How to fix permissions, I accidentally entered "sudo chown -R username /"?

March 17, 2017 7.6k views
Nginx MySQL WordPress Ubuntu 16.04
csc
By:
csc

How to fix permissions, I accidentally entered "sudo chown -R username /"?

I got the sudo to working again by logging into the Root account however the WordPress website shows a database error and I'm positive it's because of the wrong permissions now.. I can't seem to connect to the database and I'm not sure which permissions to fix.

I get this error when I try to start the msql:

ERROR 2002 (HY000): Can't connect to local MySQL server through socket '/var/run/mysqld/mysqld.sock' (2)

Also, I have a snapshot that I have, would that fix my mistake? It's my last resort if so.

Log In to Comment
5 Answers
jtittle1 March 17, 2017
Accepted Answer

@csc

You'll have to forgive me for dropping directly in to the comments instead of re-reading the original on this one. I was following the tags and got to the point about MySQL.

The issue is you ran chown on / and at this point, changing the ownership of the MySQL directory isn't going to be enough as files that need to be owned by root and other users are now setup with ownership by a user that -- best case is a sudo user -- worst case, is just a normal user (thus software that needs root won't function).

Your system won't function properly in that state. Even if you do manage to get MySQL up and running, something else is very likely to go wrong and you'll be back in the same situation with a different piece of software.

..

Given the numerous files and directories that were affected by chown -R user /, your absolute best bet is going to be deploying another Droplet and building it over -- then migrating your site over to it.

Note, I'm not saying rebuild from a snapshot (unless that snapshot is before you ran this command), I mean literally start from scratch so that all files and directories are properly owned by their respective users.

I know that's not what you want to hear right now, but you're going to spend more time trying to fix the files/directories and their ownership/permissions than you will moving the site over. There's no way to just undo a command either, so starting from scratch is going to be your best bet.

...

One thing though -- don't beat yourself up over it -- we all make mistakes. I've made my fair share in the last 16-17 years. Moving forward, I find it best to write your commands in a text editor, and then copy -> paste in to terminal. That way you're physically looking at the command at least twice before you hit enter.

Reply
hansen March 17, 2017

Yes, use the snapshot. Remember that will reverse all changes back to whenever you made the snapshot. Meaning changes in WordPress/etc will be lost.
It will almost be an impossible task to manually revert every file and directory to the correct owner.

Reply
  • csc March 17, 2017

    Okay I'm fine with that, but is there any way to get the local MySQL server to work so that I can backup the database?

    • hansen March 17, 2017

      Of course, it's just a matter of changing the owner of the files required by MySQL.
      Run these commands:

      chown -R mysql /var/run/mysqld
chown -R mysql /var/lib/mysql

      Then let's see if MySQL can start.

      • csc March 17, 2017

        I ran the above commands, and started it but I got this error:

        Job for mysql.service failed because the control process exited with error code. See "systemctl status mysql.service" and "journalctl -xe" for details.

        Then I ran systemctl status mysql.service and got the this:

        ● mysql.service - MySQL Community Server
        Loaded: loaded (/lib/systemd/system/mysql.service; enabled; vendor preset: enabled)
        Active: activating (start-post) (Result: exit-code) since Fri 2017-03-17 03:30:58 UTC; 12s ago
        Process: 23911 ExecStart=/usr/sbin/mysqld (code=exited, status=1/FAILURE)
        Process: 23906 ExecStartPre=/usr/share/mysql/mysql-systemd-start pre (code=exited, status=0/SUCCESS)
        Main PID: 23911 (code=exited, status=1/FAILURE); : 23912 (mysql-systemd-s)
        Tasks: 2
        Memory: 316.0K
        CPU: 340ms
        CGroup: /system.slice/mysql.service
        └─control
        ├─23912 /bin/bash /usr/share/mysql/mysql-systemd-start post
        └─23941 sleep 1

        Mar 17 03:30:58 systemd[1]: Starting MySQL Community Server...
        Mar 17 03:30:59 systemd[1]: mysql.service: Main process exited, code=exited, status=1/FAILURE

        Sadly I'm not sure what to do from here

        • hansen March 17, 2017

          Does /var/log/mysql/error.log or /var/log/mysql.err give any hints?
          Otherwise take a copy of entire /var/lib/mysql/ to your local computer, since that's the data-storage and we'll have to see if it can be recovered after reverting to the snapshot.
          @jtittle Do you have any ideas?

          • csc March 17, 2017

            ran tail -f /var/log/mysql/error.log and i got this:

            2017-03-17T00:22:10.622567Z 0 [ERROR] InnoDB: The error means mysqld does not have the access rights to the directory.
2017-03-17T00:22:10.622593Z 0 [Note] Shutting down plugin 'CSV'
2017-03-17T00:22:10.622640Z 0 [Note] Shutting down plugin 'MyISAM'
2017-03-17T00:22:10.622674Z 0 [Note] Shutting down plugin 'MEMORY'
2017-03-17T00:22:10.622690Z 0 [Note] Shutting down plugin 'MRG_MYISAM'
2017-03-17T00:22:10.622996Z 0 [Note] Shutting down plugin 'sha256_password'
2017-03-17T00:22:10.623026Z 0 [Note] Shutting down plugin 'mysql_native_password'
2017-03-17T00:22:10.625026Z 0 [Note] Shutting down plugin 'binlog'
2017-03-17T00:22:10.628625Z 0 [Note] /usr/sbin/mysqld: Shutdown complete

            Not sure what permissions I need to fix so it has access rights.

          • jtittle1 March 17, 2017

            @csc

            I'd run tail -50 on the logs to see if it's producing a usable error:

            tail -50 /var/log/mysql/error.log

            Sadly, systemd / journalctl isn't really producing anything useful from what you've posted, so we'd need to rely on the error log itself to see if more has been logged.

            Weird things can happen when you chown the wrong file(s), so just to be safe, I'd also recommend backing up your ib_logfile log files (there should be two) using something such as:

            mkdir -p /usr/local/src/mysql

            Then:

            cp /var/lib/mysql/ib_logfile* /usr/local/src/mysql

            Once you've done this, remove the non-backups:

            rm -rf /var/lib/mysql/ib_logfile*

            You can try to restart MySQL then, or post the output of the tail command above and we can troubleshoot from there. If MySQL starts up after removing those files, I'd still post the logs so that we can check to make sure there's nothing else wrong.

csc March 17, 2017
[deleted]
Reply
hansen March 17, 2017

@csc Starting a new thread, since it's maxed out.

Can you run tail -100 /var/log/mysql/error.log because we need to see the lines just before InnoDB complaining about rights.

Reply
  • csc March 17, 2017 
    2017-03-17T00:22:09.108857Z 0 [Note] Giving 0 client threads a chance to die gracefully
2017-03-17T00:22:09.109073Z 0 [Note] Shutting down slave threads
2017-03-17T00:22:09.109111Z 0 [Note] Forcefully disconnecting 0 remaining clients
2017-03-17T00:22:09.109391Z 0 [Note] Event Scheduler: Purging the queue. 0 events
2017-03-17T00:22:09.114565Z 0 [Note] Binlog end
2017-03-17T00:22:09.156953Z 0 [Note] Shutting down plugin 'ngram'
2017-03-17T00:22:09.157022Z 0 [Note] Shutting down plugin 'ARCHIVE'
2017-03-17T00:22:09.157036Z 0 [Note] Shutting down plugin 'BLACKHOLE'
2017-03-17T00:22:09.157053Z 0 [Note] Shutting down plugin 'partition'
2017-03-17T00:22:09.157060Z 0 [Note] Shutting down plugin 'PERFORMANCE_SCHEMA'
2017-03-17T00:22:09.158389Z 0 [Note] Shutting down plugin 'INNODB_SYS_VIRTUAL'
2017-03-17T00:22:09.158434Z 0 [Note] Shutting down plugin 'INNODB_SYS_DATAFILES'
2017-03-17T00:22:09.158443Z 0 [Note] Shutting down plugin 'INNODB_SYS_TABLESPACES'
2017-03-17T00:22:09.158448Z 0 [Note] Shutting down plugin 'INNODB_SYS_FOREIGN_COLS'
2017-03-17T00:22:09.158454Z 0 [Note] Shutting down plugin 'INNODB_SYS_FOREIGN'
2017-03-17T00:22:09.158459Z 0 [Note] Shutting down plugin 'INNODB_SYS_FIELDS'
2017-03-17T00:22:09.158470Z 0 [Note] Shutting down plugin 'INNODB_SYS_COLUMNS'
2017-03-17T00:22:09.158475Z 0 [Note] Shutting down plugin 'INNODB_SYS_INDEXES'
2017-03-17T00:22:09.158481Z 0 [Note] Shutting down plugin 'INNODB_SYS_TABLESTATS'
2017-03-17T00:22:09.158486Z 0 [Note] Shutting down plugin 'INNODB_SYS_TABLES'
2017-03-17T00:22:09.158492Z 0 [Note] Shutting down plugin 'INNODB_FT_INDEX_TABLE'
2017-03-17T00:22:09.158497Z 0 [Note] Shutting down plugin 'INNODB_FT_INDEX_CACHE'
2017-03-17T00:22:09.158502Z 0 [Note] Shutting down plugin 'INNODB_FT_CONFIG'
2017-03-17T00:22:09.158507Z 0 [Note] Shutting down plugin 'INNODB_FT_BEING_DELETED'
2017-03-17T00:22:09.158513Z 0 [Note] Shutting down plugin 'INNODB_FT_DELETED'
2017-03-17T00:22:09.158518Z 0 [Note] Shutting down plugin 'INNODB_FT_DEFAULT_STOPWORD'
2017-03-17T00:22:09.158523Z 0 [Note] Shutting down plugin 'INNODB_METRICS'
2017-03-17T00:22:09.158528Z 0 [Note] Shutting down plugin 'INNODB_TEMP_TABLE_INFO'
2017-03-17T00:22:09.158534Z 0 [Note] Shutting down plugin 'INNODB_BUFFER_POOL_STATS'
2017-03-17T00:22:09.158539Z 0 [Note] Shutting down plugin 'INNODB_BUFFER_PAGE_LRU'
2017-03-17T00:22:09.158544Z 0 [Note] Shutting down plugin 'INNODB_BUFFER_PAGE'
2017-03-17T00:22:09.158550Z 0 [Note] Shutting down plugin 'INNODB_CMP_PER_INDEX_RESET'
2017-03-17T00:22:09.158556Z 0 [Note] Shutting down plugin 'INNODB_CMP_PER_INDEX'
2017-03-17T00:22:09.158561Z 0 [Note] Shutting down plugin 'INNODB_CMPMEM_RESET'
2017-03-17T00:22:09.158566Z 0 [Note] Shutting down plugin 'INNODB_CMPMEM'
2017-03-17T00:22:09.158571Z 0 [Note] Shutting down plugin 'INNODB_CMP_RESET'
2017-03-17T00:22:09.158577Z 0 [Note] Shutting down plugin 'INNODB_CMP'
2017-03-17T00:22:09.158582Z 0 [Note] Shutting down plugin 'INNODB_LOCK_WAITS'
2017-03-17T00:22:09.158587Z 0 [Note] Shutting down plugin 'INNODB_LOCKS'
2017-03-17T00:22:09.158592Z 0 [Note] Shutting down plugin 'INNODB_TRX'
2017-03-17T00:22:09.158598Z 0 [Note] Shutting down plugin 'InnoDB'
2017-03-17T00:22:09.159976Z 0 [Note] InnoDB: FTS optimize thread exiting.
2017-03-17T00:22:09.160505Z 0 [Note] InnoDB: Starting shutdown...
2017-03-17T00:22:09.263624Z 0 [ERROR] InnoDB: Operating system error number 13 in a file operation.
2017-03-17T00:22:09.263705Z 0 [ERROR] InnoDB: The error means mysqld does not have the access rights to the directory.
2017-03-17T00:22:09.264328Z 0 [Note] InnoDB: Dumping buffer pool(s) to /var/lib/mysql/ib_buffer_pool
2017-03-17T00:22:09.264457Z 0 [ERROR] InnoDB: Cannot open '/var/lib/mysql/ib_buffer_pool.incomplete' for writing: Permission denied
2017-03-17T00:22:10.622404Z 0 [Note] InnoDB: Shutdown completed; log sequence number 358048884
2017-03-17T00:22:10.622543Z 0 [ERROR] InnoDB: Operating system error number 13 in a file operation.
2017-03-17T00:22:10.622567Z 0 [ERROR] InnoDB: The error means mysqld does not have the access rights to the directory.
2017-03-17T00:22:10.622593Z 0 [Note] Shutting down plugin 'CSV'
2017-03-17T00:22:10.622640Z 0 [Note] Shutting down plugin 'MyISAM'
2017-03-17T00:22:10.622674Z 0 [Note] Shutting down plugin 'MEMORY'
2017-03-17T00:22:10.622690Z 0 [Note] Shutting down plugin 'MRG_MYISAM'
2017-03-17T00:22:10.622996Z 0 [Note] Shutting down plugin 'sha256_password'
2017-03-17T00:22:10.623026Z 0 [Note] Shutting down plugin 'mysql_native_password'
2017-03-17T00:22:10.625026Z 0 [Note] Shutting down plugin 'binlog'
2017-03-17T00:22:10.628625Z 0 [Note] /usr/sbin/mysqld: Shutdown complete

