Re: root is unable to change file permissions!
Using lsattr, see is the immutable flag has been set. Normally, no flags
should be set:
bob@sonic:~> lsattr *.txt
----------------- 34sp-userguide.txt
If the immutable flag has been set, you can unset it with
chattr -i filename
See "man lsattr" and "man chattr".
While this will (hopefully) solve your immediate problem, the larger problem
is that your system was possibly compromised, and the cracker has been
messing with your flags. Which means you need to do major surgery on it
(reinstall, tighten firewall rules, etc).
good luck,
RS
Friday 03 June 2005 16:04, Andreas Hatz wrote:
> Hello Debain Users,
>
> We have an interesting phenomenon occuring on one of our servers. We have
> noticed that two files in the /bin directory have had their executable
> permissions removed and we are unable to chmod the files as root.
>
> current file permissions:
> -rw-r--r-- 1 root root 35464 May 31 13:02 /bin/login
> -rw-r--r-- 1 root root 54152 Aug 29 2001 /bin/netstat
>
> when trying to change permissions:
>
> ns:~# whoami
> root
>
> ns:~# id
> uid=0(root) gid=0(root) groups=0(root)
>
> ns:~# chmod 755 /bin/login
> chmod: changing permissions of `/bin/login': Operation not permitted
>
> We have tried doing the same thing from the rescue disc login prompt. same
> outcome.
>
> This seems to be a serious security issue. Root user seems to have lost
> control of some files. Other files can be changed using the above commands.
>
> Any ideas?
>
> Best regards,
>
> Andreas Hatz
Reply to: