12

I am one of a few people managing a gaming server. The Server is currently running Ubuntu 14.04, which was installed just 3 weeks ago.

Everything was running fine until a few days ago, we've had a few issues. I suspect someone hacked into our SSH server and managed to seriously mess something up.

When I try to execute the command sudo I get the following error:

sudo: unable to stat /etc/sudoers: No such file or directory

So first thought is the file got deleted and just needs to be recreated, however ls /etc/ shows that the sudoers file already exists. Furthermore, when edited with nano (my preferred editor) It becomes apparent that the file is completely in tact and formatted correctly.

ls -l also shows that the sudoers file has the permissions -r--r---- for user root and group root, which from research should be completely sufficient for sudo to be able to read the file, to make sure temporarily I gave the file -rwxrwx--- for root root (were using tmux for session control and we already had a session up as root), still failed.

So the file exists, the content inside of it is correct, it has the proper permissions. What else could it be. I looked a bit at people who have had similar problems here on askubuntu.com, one solution I found that sounded hopeful, was to back up the sudoers file, then use: apt-get purge sudo apt-get install sudo

And then replace the new sudo file with the old one. This did not work unfortunately. To rule out farther that the sudoers file didn't have errors, I tried the solution again, and tried executing just sudo with the newly created sudoers file, and got the same error.

-------- EDIT --------

For anyone interested in what the supposed non-existant sudoers file contains, here is a filtered version (usernames filtered) by request: http://paste.ubuntu.com/7781967/

D3_JMultiply
  • 311
  • 1
  • 2
  • 8
  • 1
    Using http://paste.ubuntu.com could you post the contents of the sudoers file (you may want to remove user-names for added security - if your sever did get hacked CHANGE THE PASSWORDS) – Wilf Jul 11 '14 at 20:34
  • Passwords have already been changed. That is not part of the question.

    Post has been updated with paste.ubuntu.com link.

     – D3_JMultiply Jul 11 '14 at 20:43
  • 1
    According to sudoers man page The pound sign (’#’) is used to indicate a comment (unless it is part of a #include directive or unless it occurs in the context of a user name and is followed by one or more digits, in which case it is treated as a uid). In your sudoers file there is a missing # in the includedir directive. Try to add # and let's see if sudo command works. – Lety Jul 12 '14 at 21:51
  • Nope. That did not fix the issue. Like I said in the OP, I renamed the sudoers file and re-installed sudo, which created a freshly installed version of the sudoers file. And that file didn't work either. I know the issue isn't the content of the file itself. Thanks anyways :) – D3_JMultiply Jul 13 '14 at 00:53

1 Answers1

9

Ok. I have fixed my issue. And like I thought, it was not the file.

Solution

I had up until 10 minutes ago, only noticed that sudo wasn't working. As most of my work takes place in tmux, I never noticed my user account.

Upon first logging in I would get the following error:

-bash: /etc/profile Permission denied

And it would set me to: I have no name@<ipaddress> as my account.

So I did some research on this issue and found more results then the other issue. Including one result that was a perfect match for my situation, as found here.

The issue was that my /etc/ folder was missing the execute permission on the group. So executing: chmod g+x /etc fixed the issue after logging out and back in.

Thanks

Thanks for the help in the comments, the suggestions you gave were still valuable and helped narrow down the problem more. In the end it was far simpler then it seemed.

Community
  • 1
D3_JMultiply
  • 311
  • 1
  • 2
  • 8