    That's what it gives when I ran your command

    • hansen March 17, 2017

      @csc Perfect. It looks like there's still some issues in the /var/lib/mysql directory, so let's just make sure the ownership is set correct.

      ls -l /var/lib/mysql/

      @jtittle Thank you for joining the dance. Did you see the tail -100 ? Less specific information than I expected.

      • csc March 17, 2017

        This is what the ownership looks like:

        -rwxr-xr-x 1 mysql mysql       56 Nov 10 19:18 auto.cnf
-rwxr-xr-x 1 mysql mysql        0 Nov 10 19:19 debian-5.7.flag
-rwxr-xr-x 1 mysql mysql     4684 Feb 23 23:10 ib_buffer_pool
-rwxr-xr-x 1 mysql mysql 79691776 Mar 17 00:22 ibdata1
-rwxr-xr-x 1 mysql mysql 12582912 Mar 17 00:12 ibtmp1
drwxr-xr-x 2 mysql mysql     4096 Nov 10 19:18 mysql
drwxr-xr-x 2 mysql mysql     4096 Nov 10 19:18 performance_schema
drwxr-xr-x 2 mysql mysql    12288 Nov 10 19:18 sys
drwxr-xr-x 2 mysql mysql    12288 Feb 23 22:31 walterwraith
        • hansen March 17, 2017

          @csc I don't understand why it's complaining about access rights to /var/lib/mysql
          If you run ls -l /var/lib/ does the mysql directory look like this (with a different date/time of course)

          drwxr-xr-x  7 mysql   mysql   4096 Mar 16 13:46 mysql
          • csc March 17, 2017

            yeah it looks like this: 

            drwxr-xr-x  6 mysql mysql 4096 Mar 17 04:26 mysql
drwxr-xr-x  2 mysql mysql 4096 Nov 10 19:19 mysql-files
drwxr-xr-x  2 mysql mysql 4096 Nov 10 19:18 mysql-keyring
        • csc March 17, 2017

          I did another journalctl -xe | taile -100. this is what shows up:

