Alterei Permissão De Todos Os Arquivo, E Agora ?

[abobre]

Olá, bom dia !!!

 

 Eu fui alterar a permissão de algumas pastas de uma conta no cpanel  e entrei no direitorio dessa conta e executei o comando

sudo chown -R usuario:grupo /

Só que com isso, eu acabei alterar a permissão  de todo sistema, então eu executei novamente

sudo chown -R root:root /

Final das contas, me ferrei... Não consigo iniciar mais uma conta no SSH(Ainda estou logando com uma sessão), não envie e-mail...

 

 Tem como restaurar as permissões e grupos padrão ?  Eu uso o centos com cpanel !!!

Jan 30 00:39:00 srv atd[32095]: pam_unix(atd:session): session opened for user root by (uid=0)
Jan 30 00:39:07 srv atd[32095]: pam_unix(atd:session): session closed for user root
Jan 30 07:17:16 srv sshd[14053]: Invalid user ROOT from 189.62.*.59
Jan 30 07:17:16 srv sshd[14053]: Address 189.62.*.59 maps to ***.virtua.com.br, but this does not map back to the address - POSSIBLE BREAK-IN ATTEMPT!
Jan 30 09:17:16 srv sshd[14054]: input_userauth_request: invalid user ROOT
Jan 30 09:17:17 srv sshd[14054]: Postponed keyboard-interactive for invalid user ROOT from 189.62.*.59 port 63048 ssh2
Jan 30 09:17:20 srv sshd[14054]: Connection closed by 189.62.*.59
Jan 30 07:17:27 srv sshd[14092]: Address 189.62.*.59 maps to ***.virtua.com.br, but this does not map back to the address - POSSIBLE BREAK-IN ATTEMPT!
Jan 30 07:17:31 srv sshd[14092]: Accepted publickey for root from 189.62.*.59 port 63058 ssh2
Jan 30 07:17:31 srv sshd[14092]: pam_unix(sshd:session): session opened for user root by (uid=0)
Jan 30 07:38:58 srv groupadd[27576]: new group: name=mmplanod, GID=560
Jan 30 07:38:58 srv useradd[27580]: new user: name=mmplanod, UID=548, GID=560, home=/home/mmplanod, shell=/bin/bash
Jan 30 08:32:00 srv sshd[15686]: Address 189.62.*.59 maps to ***.virtua.com.br, but this does not map back to the address - POSSIBLE BREAK-IN ATTEMPT!
Jan 30 08:32:04 srv sshd[15686]: Accepted publickey for root from 189.62.*.59 port 52157 ssh2
Jan 30 08:32:04 srv sshd[15686]: pam_unix(sshd:session): session opened for user root by (uid=0)
Jan 30 08:36:58 srv sshd[17013]: Address 189.62.*.59 maps to ***.virtua.com.br, but this does not map back to the address - POSSIBLE BREAK-IN ATTEMPT!
Jan 30 08:37:02 srv sshd[17013]: Accepted publickey for root from 189.62.*.59 port 52667 ssh2
Jan 30 08:37:02 srv sshd[17013]: pam_unix(sshd:session): session opened for user root by (uid=0)
Jan 30 08:37:03 srv sshd[17013]: subsystem request for sftp
Jan 30 08:42:22 srv sshd[19040]: Address 189.62.*.59 maps to ***.virtua.com.br, but this does not map back to the address - POSSIBLE BREAK-IN ATTEMPT!
Jan 30 08:42:26 srv sshd[19040]: Accepted publickey for root from 189.62.*.59 port 53021 ssh2
Jan 30 08:42:27 srv sshd[19040]: pam_unix(sshd:session): session opened for user root by (uid=0)
Jan 30 08:42:27 srv sshd[19040]: subsystem request for sftp
Jan 30 08:48:43 srv sshd[19040]: pam_unix(sshd:session): session closed for user root
Jan 30 08:*:29 srv sudo:     root : TTY=pts/1 ; PWD=/home/mmplanod/public_html ; USER=root ; COMMAND=/bin/chown -R mmplanod:mmplanod /
Jan 30 08:50:09 srv sudo:     root : TTY=pts/1 ; PWD=/home/mmplanod/public_html ; USER=root ; COMMAND=/bin/chown -R mmplanod:mmplanod /home/mmplanod/public_html/
Jan 30 08:54:55 srv sudo:     root : TTY=pts/1 ; PWD=/ ; USER=root ; COMMAND=/bin/chown -R root:root /bin/
Jan 30 08:56:31 srv sudo:     root : TTY=pts/1 ; PWD=/ ; USER=root ; COMMAND=/bin/chown -R root:root /usr/
Jan 30 09:06:19 srv usermod[26623]: change user `mmplanod' GID from `560' to `560'
Jan 30 09:06:19 srv userdel[26628]: delete user `mmplanod' 
Jan 30 09:06:19 srv userdel[26628]: removed group `mmplanod' owned by `mmplanod' 
Jan 30 09:07:39 srv groupadd[26969]: new group: name=mmplanod, GID=561
Jan 30 09:07:39 srv useradd[26973]: new user: name=mmplanod, UID=5*, GID=561, home=/home/mmplanod, shell=/bin/bash

