[vox-tech] Access change, possible virus problem

Jeff Newmiller jdnewmil at dcn.davis.ca.us
Fri Jan 4 09:51:28 PST 2008 

Steve Weiss wrote:
> Last week my Ubuntu 7.10 system started denying me the right to create 
> or delete directories in a separate data partition created when we setup 
> my dual-boot (WinXP2) system at an installfest last October. I'd had no 
> trouble doing this before last week. I can create and delete files 
> within the directories, though.
> 
> Here's a typical ls -l for a folder within the partition:
> drwxrwx---  8 root plugdev 8192 2007-10-06 18:58 Clients
> 
> Here's the same for the partition itself, named /media/Data/mydata:
> steve at SteveW:~$ ls -l /media/Data
> total 40
> -rwxrwx---  1 root plugdev 8192 1980-01-01 00:00 fsck0000.rec
> -rwxrwx---  1 root plugdev 8192 1980-01-01 00:00 fsck0001.rec
> dr-xr-x--- 42 root plugdev 8192 2007-10-06 23:58 mydata
> drwxrwx---  2 root plugdev 8192 2007-10-06 22:38 Recycled
> -rwxrwx---  1 root plugdev 8192 2007-12-30 00:29 vsnap.idx
> 
> Here's the same for all drives:
> steve at SteveW:~$ ls -l /media
> total 52
> lrwxrwxrwx 1 root  root        6 2007-10-06 07:12 cdrom -> cdrom0
> drwxr-xr-x 2 root  root     4096 2007-10-06 07:12 cdrom0
> drwxrwx--- 5 root  plugdev  8192 1969-12-31 16:00 Data
> drwx------ 7 steve root    32768 1969-12-31 16:00 EXTERNAL
> drwxrwx--- 1 root  plugdev  8192 2007-12-29 16:45 sda2
> 
> And here's the same for a folder in my home dir:
> drwxr-xr-x 2 steve steve 4096 2007-12-01 17:56 Desktop
> 
> (EXTERNAL is an external USB HD, and sda2 is the Windows XP partition.)
> 
> One suspicious event occurred when I tried to copy data from one of my 
> kid's CDs to a flash drive. Turns out the CD had multiple viruses on it. 
> Ubuntu crashed several times just copying the files, while other times 
> the flash drive would refuse to accept any more files although there was 
> plenty of room on it, and it would unmount itself. I later booted into 
> Windows and scanned everything for viruses. It only found them on the 
> CD, not on either the Windows or data partition, and not on the flash 
> drive. (Of course, it couldn't see the Linux partition.)

This sounds more like filesystem corruption or a bad physical connection
to the usb drive than a virus.

> Anyway, I don't know what changed regarding permissions or ownership, 
> whether something got corrupted or a virus somehow became activated. 

Viruses are self-replicating executable code (with side effects).  They
are not features of stored data that can arbitrarily affect whatever
operating system reads the media they are stored on.  It may look like
this in Windows because Microsoft tends to automatically run a various
types of programs regardless of where the code came from... but Linux
doesn't do this.

> (Can't see how the latter could have happened since all I did was copy.) 

Neither can I.

> Should I scan for viruses on the Linux system? (Any recommendations for 
> doing that? I've got no scanner installed yet.)

No.

> In any case, how can I fix the problem? Change permissions or ownership? 
> Seems like the data partition, which I alone use, should have the same 
> ownership as my home directory. I could use the chown command on 
> everything in the partition. While that seems extreme, it would be more 
> secure than giving permission to all users in the partition. Wish I knew 
> all the ownerships and permissions before the corruption. I have system 
> backups made with the default settings of sbackup, but this backs up 
> only the Linux system info and essentials. I also have backups of the 
> data partition made with Norton Ghost, which is Windows/DOS software.
> 
> Any advice would be appreciated.

This device is being managed by the hardware abstraction layer, so the
ownership is correct.  Your username should be a member of the plugdev
group, and anyone you don't want to have access should not be a member
of that group. (/etc/groups or a GUI user/group management control panel)

I note that your "mydata" directory has no write access enabled.
This will prevent you from creating any files or directories
immediately within "mydata" (though subdirectories below that will
not be affected).

Creating a file in a directory depends on the execute and
write permissions being enabled for you on that directory... permissions
which are visible when you list them from the directory that contains
the directory you want to modify (one level up from where you want to
create files).

Usually these usb drives are formatted with FAT or NTFS, so any permissions
you see on them are being emulated by the filesystem drivers (because those
filesystems don't understand POSIX permissions).  This normally means
you can't change the permissions on only one directory in this filesystem.
Thus, I am wondering if you changed the filesystem on this device to
a POSIX filesystem like ext2?

-- 
---------------------------------------------------------------------------
Jeff Newmiller                        The     .....       .....  Go Live...
DCN:<jdnewmil at dcn.davis.ca.us>        Basics: ##.#.       ##.#.  Live Go...
                                       Live:   OO#.. Dead: OO#..  Playing
Research Engineer (Solar/Batteries            O.O#.       #.O#.  with
/Software/Embedded Controllers)               .OO#.       .OO#.  rocks...1k
---------------------------------------------------------------------------

More information about the vox-tech mailing list