          Mar 17 04:23:39 walter-wraith sshd[32185]: Disconnected from 221.194.44.224 port 52544 [preauth]
Mar 17 04:23:39 walter-wraith sshd[32185]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=221.194.44.224  user=root
Mar 17 04:23:39 walter-wraith sshd[32209]: Failed password for root from 61.177.172.46 port 11260 ssh2
Mar 17 04:23:39 walter-wraith sshd[32209]: Excess permission or bad ownership on file /var/log/btmp
Mar 17 04:23:41 walter-wraith sshd[32193]: Failed password for root from 223.99.60.42 port 15233 ssh2
Mar 17 04:23:41 walter-wraith sshd[32193]: Excess permission or bad ownership on file /var/log/btmp
Mar 17 04:23:41 walter-wraith sshd[32209]: Failed password for root from 61.177.172.46 port 11260 ssh2
Mar 17 04:23:41 walter-wraith sshd[32209]: Excess permission or bad ownership on file /var/log/btmp
Mar 17 04:23:41 walter-wraith sshd[32209]: Received disconnect from 61.177.172.46 port 11260:11:  [preauth]
Mar 17 04:23:41 walter-wraith sshd[32209]: Disconnected from 61.177.172.46 port 11260 [preauth]
Mar 17 04:23:41 walter-wraith sshd[32209]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.172.46  user=root
Mar 17 04:23:42 walter-wraith systemd[1]: Failed to start MySQL Community Server.
-- Subject: Unit mysql.service has failed
-- Defined-By: systemd
-- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
--
-- Unit mysql.service has failed.
--
-- The result is failed.
Mar 17 04:23:42 walter-wraith systemd[1]: mysql.service: Unit entered failed state.
Mar 17 04:23:42 walter-wraith systemd[1]: mysql.service: Failed with result 'exit-code'.
Mar 17 04:23:42 walter-wraith systemd[1]: mysql.service: Service hold-off time over, scheduling restart.
Mar 17 04:23:42 walter-wraith systemd[1]: Stopped MySQL Community Server.
-- Subject: Unit mysql.service has finished shutting down
-- Defined-By: systemd
-- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
--
-- Unit mysql.service has finished shutting down.
Mar 17 04:23:42 walter-wraith systemd[1]: Starting MySQL Community Server...
-- Subject: Unit mysql.service has begun start-up
-- Defined-By: systemd
-- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
--
-- Unit mysql.service has begun starting up.
Mar 17 04:23:42 walter-wraith systemd[1]: mysql.service: Main process exited, code=exited, status=1/FAILURE
Mar 17 04:23:44 walter-wraith sshd[32193]: Failed password for root from 223.99.60.42 port 15233 ssh2
Mar 17 04:23:44 walter-wraith sshd[32193]: Excess permission or bad ownership on file /var/log/btmp
Mar 17 04:23:44 walter-wraith sshd[32193]: error: maximum authentication attempts exceeded for root from 223.99.60.42 port 15233 ssh2 [preauth]
Mar 17 04:23:44 walter-wraith sshd[32193]: Disconnecting: Too many authentication failures [preauth]
Mar 17 04:23:44 walter-wraith sshd[32193]: PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=223.99.60.42  user=root
Mar 17 04:23:44 walter-wraith sshd[32193]: PAM service(sshd) ignoring max retries; 6 > 3
Mar 17 04:23:45 walter-wraith sshd[32227]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=221.194.44.224  user=root
Mar 17 04:23:47 walter-wraith sshd[32227]: Failed password for root from 221.194.44.224 port 56260 ssh2
Mar 17 04:23:47 walter-wraith sshd[32227]: Excess permission or bad ownership on file /var/log/btmp
Mar 17 04:23:47 walter-wraith sshd[32217]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=121.18.238.114  user=root
Mar 17 04:23:47 walter-wraith sshd[32252]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=223.99.60.42  user=root
Mar 17 04:23:49 walter-wraith sshd[32217]: Failed password for root from 121.18.238.114 port 47272 ssh2
Mar 17 04:23:49 walter-wraith sshd[32217]: Excess permission or bad ownership on file /var/log/btmp
Mar 17 04:23:49 walter-wraith sshd[32252]: Failed password for root from 223.99.60.42 port 42281 ssh2
Mar 17 04:23:49 walter-wraith sshd[32252]: Excess permission or bad ownership on file /var/log/btmp
Mar 17 04:23:51 walter-wraith sshd[32227]: Failed password for root from 221.194.44.224 port 56260 ssh2
Mar 17 04:23:51 walter-wraith sshd[32227]: Excess permission or bad ownership on file /var/log/btmp
Mar 17 04:23:52 walter-wraith sshd[32252]: Failed password for root from 223.99.60.42 port 42281 ssh2
Mar 17 04:23:52 walter-wraith sshd[32252]: Excess permission or bad ownership on file /var/log/btmp
Mar 17 04:23:53 walter-wraith kernel: [UFW BLOCK] IN=eth0 OUT= MAC=1a:9a:64:70:66:2a:30:7c:5e:91:94:30:08:00 SRC=23.248.219.32 DST=138.197.134.110 LEN=40 TOS=0x00 PREC=0x00 TTL=119 ID=256 PROTO=TCP SPT=56109 DPT=3389 WINDOW=16384 RES=0x00 SYN URGP=0
Mar 17 04:23:53 walter-wraith sshd[32217]: Failed password for root from 121.18.238.114 port 47272 ssh2