[Rhuan]

Existe um script para corrigir as permissões de cada conta que deseja, veja esse post:

 

Porém quanto aos outros serviços eu não sei te informar, recomendo abrir um ticket na cPanel.

[abobre]

O pior que ele alterou as permissões do servidor e não das contas, não deu tempo... eu sei que ele parou em algum linha de erro do apache, mas não me recordo qual linha pq eu abortei na hora que percebi a cagada que fiz...

[abobre]

Vejam os logs do sistema

Jan 30 00:39:00 srv atd[32095]: pam_unix(atd:session): session opened for user root by (uid=0)
Jan 30 00:39:07 srv atd[32095]: pam_unix(atd:session): session closed for user root
Jan 30 07:17:16 srv sshd[14053]: Invalid user ROOT from 189.62.*.59
Jan 30 07:17:16 srv sshd[14053]: Address 189.62.*.59 maps to ***.virtua.com.br, but this does not map back to the address - POSSIBLE BREAK-IN ATTEMPT!
Jan 30 09:17:16 srv sshd[14054]: input_userauth_request: invalid user ROOT
Jan 30 09:17:17 srv sshd[14054]: Postponed keyboard-interactive for invalid user ROOT from 189.62.*.59 port 63048 ssh2
Jan 30 09:17:20 srv sshd[14054]: Connection closed by 189.62.*.59
Jan 30 07:17:27 srv sshd[14092]: Address 189.62.*.59 maps to ***.virtua.com.br, but this does not map back to the address - POSSIBLE BREAK-IN ATTEMPT!
Jan 30 07:17:31 srv sshd[14092]: Accepted publickey for root from 189.62.*.59 port 63058 ssh2
Jan 30 07:17:31 srv sshd[14092]: pam_unix(sshd:session): session opened for user root by (uid=0)
Jan 30 07:38:58 srv groupadd[27576]: new group: name=mmplanod, GID=560
Jan 30 07:38:58 srv useradd[27580]: new user: name=mmplanod, UID=548, GID=560, home=/home/mmplanod, shell=/bin/bash
Jan 30 08:32:00 srv sshd[15686]: Address 189.62.*.59 maps to ***.virtua.com.br, but this does not map back to the address - POSSIBLE BREAK-IN ATTEMPT!
Jan 30 08:32:04 srv sshd[15686]: Accepted publickey for root from 189.62.*.59 port 52157 ssh2
Jan 30 08:32:04 srv sshd[15686]: pam_unix(sshd:session): session opened for user root by (uid=0)
Jan 30 08:36:58 srv sshd[17013]: Address 189.62.*.59 maps to ***.virtua.com.br, but this does not map back to the address - POSSIBLE BREAK-IN ATTEMPT!
Jan 30 08:37:02 srv sshd[17013]: Accepted publickey for root from 189.62.*.59 port 52667 ssh2
Jan 30 08:37:02 srv sshd[17013]: pam_unix(sshd:session): session opened for user root by (uid=0)
Jan 30 08:37:03 srv sshd[17013]: subsystem request for sftp
Jan 30 08:42:22 srv sshd[19040]: Address 189.62.*.59 maps to ***.virtua.com.br, but this does not map back to the address - POSSIBLE BREAK-IN ATTEMPT!
Jan 30 08:42:26 srv sshd[19040]: Accepted publickey for root from 189.62.*.59 port 53021 ssh2
Jan 30 08:42:27 srv sshd[19040]: pam_unix(sshd:session): session opened for user root by (uid=0)
Jan 30 08:42:27 srv sshd[19040]: subsystem request for sftp
Jan 30 08:48:43 srv sshd[19040]: pam_unix(sshd:session): session closed for user root
Jan 30 08:*:29 srv sudo:     root : TTY=pts/1 ; PWD=/home/mmplanod/public_html ; USER=root ; COMMAND=/bin/chown -R mmplanod:mmplanod /
Jan 30 08:50:09 srv sudo:     root : TTY=pts/1 ; PWD=/home/mmplanod/public_html ; USER=root ; COMMAND=/bin/chown -R mmplanod:mmplanod /home/mmplanod/public_html/
Jan 30 08:54:55 srv sudo:     root : TTY=pts/1 ; PWD=/ ; USER=root ; COMMAND=/bin/chown -R root:root /bin/
Jan 30 08:56:31 srv sudo:     root : TTY=pts/1 ; PWD=/ ; USER=root ; COMMAND=/bin/chown -R root:root /usr/
Jan 30 09:06:19 srv usermod[26623]: change user `mmplanod' GID from `560' to `560'
Jan 30 09:06:19 srv userdel[26628]: delete user `mmplanod' 
Jan 30 09:06:19 srv userdel[26628]: removed group `mmplanod' owned by `mmplanod' 
Jan 30 09:07:39 srv groupadd[26969]: new group: name=mmplanod, GID=561
Jan 30 09:07:39 srv useradd[26973]: new user: name=mmplanod, UID=5*, GID=561, home=/home/mmplanod, shell=/bin/bash

