Some Witty Tagline Goes Here

TechNote: Restoring Original Package File Permissions

In the event of drastic file permission or ownership changes, it is possible to restore the original permissions of the file(s). Solaris maintains a database of all packages installed on a system, and the files included with these packages. Sun has taken to calling this database the Solaris Software Registry. Most administrators will recognize it as the /var/sadm directory hierarchy.

Each time a file is installed on a Solaris system through a package, an entry is added to the /var/sadm/install/contents file. These entries contain several pieces of information on a file, including its path, owner, permissions, etc. This information can be used to restore permissions and ownerships which have been accidentally changed.

The example presented below represents a dramatic example--perhaps an administrator issued the command chown -R someuser /. This would cause the entire contents of the filesystem to be owned by someuser. One byproduct of this command is that setuid files, such as /usr/bin/login would cease to function.

Important Note: The pkgchk command does not restore setuid, setgid, and sticky bits. These must be set manually.

To restore the file permissions, do the following:

Boot the system from alternate media, such as a CD-ROM, in single-user mode.

ok boot cdrom -s

Mount the affected file systems on /a:

# mount / /a # mount /usr /a/usr # mount /var/ /a/var # mount /opt /a/opt

Run the pgkchk command. The -R option specifies an alternate root path, while the -f option indicates that file permissions will be fixed.

pkgchk -R /a -f

For more information, please refer to the series of articles published at Sun Blueprints Program (http://www.sun.com/blueprints/) about the Solaris Software Registry, one of which describes using the pkgchk command in more detail.



 

Website Design & Maintenance by Erika Stokes