Mar 17 04:23:53 walter-wraith sshd[32217]: Excess permission or bad ownership on file /var/log/btmp
Mar 17 04:23:53 walter-wraith sshd[32227]: Failed password for root from 221.194.44.224 port 56260 ssh2
Mar 17 04:23:53 walter-wraith sshd[32227]: Excess permission or bad ownership on file /var/log/btmp
Mar 17 04:23:55 walter-wraith sshd[32252]: Failed password for root from 223.99.60.42 port 42281 ssh2
Mar 17 04:23:55 walter-wraith sshd[32252]: Excess permission or bad ownership on file /var/log/btmp
Mar 17 04:23:56 walter-wraith sshd[32217]: Failed password for root from 121.18.238.114 port 47272 ssh2
Mar 17 04:23:56 walter-wraith sshd[32217]: Excess permission or bad ownership on file /var/log/btmp
Mar 17 04:23:57 walter-wraith sshd[32217]: Received disconnect from 121.18.238.114 port 47272:11:  [preauth]
Mar 17 04:23:57 walter-wraith sshd[32217]: Disconnected from 121.18.238.114 port 47272 [preauth]
Mar 17 04:23:57 walter-wraith sshd[32217]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=121.18.238.114  user=root
Mar 17 04:23:57 walter-wraith sshd[32227]: Received disconnect from 221.194.44.224 port 56260:11:  [preauth]
Mar 17 04:23:57 walter-wraith sshd[32227]: Disconnected from 221.194.44.224 port 56260 [preauth]
Mar 17 04:23:57 walter-wraith sshd[32227]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=221.194.44.224  user=root
Mar 17 04:23:57 walter-wraith sshd[32252]: Failed password for root from 223.99.60.42 port 42281 ssh2
Mar 17 04:23:57 walter-wraith sshd[32252]: Excess permission or bad ownership on file /var/log/btmp
Mar 17 04:24:00 walter-wraith sshd[32279]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=221.194.44.224  user=root
Mar 17 04:24:00 walter-wraith sshd[32252]: Failed password for root from 223.99.60.42 port 42281 ssh2
Mar 17 04:24:00 walter-wraith sshd[32252]: Excess permission or bad ownership on file /var/log/btmp
Mar 17 04:24:01 walter-wraith sshd[32279]: Failed password for root from 221.194.44.224 port 39605 ssh2
Mar 17 04:24:01 walter-wraith sshd[32279]: Excess permission or bad ownership on file /var/log/btmp
Mar 17 04:24:03 walter-wraith sshd[32252]: Failed password for root from 223.99.60.42 port 42281 ssh2
Mar 17 04:24:03 walter-wraith sshd[32252]: Excess permission or bad ownership on file /var/log/btmp
Mar 17 04:24:03 walter-wraith sshd[32252]: error: maximum authentication attempts exceeded for root from 223.99.60.42 port 42281 ssh2 [preauth]
Mar 17 04:24:03 walter-wraith sshd[32252]: Disconnecting: Too many authentication failures [preauth]
Mar 17 04:24:03 walter-wraith sshd[32252]: PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=223.99.60.42  user=root
Mar 17 04:24:03 walter-wraith sshd[32252]: PAM service(sshd) ignoring max retries; 6 > 3
Mar 17 04:24:04 walter-wraith sshd[32278]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=121.18.238.114  user=root
Mar 17 04:24:04 walter-wraith sshd[32279]: Failed password for root from 221.194.44.224 port 39605 ssh2
Mar 17 04:24:04 walter-wraith sshd[32279]: Excess permission or bad ownership on file /var/log/btmp
Mar 17 04:24:05 walter-wraith sshd[32292]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.172.46  user=root
Mar 17 04:24:06 walter-wraith sshd[32278]: Failed password for root from 121.18.238.114 port 46488 ssh2
Mar 17 04:24:06 walter-wraith sshd[32278]: Excess permission or bad ownership on file /var/log/btmp
Mar 17 04:24:06 walter-wraith sshd[32279]: Failed password for root from 221.194.44.224 port 39605 ssh2
Mar 17 04:24:06 walter-wraith sshd[32279]: Excess permission or bad ownership on file /var/log/btmp
Mar 17 04:24:06 walter-wraith sshd[32292]: Failed password for root from 61.177.172.46 port 34489 ssh2
Mar 17 04:24:06 walter-wraith sshd[32292]: Excess permission or bad ownership on file /var/log/btmp
Mar 17 04:24:06 walter-wraith sshd[32279]: Received disconnect from 221.194.44.224 port 39605:11:  [preauth]
Mar 17 04:24:06 walter-wraith sshd[32279]: Disconnected from 221.194.44.224 port 39605 [preauth]
Mar 17 04:24:06 walter-wraith sshd[32279]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=221.194.44.224  user=root
Mar 17 04:24:08 walter-wraith sshd[32292]: Failed password for root from 61.177.172.46 port 34489 ssh2
Mar 17 04:24:08 walter-wraith sshd[32292]: Excess permission or bad ownership on file /var/log/btmp
Mar 17 04:24:09 walter-wraith sshd[32298]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=223.99.60.42  user=root
Mar 17 04:24:09 walter-wraith sshd[32278]: Failed password for root from 121.18.238.114 port 46488 ssh2
Mar 17 04:24:09 walter-wraith sshd[32278]: Excess permission or bad ownership on file /var/log/btmp
csc March 17, 2017

