So I recently went through the wonderful adventure of fixing the /usr/bin/sudo file after it's permissions have been changed. This was on a system where it had been intentionally reconfigured to make it difficult obtain root through the other normal routes.
Now to prevent this in the future, I could just run these commands on a root cron job:
chown root:root /usr/bin/sudo
chmod 4755 /usr/bin/sudo
However, ideally this set of commands would not only fix the sudo file, but all the files needed for an effective root.
My Question: Is there an existing script or library I can install to make sure effective root is maintained?
This is for Fedora 26 running on VM.
Answer
You an reset all of the permissions and user/group ownership of an RPM with rpm, using --setperms and --setugids, respectively.
So, from the command line, run:
$ sudo rpm --setperms -a
$ sudo rpm --setugids -a
Or you could drop a script running these into /etc/cron.daily — but it seems extraordinary that you would need that. Instead, be a little more careful when running as root (and use rescue boot media if you happen to ever make this mistake in the future).
No comments:
Post a Comment