Linux – debian: permission denied for all users except of root

bashdebianlinuxpermissionsuser-accounts

I wrote a bash script today which might destroyed some of my user settings and/or permissions. Now I know it was quite stupid to test the script on my live-system ;).

What is not working? Every Process which is running as another user than root (postfix, ftp, dovecot, etc).

EDIT: The folder structur is various in case of owners and permissions. So it doesn't look like I changed something on root dir level. I'm also not able to login or run something as a newly added user (see test below).
proftpd log shows me Unable to open password file /etc/passwd for reading: Permission denied

su test

Cannot execute /bin/bash: Permission denied

ls -l

    drwxrwxr-x 23 root root 4096 Aug 15 15:26 /
   drwxr-xr-x  90 root root  4096 Aug 15 16:38 etc
    -rw-rw-r-- 1 root root 1971 Aug 15 16:25 /etc/passwd
    -rw-r----- 1 root shadow 2151 Aug 15 16:25 /etc/shadow
    drwxrwxr-x   2 root root  4096 Aug 15 16:38 bin
    -rwxr-xr-x 1 root root 941252 Sep 25  2014 /bin/bash

The script

    #!/bin/bash
path="/var/www"
if [ $(id -u) -eq 0 ]; then
       echo "Enter directory name"
       read dirname
       pathdir="$path/$dirname"
       echo $pathdir
           echo "File doesn't exist. Creating now"
               mkdir $pathdir
               mkdir $pathdir/conf
               mkdir $pathdir/docs
               mkdir $pathdir/logs
               mkdir $pathdir/tmp
               mkdir $pathdir/php-fcgi

           echo "Folder structure created"

       read -p "Enter username : " username
       read -s -p "Enter password : " password
       egrep "^$username" /etc/passwd >/dev/null
       if [ $? -eq 0 ]; then
               echo "$username exists!"
               exit 1
       else
               pass=$(perl -e 'print crypt($ARGV[0], "password")' $password)
               useradd -d $pathdir -p $pass $username
               [ $? -eq 0 ] && echo "User has been added to system!" || echo "Failed to add a user!"
       fi
adduser www-data $username
chown root:$user $pathdir
chmod 750 $pathdir
chown $username:$username $pathdir/*
chmod 750 $pathdir/*
confdir=$pathdir/conf
chmod 550 $confdir
cp ./php.ini $confdir
sed -i -e 's#;open_basedir =#open_basedir = '$pathdir'/docs/:'$pathdir'/tmp/#g' $confdir/php.ini
sed -i -e 's#;upload_tmp_dir =#upload_tmp_dir = '$pathdir'/tmp/#g' $confdir/php.ini
sed -i -e 's#;session.save_path =#session.save_path = '$pathdir'/tmp/#g' $confdir/php.ini
chown $username:$username $confdir/php.ini
chmod 440 $confdir/php.ini
generate php-fcgi-starter
cat > $pathdir/php-fcgi/php-fcgi-starter << EOF
#!/bin/sh
PHPRC="${confdir}/"
export PHPRC
export TMPDIR=${pathdir}/tmp
exec /usr/bin/php5-cgi
EOF
chmod 750 $pathdir/php-fcgi/php-fcgi-starter
chattr +i -V $pathdir/php-fcgi/php-fcgi-starter
generate apache vhost
echo "Domain:"
read domain
cat > /etc/apache2/sites-available/$domain << EOF
<VirtualHost *:80>
   ServerAdmin webmaster@mydomain.org
   ServerName ${domain}
   ServerAlias www.${domain}
   SuexecUserGroup ${username} ${username}
   AddHandler fcgid-script .php
   DocumentRoot "${pathdir}/docs"
   DirectoryIndex index.htm index.html index.php
<Directory />
   Options FollowSymLinks
   AllowOverride None
</Directory>
<Directory "${pathdir}/docs">
   Options Indexes MultiViews FollowSymLinks +ExecCGI
   FCGIWrapper ${pathdir}/php-fcgi/php-fcgi-starter .php
   Order allow,deny
   allow from all
</Directory>
LogLevel warn
CustomLog ${pathdir}/logs/access.log combined
ServerSignature On
</VirtualHost>
EOF
a2ensite $domain

echo "Ready"

else
        echo "run as root"
        exit 2
fi

Best Answer

I suspect that you changed the permissions of /.

What is the result of ls -ld /

It should be something like

drwxr-x-rx 22 root root 4096 Aug 15 10:29 /

But perhaps you removed some permissions (or changed even the owner) with your script.

chown root:root /
chmod 755 /

should restore it back to normal.

Related Question