Back in the dark, old days of Linux I spent 5-6 hours digging through dbus events and X11 configs to get my mouse working. It was unplugged.
In my defense, in those days, Linux was such an insane asylum that diving into dbus and X11 as a first step was usually the logical approach.
Jesus Christ. I’ve never been so thankful for being a Linux noob in my life. That sounds awful.
Those days gave me a career so I can’t really complain.
Remember make
Oh wait. Missing something.
Download it.
Tar unzip make missing something else. Tar unzip make.
1 hour later. What was I doing?
Turns out, I do need therapy.
I owe much of my career to trying to set up Linux From Scratch two decades ago. While it’s a much better experience installing Linux nowadays, there’s a lot to be said for the experience spending your weekend debugging a system will give you.
Had a similar experience with Mint (of all distros) on an old laptop where it would not detect the headphones I plugged in. Spent like 30 minutes troubleshooting the settings/configuration and googling. Turns out the cable was weird and I just needed to not push it in too deep for it to be detected.
Been there with those old printer cables that had the two thumb screws. I spent way too long troubleshooting print problems turned out with some cables if you dont screw the thumb screws all the way in you don’t get a good cable connection.
Back in the dark, old days of Linux I spent 5-6 hours digging through dbus events
That’s not possible. In the dark, old days of Linux, dbus didn’t exist yet.
There’s always a darker, older day
Or forgetting to enable the third button/wheel in the kernel
Once helped a nice old lady troubleshooter her computer. Everything was yellow. Checked monitor settings three times. Checked Windows for f.lux. Checked Windows video settings. Reverted drivers. Updated drivers.
Jiggled the cable.
Ah, good old VGA brings the memories back
I am still removed when I have to touch anything dbus, x11 or xdg.
Also, finding where an environment variable comes from is fun too.Let’s just hope X11 will soon be gone for good.
Remember - if an environment variable’s not your fault, it’s your parent’s fault.
No, you just had a 3 hour learning experience.
Educator here. This is called “discovery learning”. (The alternative to discovery learning, “direct instruction”, would be if someone had told OP about these permissions before OP got themselves into a pickle)
When discovery learning is successful, it leads to better learning outcomes. Compared to direct instruction, you learn the material more deeply and will have better recall of the material, often for the rest of your life. The downsides to discovery learning are that it’s very time-consuming, very frustrating, and many students will just fail (give up) before learning is completed.
Consider yourself one of the lucky ones, OP.
It happened to me countless times that I was suffering with a task for hours and hours and hours, then finally found what the problem was. Then a few weeks later, facing the same issue again somewhere else, I only remembered the fact that I had that same issue weeks ago, but I completely forgot what the solution was.
Weirdly enough, sometimes it’s indeed a lifelong experience and I can remember the solution forever. I don’t really know what it depends on.
Reminds me of the adage “you didn’t pay me $5,000 for turning that bolt. You paid me $5,000 because I knew which bolt to turn.” Experience and knowledge is valuable.
SELinux enters the chat
Sure you own it, your groups owns it, its permissions are 777, SELinux says GEEEEEEET FUUUUUUCKED.
Selinux is great. It provides actual security to a system
But it is hard to operate. Source: did more than audit2allow for years.
Honestly I’ve never had to do anything but the defaults so I can’t really testify to that.
But then you get the pleasure of making it submit. My Minecraft server is now running in GNU screen just like I wanted it to, and SELinux can only look on and whimper softly.
A friend of mine told me a long time ago: “if a windows system is behaving funny, it has to do with virus. If a Linux system is behaving funny, it has to do with permissions”
if a windows system is behaving funny, it has to do with virus.
Not always true. Sometimes, it’s a driver issue. (Usually, a reinstall can fix the issue.) Or it could, very rarely, even be a BIOS/ UEFI issue. (Don’t touch it unless you know what you’re doing, and only download updates from your manufacturer’s website.)
And if a network is having problems, it has to do with DNS.
it has to do with virus. If a Linux system is behaving funny, it has to do with permissions"
Windows permissions are way more complex than Linux though, unless you’re using Linux ACLs. Standard Linux permissions just have read, write, and execute permissions for the user, group, and world. Windows (and Linux ACLs) allow any number of different users or groups to have different permissions.
I love posts like these because they help me avoid mistakes I would’ve definitely made too. Thanks OP!
You wasted 3 hours of your life so far lol
But yeah. I find the most mysterious and time-consuming of problems are usually caused by a very minor detail that is so obvious it gets overlooked immediately.
And even if you know that’s probably the case, sometimes your brain will just discard information that isn’t consistent with its assumed reality, and it tells you the piece of code you just read is fine when it’s obviously not.