@hansen

this is what it shows now after running chown root /var/log/btmp

Mar 17 04:28:47 walter-wraith systemd[1]: mysql.service: Main process exited, code=exited, status=1/FAILURE
Mar 17 04:28:49 walter-wraith sshd[605]: Failed password for root from 61.177.172.46 port 52472 ssh2
Mar 17 04:28:49 walter-wraith sshd[605]: Excess permission or bad ownership on file /var/log/btmp
Mar 17 04:28:50 walter-wraith sshd[583]: Failed password for root from 223.99.60.42 port 52118 ssh2
Mar 17 04:28:50 walter-wraith sshd[583]: Excess permission or bad ownership on file /var/log/btmp
Mar 17 04:28:50 walter-wraith sshd[583]: error: maximum authentication attempts exceeded for root from 223.99.60.42 port 52118 ssh2 [preauth]
Mar 17 04:28:50 walter-wraith sshd[583]: Disconnecting: Too many authentication failures [preauth]
Mar 17 04:28:50 walter-wraith sshd[583]: PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=223.99.60.42  user=root
Mar 17 04:28:50 walter-wraith sshd[583]: PAM service(sshd) ignoring max retries; 6 > 3
Mar 17 04:28:50 walter-wraith sshd[605]: Received disconnect from 61.177.172.46 port 52472:11:  [preauth]
Mar 17 04:28:50 walter-wraith sshd[605]: Disconnected from 61.177.172.46 port 52472 [preauth]
Mar 17 04:28:50 walter-wraith sshd[605]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.172.46  user=root
Mar 17 04:28:53 walter-wraith sshd[644]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=223.99.60.42  user=root
Reply
  • hansen March 17, 2017

    @csc I'm at a loss. I'm not sure why it's complaining about rights, when it has the regular rights to /var/lib/mysql.
    I would:

    1. Take a backup of /var/lib/mysql to your local computer
    2. Revert to the snapshot
    3. Shutdown mysql
    4. Copy the backup files to /var/lib/mysql and make sure the rights are correct
    5. Start mysql
Have another answer? Share your knowledge.

Related Questions