[Jaime Silva]

Para evitar ficar sem acesso, instale logo o ConfigServer Explorer: http://configserver.com/free/cse/INSTALL.txt

Com ele pode corrigir os problemas mesmo sem acesso SSH ( WHM >> Plugins >> ConfigServer Explorer).

No CS Explorer rode o comando para reinstalar o servidor ssh: yum -y  remove openssh openssh-server;  yum -y install openssh openssh-server

 

[abobre]

 Amigos do PDH, agradeço a todos que se preocuparam em entrar no tópico e me passar uma solução, inclusive abri um chamado no cpanel e eles me ajudaram tbm a solucionar o problema.

 Olá

Sinto muito, mas infelizmente não há outra maneira de reparar isso, mas para backup de seus relatos e reinstalar o sistema operacional. Você poderia tentar os seguintes passos para ver se isso ajuda, mas eu duvido que ele vai resolver totalmente as permissões do sistema:

cd /tmp
mkdir yumfix
cd yumfix
yum reinstall * -y
/usr/local/cpanel/scripts/check_cpanel_rpms --fix
/scripts/upcp --force
/scripts/updateuserdomains
/scripts/updateuserdatacache
/scripts/rebuildhttpdconf
/scripts/restartsrv_httpd
/scripts/rebuilddnsconfig
/scripts/restartsrv_named

Obrigado

--
Daniel Morante
Bilingual Technical Analyst L2
Soporte Tecnico de cPanel
cPanel Inc.

[abobre]

Olá bom dia PDH !!!

 

 Depois da minha burrada, eu aparentimente fiquei apenas com um PROBLEMA no IMAP, vou postar os alertas do cpanel que estou recebendo no e-mail.

Server:

srv.XXXXXXX.com.br

Primary IP:

66.8X.XXXXX

Service:

imap

Notification Type:

failed

Notification:

imap failed @ Thu Jan 30 13:08:56 2014. A restart was attempted automagically.

Service Check Method:

[socket connect]

Reason:
white-space:-pre-wrap;white-space:-o-pre-wrap;word-wrap: break-word">TCP Transaction Log:

<< * OK [CAPABILITY IMAP4rev1 LITERAL+ SASL-IR LOGIN-REFERRALS ID ENABLE IDLE NAMESPACE STARTTLS AUTH=PLAIN AUTH=LOGIN] Dovecot ready.

>> A001 LOGIN __cpanel__service__auth__imap__0Lz10etI3HrIS0pWGZI6NnLVUaYkBbykGaQLPU02kVIJiIBIEJzRlQtR7mm3v6nb LvMhT2tU1orYGlQWJajrO54hCPjZqZhaRrPlKgpPS_MJnklBAbyenAIHRD4WyytF

<< A001 NO [UNAVAILABLE] Temporary authentication failure. [srv.divulgandosaude.com.br:2014-01-30 13:08:58]

imap: ** [A001 NO [UNAVAILABLE] Temporary authentication failure. [srv.XXXXX.com.br:2014-01-30 13:08:58] != A001 OK]

: Died at /usr/local/cpanel/Cpanel/TailWatch/ChkServd.pm line 894, <$socket_scc> line 2.

Number of Restart Attempts:

43

Startup Log:
white-space:-pre-wrap;white-space:-o-pre-wrap;word-wrap: break-word">Starting Dovecot Imap: [  OK  ]

Starting Dovecot Imap: [  OK  ]

Starting Dovecot Imap: [  OK  ]

Starting Dovecot Imap: [  OK  ]

Starting Dovecot Imap: [  OK  ]

Starting Dovecot Imap: [  OK  ]

Starting Dovecot Imap: [  OK  ]

Starting Dovecot Imap: [  OK  ]

Starting Dovecot Imap: [  OK  ]

Starting Dovecot Imap: [  OK  ]

Starting Dovecot Imap: Warning: Corrected permissions for login directory /var/run/dovecot/login