Troubleshooting/debugging is fun.
I remember myself asking why directories had x flags in their permissions. Like, you don’t execute them. What do they use the x flag for?
The x permission on directories is exactly for this purpose. You can use the directory. You cannot read (requires rx), you cannot write (w), but you can ‘cd’ and operate on files in the directory.
This is important, you can lock someone out from a directory tree buy not giving them ‘x’ on the root. So, if your home is rwx------, no one but the owner can do anything in your home. This is effective even if some files and subdirectories have less restrictive permissions.
So, if your home is rwx------, no one but the owner can do anything in your home.
Does that include root?
Point for you, root is special.
Executing a list read of the inode?
It’s necessary if you want to give somebody rw access to a subdirectory but not the parent.
The parent gets “x” and the child gets “rwx”.
This way you can have multiple users with their own directories under, say, /var/www/html but restrict access to /var/www/html itself.
If the user doesn’t have “x” then they can’t see anything in that directory at all.
sudo chmod -R 777 /Edit: don’t do this, it will allow everyone and everything to read and modify all files of all mounted filesystems, this includes your personal files, system wide passwords, config files, everything and might break the whole system as not all files are meant to have these permissions, e.g. mapped hardware settings or your ssh key store.
sudocomes with immense power, do not, under any circumstances, enter commands you found on the internet without an intense look about what they do and what their implications could be. Neversudoordoas, etc., without a strong and valid reason.For anyone that didn’t recognise this as a joke, do not do this!
Oh. Ok. Should I undo it then?
Yeah just hit Ctrl + Z and you should be fine
Yup, this will pretty much destroy your system.
Actually curious how though - I mean won’t it just let all programs/users access everything? Or do some system stuff rely on permissions for certain behavior?
SSH will definitely break, I’ve had this issue before. If your private key in the .ssh dir is too open, ssh won’t let you use it.
Theoretically yes, but yes, in that order.
I’ve worked with Linux for decades at this point and I’m still not 100% sure exactly what breaks; it’s a mistake you make once, if at all, and you’ll only get a little way into even trying to figure out how to fix things before you throw your hands up in disgust and reinstall / restore the OS (or whatever subdir was affected).
If I was to hazard a guess, it’s the kernel itself that balks, but there are other, almost as fundamental things (lib*.so files and the like) that may also be deliberately fussy.
I think it’s systemd not the kernel. If only Linux had “repair permissions” like vintage MacOS.
Recursive
chmod(orchown) has been breaking things since before systemd was a thing, so even if systemd is now responsible for stopping things from working, it can’t have been that previously, especially at the time I might have done something silly.As for repairing permissions only, I suppose it would be possible, assuming the system still works (or can somehow be encouraged to do so) to copy only the permissions (or at least infer them) from a backup or something rather than the whole files.
Probably init before that then. I don’t think the kernel cares unless explicitly told to care, I’ve seen some embedded Linux with interesting permissions.
You don’t typically have permissions “become defective” or need them to be “repaired” in a Linux system. Nearly all system files, with their permissions, are included in packages. Everything else should be considered user data.
If you logged in as root and did something dumb, you could attempt to fix the permissions by reinstating packages.
I actually don’t know how many programs do this, but several check that file permissions are correct or refuse to work. Sudo and ash are 2 of them. I could see /etc/shadow being readable and writable by everyone being a problem too, but I don’t know.
Some things refuse to run with too broad permissions
Edit removed it. What was it?
The
chmodyou can still see
the
777stands for ‘lucky jackpot number’, as in ‘youre lucky if you dont break your entire system’well,
666would ‘-_-’
This is so useful! Now I can just run:
rm -rf /Without the sudo!
--no-preserve-root
That’s all true, except when I send you a command. You can totally trust me and just run it.
remove the French language pack, frees up space
I set 777 to my whole file system on a install of Ubuntu back in the day and it does indeed fuck the install in lovely ways. I didn’t bother attempting recovery. Nice learning experience.
@drdiddlybadger @neonred I’ve had results with chmod -r +x /
Better than 666, which I did once 20 years ago
Timeshift: hold my beertfs
Challenge time.
lsreaction to this is unexpected:$ mkdir foo $ echo Foo > foo/file $ chmod a-x foo $ ls -l foo ls: cannot access 'foo/file': Permission denied total 0 -????????? ? ? ? ? ? fileI expected to just get a “Permission denied”, but listing the content it can still do. So
xis for following the name to the inode andrfor listing directory content (i.e. just names)?You can still read the contents of the directory because you have
-ron it. If you just runls fooyou’ll see your file on there, no problem.However, without
-xyou cannot read metadata in that directory. That’s why all information about the file shows as question marks.
