr-xr-x   2 root  wheel  uarch            2 Nov 17 19:34 proc/
drwxr-xr-x   2 root  wheel  uarch          145 Nov 17 19:33 rescue/
drwxr-xr-x  10 root  wheel  uarch           28 Feb  5 23:12 root/
drwxr-xr-x   2 root  wheel  uarch          142 Nov 17 19:33 sbin/
-rw-r--r--   1 root  wheel  uarch        43197 Nov 17 19:37 storcli.log
lrwxr-xr-x   1 root  wheel  uarch            8 Nov 17 19:33 tmp@ -> /var/tmp
drwxr-xr-x  13 root  wheel  uarch           13 Nov 17 19:34 usr/
drwxr-xr-x  27 root  wheel  uarch         1728 Jan  7 08:44 var/

In general, everything's on a 755 mask, except for specific files.

 

[thewoj]

Thank you for providing that list, I'm back in the GUI now and SMB shares are functioning. Much appreciated!

 

[Whattteva]

I'm not sure why anything would be broken actually. 775 is more permissive than 755. Usually, things would break because you take away permissions, not give permissions. With some exceptions, like SSH key file.

 

[Samuel Tai]

I'm not sure why anything would be broken actually. 775 is more permissive than 755. Usually, things would break because you take away permissions, not give permissions. With some exceptions, like SSH key file.

I think /dev, /proc, and /entropy need to be specificly permissioned for security reasons:

Code:

dr-xr-xr-x  62 root  wheel  -              512 Jan  7 08:43 dev/
-rw-------   1 root  wheel  uarch,nodump  4096 Jan  7 08:44 entropy
dr-xr-xr-x   2 root  wheel  uarch            2 Nov 17 19:34 proc/

 

[sretalla]

I would generally say that you're best to backup your config, reinstall and restore the config in order to ensure there are no problems in future.

As mentioned above, nothing is likely "broken" as such, but there are risks.