26

I am getting sudo errors, how do I fix this error?

sudo: /etc/sudoers is mode 0777, should be 0440
sudo: no valid sudoers sources found, quitting
Eliah Kagan
  • 117,780
user20698
  • 301
  • As users before have noted, using "chmod 0440 /etc/sudoers" when the sudoers.d/README file has the wrong chmod DOES NOT WORK. – kentfx Jul 15 '12 at 09:25
  • Are you suggesting that when the problem is the permissions on /etc/sudoers.d/README, that the error can still say sudo: /etc/sudoers is mode 0777, should be 0440? – Eliah Kagan Aug 23 '12 at 14:14

6 Answers6

26

First Option

Following this post:

  1. Reboot PC
  2. When the GRUB boot selection screen shows, choose Recovery Mode. (If it doesn't come up, press the Shift key when you see the GRUB loader down the bottom).

  3. A black terminal should come up, at this point you can run this command (you should have root privileges):

    chmod 0440 /etc/sudoers

Alternatively

You will have to put Ubuntu onto a LiveCD, boot into the LiveCD, mount your Ubuntu Partition on the Hard Drive (Open a file browser, like Nautilus, and click your Ubuntu Partition; or click Places->"xxGB Partition/Your Ubuntu Partition").

Then, open a terminal within the LiveCD session and type these two commands:

cd /media/<name of permanent ubuntu partition>/etc
sudo chmod 0440 sudoers

Extra Problems

If there are any errors (as posted below), follow the error prompt and adjust each file accordingly using one of the above two steps:

sudo apt-get update sudo: /etc/sudoers.d/README is mode 0777, should be 0440 sudo: /var/lib/sudo writable by non-owner (040777), should be mode 0700 [sudo] password for

Fix by following through with:

chmod 0440 /etc/sudoers.d/README
chmod 0700 /var/lib/sudo

Both of these commands should be used appropriately with the outlined steps above. They will change the file permissions associated with that file. 0440 will give the owner (root) and the group read permissions and 0700 will give the owner (root), read, write and execute permissions.

Isaiah
  • 59,344
Alex Stevens
  • 1,300
  • I can use the sudo command but limited. sudo apt-get update sudo: /etc/sudoers.d/README is mode 0777, should be 0440 sudo: /var/lib/sudo writable by non-owner (040777), should be mode 0700 [sudo] password for – user20698 Jun 27 '11 at 06:16
  • @Alex: ESC is for GRUB legacy right? Shift should be pressed for GRUB2. – Lekensteyn Jun 27 '11 at 07:03
  • @user20698: you do not need sudo for the first, the second should be done from a Live CD. – Lekensteyn Jun 27 '11 at 07:03
  • If sudoers is 0777 shouldn't user be able to run chmod 0440 /etc/sudoers without sudo as sudoers is writable by everybody? – Seppo Erviälä Jun 27 '11 at 07:46
  • 2
    @Seppo: no, only the owner of a file can change file permissions. – Lekensteyn Jun 27 '11 at 08:29
  • Well, the issue is still here. sudo apt-get update sudo: /etc/sudoers.d/README is mode 0777, should be 0440 sudo: /var/lib/sudo writable by non-owner (040777), should be mode 0700 [sudo] password for – user20698 Jun 27 '11 at 17:17
  • @Lekensteyn Haha, cheers mate, I'm still living in the simple days of Legacy, changed as per your advice :P – Alex Stevens Jun 27 '11 at 23:11
  • @Seppo As Lekensteyn stated, not if you don't own the file. For example: sudo -i touch /home/<user>/test chmod 0777 test logout chmod 0440 test – Alex Stevens Jun 27 '11 at 23:34
  • @user20698 Wow, you really gave a workaround to your sudo base; for each error, you'll have to do the same steps as above, I've added in examples, also, can you post the output of ls -al /etc/sudoers.d/ so we can get an idea of what else you've modified? Cheers – Alex Stevens Jun 27 '11 at 23:41
16

sudo is broken in this situation, but pkexec (the command-line frontend to PolicyKit) still works, so you can fix it with a single command. No rebooting is necessary.

pkexec chmod 0440 /etc/sudoers

This assumes PolicyKit is installed. If this is a desktop system (rather than a server with no GUI), it is.

Eliah Kagan
  • 117,780
4

Boot into recovery mode, choose the root shell, and:

chmod 0440 /etc/sudoers

Or if you don't want to restart you can use this alternative:

pkexec chmod 0440 /etc/sudoers
pkexec chmod 0440 /etc/sudoers.d/README

it will change the permission. Try it it will work.

Atul Makwana
  • 2,298
  • 1
    Why are you chmoding some files to 440 and others to 0440? Shouldn't you use 0440 uniformly? And why are you changing permissions on /etc/sudoers.d/README when you use the pkexec way, but not otherwise? And what about other possible files in /etc/sudoers.d? – Eliah Kagan Aug 23 '12 at 14:12
1

In Ubuntu you can first strike Ctrl+Alt+T which opens the terminal. After that you can copy-paste the command below with Ctrl+C and paste in terminal with Ctrl+Shift+V.

pkexec chmod 0440 /etc/sudoers
Eric Carvalho
  • 54,385
K. Kilian Lindberg
  • 111
  • 3
1

What did you do to get these errors?

  • If you did: sudo chmod -R 777 /etc, you need a Live CD to repair this.

    1. Boot into a Live CD and select "Try it"
    2. Mount your Ubuntu partition (or the partition containing /etc if you've put /etc on a separate partition). This can be done by using a file browser like Nautilus or the Places menu
    3. Open a Terminal by going to Applications => Accessories => Terminal
    4. Determine the folder of you Ubuntu partition, you can list the contents of mounted partitions by using ls -l /media. It's possibly named ubuntu or disk. In the next steps, I'll assume ubuntu.

    5. In the Terminal, set restrictive permissions by default:

      sudo find /media/ubuntu/etc -type f -exec chmod g-wx,o-rwx {} \;
sudo find /media/ubuntu/etc -type d -exec chmod g-w,o-rwx {} \;

    6. Next, use the Live CD as reference point for restoring file permissions. The below command will change the file permissions for /etc/media/ubuntu using the /etc folder on the Live CD as reference point. It'll only change permissions on files (-type f) and directories (-type d) on the same filesystem (-xdev). Any errors are written to ~/errors.log Errors like "file not found" indicates that a file on the system is installed, but not found on the Live CD. The command from step 5 should set the right permissions for it, but for the best results, you'd better reinstall the packages.

      cd /media/ubuntu && sudo find etc -xdev \( -type f -o -type d \) -f -exec chmod --reference=/{} {} \; 2>~/errors.log
    7. Now safe ~/errors.log somewhere (like http://paste.ubuntu.com/) so you can add it as comment to this answer should you've any problems with applications.
Community
  • 1
Lekensteyn
  • 174,277
0

For me, I had to add one more step the the pkexec suggestions, per this, I was lucky that I happened to have 2 ssh sessions going when I made the stupid mistake:

  1. Open 2 terminals
  2. In terminal 2, run echo $$ to get PID
  3. Run pkttyagent --process PID_FROM_STEP2 in terminal 2
  4. In terminal 1, run pkexec chmod 0440 /etc/sudoers
  5. In my case, I also had to run pkexec chown root:root /etc/sudoers
4oo4
  • 141