No one mentioned ACLs so far. If you see a + using ls -l like this
drwxrwx---+, you have an access control list entry.More than a decade of using linux and I still can’t remember
setfaclsyntax. I have better luck rememberingtarsyntax.tar -xzfextract ze fileAnd
tar -czfcompress ze file. I saw someone post these mnemonic devices a while back and now I actually remember tar commands. Amazing!This is a very useful way to remember it, but nowadays it’s better to drop the z (which immediately makes the mnemonic more forgettable, of course). tar can autodetect compression now, so
tar -xfshould work on anything from plain tar archives over tar.gz to more unusual compression algorithms like tar.xz or tar.bz2.(the z is specifically for gzip)
You don’t even need the dash (
-).
and then what is the thing that will happen to us next
Ouch. I’m sorry you had to find out that way. But in the plus side, you’ll never forget.
Learned that when dealing with Ansible:
- Folder in most cases 755
- File in most cases 644 or 755 if executable.
To change all the directories to 755 (
drwxr-xr-x):find /opt/lampp/htdocs -type d -exec chmod 755 {} \;To change all the files to 644 (
-rw-r--r--):find /opt/lampp/htdocs -type f -exec chmod 644 {} \;deleted by creator
I worked in a job with build scripts. Developers would list what they wanted in a drop-down menu on a website, with very few “fill in the blanks.” This would create a template, which was sanity-checked.
One of the “fill in the blanks” was “home directory of user, if not default /home/username.” Some people filled it in, some didn’t. A lot of “users” might be apps with /home being “/opt/appname” “/var/www/html” or something. We checked to make sure that directory existed, if not, create, and set permissions. Easy peasy, all automated. Ran this lots of times.
Then one day, the script failed. Borked the whole box. Sometimes the VM was corrupt, so delete VM and try again. Usually worked. But this time, the build kept failing. The box went down. Wasn’t even bootable. This happened several times with this one build. So we mounted the borked drive under a new VM and checked out the logs. Just like the dessert stage of Willy Wonka chewing gum, it always failed at the last stage: making /home directories.
It would create them, then halt that it could not find bash. We looked for bash on the bad drive, and it was the usual /bin/bash shortcut to /usr/bin/bash and we were truly puzzled. I did a chroot to the drive and NOTHING worked. It just hung. That was the first clue.
The second was looking through the build script (in bash, which we didn’t write) and checking the steps. Looked it the logs. Always died at creating some user named sapadm, the user for the HANA database. Eventually, I checked the configure file, and noticed it was the only user with the odd home directory “/usr/sap.” Then it hit me: the permissions.
The script, thinking it was a home directory, did a chmod - R 755 for all directories and chmod - R 644 for all files! That meant, while creating home, it made everything under /usr not executable anymore! Holy shit, no wonder nothing worked! So we commented out that user in the config, ran the build again, and we were good! We created the sapadm by hand, and then later fixed the bug in the script.
SANITIZE YOUR DATA. Or you might turn Violet Beauregarde into a blueberry.
I have wasted lots of time on this once, long ago.
Here’s another one I wasted time on. Mount point didn’t have proper permissions (SunOS I think it was). Couldn’t access the mounted filesystem.
Yup. Took me weeks to figure out why I explicitly need to use sudo nvim for my nginx config on my Pi, while on my server my little helper script could automatically use sudo for me. Turns out, I chmoded the sites-available and sites-enabled on my pi to 644 but left them untouched on my server.
I still don’t know what numbers would be 644 but with execute permissions, but in the end, idc.
You can also do
chmod +xto add the executable bit to whatever the existing perms are.0: no permissions
+4: read
+2: write
+1: executeI often go
chmod -R go+rX .if I want to give read-only access to whatever I’m working on to everyone else. The capitalXonly sets the executable bit on directories.
644 and 755 are the two most useful octal codes to remember because they make up the majority of files on your system. 644 is user read/write but read-only for everyone else. 755 adds execute to that, useful for scripts and directories.
Other than that, the most common other things are setting access for group and others to zero, so your ~/.ssh directory is 700 (rwx for you, no access for anyone else) and the private keys in it are 600, rw for you, no access for anyone else).
For those that don’t know, you can use three numbers, zero through eight, with the chmod command. it takes the binary of each digit to set the permissions.
$ chmod 644 6 | 4 | 4 110 | 100 | 100 rw- | r-- | r--with the chmid command
Nah, that command just makes the file below average quality. It’s a new command added by Gen Z.
Execute just adds 1, so if you want the dir world viewable, it’s 755.
