Locked Out: When 'chmod' Loses Its Power

It feels a bit like the classic message 'Keyboard not detected, Press any key to continue.'

While this may not be a common real-life scenario, exploring imaginative situations and problem-solving can be a valuable exercise. To illustrate this, we'll deliberately create a self-inflicted lockout by removing the execution permission from 'chmod’. I would suggest to try this in a container ;).

Let us lockout ourself!

1. check the path of chmod binary

$ which chmod
/bin/chmod        

2. check the current permissions

$ ls -l /bin/chmod
-rwxr-xr-x 1 root root 1021496 Jul 17 18:30 /bin/chmod        

3. Saw off the branch we're perched on.

$ chmod 644 /bin/chmod        

4. Verify the updated permissions

$ ls -l /bin/chmod
-rw-r—-r-- 1 root root 1021496 Jul 17 18:30 /bin/chmod        

Now, we will not be able to use the chmod binary as it lost its execution permission. we're stuck – we can't use the 'chmod' binary, nor can we grant it execution permission again."

$ chmod 755 /bin/chmod
chmod: Permission denied        

Let's reclaim control.

The Escape Act

We can reclaim control using a copy of any binary with execution permission and copy the chmod binary contents to it. Let us use the date command here.

1. check the path of date binary

$ which date
/bin/date        

2. Make a copy of date binary

$ cp -a /bin/date  /root/dummychmod        

Here -a switch it to preserve symlinks, and file attributes.

3. Copy contents of chmod binary to the dummy binary

$ cat /bin/chmod > /root/dummychmod        

4. Reclaim control.

$ /root/dummychmod 755 /bin/chmod        

5. Check

$ ls -l /bin/chmod
-rwxr-xr-x 1 root root 1021496 Jul 17 18:30 /bin/chmod        

6. Verify

$ chmod 755 myscript.sh        

7. Rule!

$ ls -l myscript.sh
-rwxr-xr-x 1 root root 1021496 Jul 17 18:30 myscript.sh