Some Witty Tagline Goes Here
In the event of drastic file permission or ownership changes, it is possible to restore the original permissions of the file(s). Solaris maintains a database of all packages installed on a system, and the files included with these packages. Sun has taken to calling this database the Solaris Software Registry. Most administrators will recognize it as the /var/sadm directory hierarchy.
Each time a file is installed on a Solaris system through a package, an entry is added to the /var/sadm/install/contents file. These entries contain several pieces of information on a file, including its path, owner, permissions, etc. This information can be used to restore permissions and ownerships which have been accidentally changed.
The example presented below represents a dramatic example--perhaps an administrator issued the command chown -R someuser /. This would cause the entire contents of the filesystem to be owned by someuser. One byproduct of this command is that setuid files, such as /usr/bin/login would cease to function.
Important Note: The pkgchk command does not restore setuid, setgid, and sticky bits. These must be set manually.
To restore the file permissions, do the following:
Boot the system from alternate media, such as a CD-ROM, in single-user mode.
ok boot cdrom -s
Mount the affected file systems on /a:
# mount / /a # mount /usr /a/usr # mount /var/ /a/var # mount /opt /a/opt
Run the pgkchk command. The -R option specifies an alternate root path, while the -f option indicates that file permissions will be fixed.
pkgchk -R /a -f
For more information, please refer to the series of articles published at Sun Blueprints Program (http://www.sun.com/blueprints/) about the Solaris Software Registry, one of which describes using the pkgchk command in more detail.
Website Design & Maintenance by Erika Stokes