Warning: Corrected permissions for login directory /var/run/dovecot/token-login

Warning: Corrected permissions for empty directory /var/run/dovecot/empty

[  OK  ]

Starting Dovecot Imap: [  OK  ]

Starting Dovecot Imap: [  OK  ]

Starting Dovecot Imap: [  OK  ]

Starting Dovecot Imap: [  OK  ]

Starting Dovecot Imap: [  OK  ]

Starting Dovecot Imap: [  OK  ]

Starting Dovecot Imap: [  OK  ]

Starting Dovecot Imap: [  OK  ]

Starting Dovecot Imap: [  OK  ]

Starting Dovecot Imap: [  OK  ]

Starting Dovecot Imap: [  OK  ]

Starting Dovecot Imap: [  OK  ]

Starting Dovecot Imap: [  OK  ]

Starting Dovecot Imap: [  OK  ]

Starting Dovecot Imap: [  OK  ]

Starting Dovecot Imap: [  OK  ]

Starting Dovecot Imap: [  OK  ]

Starting Dovecot Imap: [  OK  ]

Starting Dovecot Imap: [  OK  ]

Starting Dovecot Imap: [  OK  ]

Starting Dovecot Imap: [  OK  ]

Starting Dovecot Imap: [  OK  ]

Starting Dovecot Imap: [  OK  ]

Starting Dovecot Imap: [  OK  ]

Starting Dovecot Imap: [  OK  ]

Starting Dovecot Imap: [  OK  ]

Starting Dovecot Imap: [  OK  ]

Starting Dovecot Imap: [  OK  ]

Starting Dovecot Imap: [  OK  ]

Starting Dovecot Imap: [  OK  ]

Starting Dovecot Imap: [  OK  ]

Starting Dovecot Imap: [  OK  ]

Starting Dovecot Imap: [  OK  ]

Starting Dovecot Imap: [  OK  ]

Starting Dovecot Imap: [  OK  ]

Starting Dovecot Imap: [  OK  ]

Starting Dovecot Imap: [  OK  ]

Starting Dovecot Imap: [  OK  ]

Starting Dovecot Imap: [  OK  ]

Starting Dovecot Imap: [  OK  ]

Starting Dovecot Imap: [  OK  ]

Syslog Messages:
white-space:-pre-wrap;white-space:-o-pre-wrap;word-wrap: break-word">Jan 30 13:08:58 srv dovecot: imap-login: Disconnected (auth failed, 1 attempts in 2 secs): user=<__cpanel__service__auth__imap__0lz10eti3hris0pwgzi6nnlvuaykbbykgaqlpu02kvijii...>, method=PLAIN, rip=127.0.0.1, lip=127.0.0.1, secured, session=<PtW3bzHxwQB/AAAB>

Jan 30 13:08:56 srv dovecot: auth: Error: checkpassword(__cpanel__service__auth__imap__0lz10eti3hris0pwgzi6nnlvuaykbb...,127.0.0.1,<PtW3bzHxwQB/AAAB>): write() failed: Broken pipe

Jan 30 13:08:56 srv dovecot: auth: Fatal: execv(/usr/local/cpanel/bin/dovecot-wrap) failed: Permission denied

Jan 30 13:01:19 srv dovecot: auth: Error: checkpassword([email protected],127.0.0.1): write() failed: Broken pipe

Jan 30 13:01:19 srv dovecot: auth: Fatal: execv(/usr/local/cpanel/bin/dovecot-wrap) failed: Permission denied

[Rhuan]

Tente reinstalar o Dovecot pois ele ainda está com as permissões incorretas ou troque para o Courier...

Obs: Recomendo você formatar esse servidor pois você poderá ter muitos outros problemas pela frente por conta disso

[Jaime Silva]

Creio que tem a ver com o arquivo /usr/local/cpanel/bin/dovecot-wrap: o grupo dele é dovecot
Assim, talvez chown root:dovecot /usr/local/cpanel/bin/dovecot-wrap resolva.

[abobre]

Tente reinstalar o Dovecot pois ele ainda está com as permissões incorretas ou troque para o Courier...

Obs: Recomendo você formatar esse servidor pois você poderá ter muitos outros problemas pela frente por conta disso

 

Tambem penso em formatar o dedicado, assim já resolve o problema de uma vez. Mas fico pensando, pois parece que o problema é só no imap ! Obrigado pela sugestão !

 

 

Creio que tem a ver com o arquivo /usr/local/cpanel/bin/dovecot-wrap: o grupo dele é dovecot

Assim, talvez chown root:dovecot /usr/local/cpanel/bin/dovecot-wrap resolva.

 

 Vou tentar essa solução, obrigado !!!