my server was temporarily compromised and i guess whoever did it made it so that chmod or chown doesn't work. does anyone know how to fix this?
Name:
Anonymous2008-06-24 13:03
Also, I get the "Operation not permitted" message.
Name:
Anonymous2008-06-24 13:12
how does it not work? be more specific. If you get "operation not permitted" than you havent got the rights. who are you and who is the owning user/group
Name:
Anonymous2008-06-24 13:18
oh, sorry. I forgot to mention I'm root, on the server. that's why I was confused; shouldn't root get all privileges?
Name:
Anonymous2008-06-24 13:36
>shouldn't root get all privileges
yes. perhaps the drive the files are on is not writable. check that with the 'mount' command.
Your system is probably still compromised. Whoever broke into it most likely installed a number of back doors, root kits and the like. It would be hard to find all of those and since you don't seem to be a security expert, it will be pretty damn impossible for you.
Copy only files that are human readable off of the server, nuke it completely and set it up again. This time with security in mind from the start.
Name:
Anonymous2008-06-24 17:34
>>6
that would be make the disk writable thus making it possible to change ownership and modi.
i think you probably are best off with what >>7 mentioned for said reasons.
Name:
Anonymous2008-06-24 17:45
>>8
That's supposing that the attacker just remounted some partitions ro. Having that kind of access, he could have done many other things as well. Setting immutable flags, setting up selinux/apparmor policies, change and recompile filesystem drivers or the kernel, change and recompile system utilities (such as chmod etc) and so on. And those would only explain OP's permission trouble. God knows what else is on that system.