[vox-tech] Access change, possible virus problem

Steve Weiss stevew at bbenginc.com
Thu Jan 3 19:54:54 PST 2008 

Last week my Ubuntu 7.10 system started denying me the right to create 
or delete directories in a separate data partition created when we setup 
my dual-boot (WinXP2) system at an installfest last October. I'd had no 
trouble doing this before last week. I can create and delete files 
within the directories, though.

Here's a typical ls -l for a folder within the partition:
drwxrwx---  8 root plugdev 8192 2007-10-06 18:58 Clients

Here's the same for the partition itself, named /media/Data/mydata:
steve at SteveW:~$ ls -l /media/Data
total 40
-rwxrwx---  1 root plugdev 8192 1980-01-01 00:00 fsck0000.rec
-rwxrwx---  1 root plugdev 8192 1980-01-01 00:00 fsck0001.rec
dr-xr-x--- 42 root plugdev 8192 2007-10-06 23:58 mydata
drwxrwx---  2 root plugdev 8192 2007-10-06 22:38 Recycled
-rwxrwx---  1 root plugdev 8192 2007-12-30 00:29 vsnap.idx

Here's the same for all drives:
steve at SteveW:~$ ls -l /media
total 52
lrwxrwxrwx 1 root  root        6 2007-10-06 07:12 cdrom -> cdrom0
drwxr-xr-x 2 root  root     4096 2007-10-06 07:12 cdrom0
drwxrwx--- 5 root  plugdev  8192 1969-12-31 16:00 Data
drwx------ 7 steve root    32768 1969-12-31 16:00 EXTERNAL
drwxrwx--- 1 root  plugdev  8192 2007-12-29 16:45 sda2

And here's the same for a folder in my home dir:
drwxr-xr-x 2 steve steve 4096 2007-12-01 17:56 Desktop

(EXTERNAL is an external USB HD, and sda2 is the Windows XP partition.)

One suspicious event occurred when I tried to copy data from one of my 
kid's CDs to a flash drive. Turns out the CD had multiple viruses on it. 
Ubuntu crashed several times just copying the files, while other times 
the flash drive would refuse to accept any more files although there was 
plenty of room on it, and it would unmount itself. I later booted into 
Windows and scanned everything for viruses. It only found them on the 
CD, not on either the Windows or data partition, and not on the flash 
drive. (Of course, it couldn't see the Linux partition.)

Anyway, I don't know what changed regarding permissions or ownership, 
whether something got corrupted or a virus somehow became activated. 
(Can't see how the latter could have happened since all I did was copy.) 
Should I scan for viruses on the Linux system? (Any recommendations for 
doing that? I've got no scanner installed yet.)

In any case, how can I fix the problem? Change permissions or ownership? 
Seems like the data partition, which I alone use, should have the same 
ownership as my home directory. I could use the chown command on 
everything in the partition. While that seems extreme, it would be more 
secure than giving permission to all users in the partition. Wish I knew 
all the ownerships and permissions before the corruption. I have system 
backups made with the default settings of sbackup, but this backs up 
only the Linux system info and essentials. I also have backups of the 
data partition made with Norton Ghost, which is Windows/DOS software.

Any advice would be appreciated.

Thanks,
Steve

More information about the vox-tech mailing list