mistersquid

Q: Locked self out of server and now very embarrassed

I opened Mac OS X Server on my laptop to remotely admin another Mac OS X Server (the name of that machine is "receptacle").

 

I had already been sharing the boot volume for "receptacle" and decided to edit the permissions to only allow the "System Administrator (owner)" "Read & Write" access, setting both "Administrators (primary group)" and "Everyone Else" to "No Access" (as shown in the screenshot; don't ask me why I have a screenshot.)

20160318210041-20160318-File Sharing permissions.png

 

Of course, "receptacle" promptly began behaving very unlike its former self. That is, I'm mostly locked out (I can ssh as root but not as a normal user. Remote admin using Mac OS X Server launches but is pretty much unresponsive. I can no longer edit the File Sharing details for "receptacle".)

 

I'm not in front of the machine so can't boot into single-user mode (was considering adapting these instructions). However, I will be in front of the machine inside of the next 24 hours.

 

Can someone please advise whether there is anything I can do remotely and/or what steps I should take when back in front of "receptacle"?

 

Thanks for considering.

Mac mini, OS X Server, Mid 2011 (5,3)

Posted on Mar 18, 2016 9:19 PM

Close

Q: Locked self out of server and now very embarrassed

  • All replies
  • Helpful answers

  • by cdhw,Solvedanswer

    cdhw cdhw Mar 19, 2016 2:51 PM in response to mistersquid
    Level 4 (2,653 points)
    Servers Enterprise
    Mar 19, 2016 2:51 PM in response to mistersquid

    My personal opinion is it is unwise to share the whole boot volume. Too easy to make mistakes and end up with an inaccessible server.

     

    Anyway, you've been lucky because you can still ssh in. So, if I've understood what you've done, you've changed the permissions of the root directory from what they should be, which is:

     

         sh-3.2# ls -dle@ /

         drwxr-xr-x  33 root  wheel  1190 19 Mar 10:12 /

     

    so you should be able to change them back using chmod and/or chown.

     

    C.

  • by mistersquid,Helpful

    mistersquid mistersquid Mar 19, 2016 6:20 PM in response to cdhw
    Level 3 (810 points)
    Mac OS X
    Mar 19, 2016 6:20 PM in response to cdhw

    Thanks, cdhw, for the hint.

     

    I got a directory listing of the boot volume and, sure enough:

     

    ls -dle@ /

    drwx------  34 root  admin  1224 Mar 19 03:04 /

     

    So as root I ran

     

    chmod 755 /

     

    Rebooted "receptacle", toggled the Mac OS X Server services (File Sharing, Mail, Websites, and DNS), and everything seems back to normal.