模拟测试恢复redhat7.5系统权限

Posted 2021-05-16

一、需求,使用chown -R mysql:mysql / 修改了所有目录! 本次测试如何恢复操作系统权限！

本次使用的是操作系统命令getfacl 

 

二、测试操作

2.1 模拟误操作

# chown -R mysql:mysql /
···
chown: changing ownership of proc/3037/task/3037/oom_adj Permission denied
···
chown: changing ownership of sys/fs/cgroup/cpu Read-only file system
chown: changing ownership of sys/fs/cgroup Read-only file system

 

2.2 观察OS上的Oracle DB

# su - oracle
Last login: Sun May 16 19:12:33 CST 2021 on pts/3
su: warning: cannot change directory to /home/oracle: Permission denied
mkdir: cannot create directory \'/home/oracle\': Permission denied
-bash: /home/oracle/.bash_profile: Permission denied

19c
SQL> alter system checkpoint;
alter system checkpoint
*
ERROR at line 1:
ORA-03113: end-of-file on communication channel
Process ID: 2415
Session ID: 34 Serial number: 18564


SQL> exit
Disconnected from Oracle Database 19c Enterprise Edition Release 19.0.0.0.0 - Production
Version 19.3.0.0.0
DB alert 无任何记录！

 

2.3 进行恢复

找一个同版本好的系统,对权限备份,目标主机重启ssh服务,随后scp将好的权限文件拷贝过去！

找一台其他同类正常的测试单机环境，备份好的权限属主
#getfacl -pR / >/tmp/dir_backup.txt

修改ssh权限,启动ssh服务
# systemctl status sshd.service
# chown root:root /etc/hosts.allow
# chown root:root /usr/sbin/sshd
# chown root:root /usr/lib/systemd/system/sshd.service
# chown -R root:root /var/empty/sshd
# systemctl restart sshd.service

# scp /tmp/dir_backup.txt root@10.0.0.93:/tmp/.

手工恢复部分权限，随后使用好的系统权限刷一遍！

恢复有问题的机器
# chown root:root /tmp
# chown -R root:root /etc
# chown -R root:root /lib
# chown -R root:root /bin
# chown -R root:root /usr
# chown -R root:root /sbin
# chown root:ssh_keys /etc/ssh/*key
# chmod +s /usr/bin/su
# chown root:root /var
根据/var目录手工排除tmp目录！
# chown -R root:root /var/yp
# chown -R root:root /var/preserve
# chown -R root:root /var/opt
# chown -R root:root /var/nis
# chown -R root:root /var/local
# chown -R root:root /var/gopher
# chown -R root:root /var/games
# chown -R root:root /var/adm
# chown -R root:root /var/crash
# chown -R root:root /var/kerberos
# chown -R root:root /var/empty
# chown -R root:root /var/account
# chown -R root:root /var/db
# chown -R root:root /var/spool
# chown -R root:root /var/lib
# chown -R root:root /var/cache
# chown -R root:root /var/log
# chown root:root /var/tmp
# chown root:root /var/tmp/systemd*
#chown root:tty      /bin/wall
#chown root:slocate  /bin/locate
#chown root:cgred    /bin/cgexec
#chown root:cgred    /bin/cgclassify
#chown root:stapusr  /bin/staprun
#chown root:nobody   /bin/ssh-agent
#chown root:tty      /bin/write
#chown root:chrony   /etc/chrony.keys
#chown tss:tss       /etc/tcsd.conf
#chown root:postdrop  /usr/sbin/postqueue
#chown root:postdrop  /usr/sbin/postdrop
#chown rpc:rpc             /run/rpcbind
#chown root:libstoragemgmt /run/lsm
#chown root:libstoragemgmt /run/lsm/ipc
#chown root:utmp           /run/utmp



#setfacl --restore=/tmp/dir_backup.txt

最后，手工修改Oracle的部分权限！

# id oracle
uid=200(oracle) gid=2000(oinstall) groups=2000(oinstall),2001(dba),2002(oper),503(backupdba),504(dgdba),505(kmdba),506(racdba)
#cd /home
#ls -lrt
#chown -R oracle:oinstall oracle

# cat 11204_profile 
export ORACLE_BASE=/u01/app/oracle
export ORACLE_HOME=/u01/app/oracle/product/11.2.0/dbhome_1
# cat  19_profile 
export ORACLE_BASE=/u01/app/oracle
export ORACLE_HOME=/u01/app/oracle/product/19/dbhome_1

#chown -R oracle:oinstall /u01/app/oraInventory
#chown -R oracle:oinstall /u01/app/oracle
#chown oracle:oinstall /data/oracle/*.dbf
# ls -ld /u01
# chown oracle:oinstall /u01
# chown oracle:oinstall /u01/app

# pwd
/var/tmp/.oracle
# chown oracle:oinstall *

验证

ssh服务状态
# systemctl status sshd.service
DB能否正常读写
sqlplus / as sysdba <<EOF
alter system switch logfile;
alter system checkpoint;
exit;
EOF
监听程序是否正常
lsnrctl status
#init 6
or #reboot 重启确认系统可以正常重启完成！！！