0

I accidentally own /etc/ on user Ubuntu in aws ec2 I owned /etc/ and now this message comes up whenever I used sudo:

sudo: /etc/sudoers is owned by uid 1000, should be 0
sudo: no valid sudoers sources found, quitting
sudo: unable to initialize policy plugin

I have been finding answers here yesterday until now and I haven't found any solution that doesn't require stopping an instance.

(This is not the same as the 'another question' posted, why? because he can still run 'sudo' base on the comments I read, and this is a cloud server )

This is my /etc/sudoers file:

#
# This file MUST be edited with the 'visudo' command as root.
#
# Please consider adding local content in /etc/sudoers.d/ instead of
# directly modifying this file.
#
# See the man page for details on how to write a sudoers file.
#
Defaults        env_reset
Defaults        mail_badpass
Defaults        secure_path="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"

# Host alias specification

# User alias specification

# Cmnd alias specification

# User privilege specification
root    ALL=(ALL:ALL) ALL

# Members of the admin group may gain root privileges
%admin ALL=(ALL) ALL

# Allow members of group sudo to execute any command
%sudo   ALL=(ALL:ALL) ALL

# See sudoers(5) for more information on "#include" directives:

#includedir /etc/sudoers.d

How do I fix this?

Tshilidzi Mudau
  • 4,173
david
  • 101
  • if you don't have password on root account and any sudo session opened left then you're locked. Try to execute root exploit if your OS is vulnerable to some public known CVE. – insider Jan 05 '16 at 08:59
  • @muru I disagree, because the machine and the problem(well has some similarity) have some differences actually. If there is some chance I can undo this without actually stopping an instance can be a solution. – david Jan 05 '16 at 09:00
  • Can you run pkexec, or as insider says, do you have a root session open? If so, there might be a chance. If not, no chance. – muru Jan 05 '16 at 09:05
  • @muru aww, this happened yesterday i lost all root when i close my client machine, but i think i have found a way. Im still doing it... – david Jan 05 '16 at 09:08
  • @insider i can vim and write using '!' to override sudoers file(does this help?) , it gives me hope now. what else can i do? – david Jan 05 '16 at 09:32
  • Not to rain on your parade, but considering you own all of /etc, it's hardly surprising that you can edit files in it. The problem is changing ownerships - which can only be done root. As before, can you run pkexec? – muru Jan 05 '16 at 10:10
  • @muru no, it asked for password. – david Jan 05 '16 at 10:11
  • @david you don't know your password? Ah, of course. /etc/passwd and shadow will also be owned by you - so they will be ignored as well, presumably. – muru Jan 05 '16 at 10:12
  • this is a cloud-server we didnt put passwords on it actually. we just connect securely using ssh. – david Jan 05 '16 at 10:13
  • @muru aw really? anyways I can only write what can i do with this disadvantage? – david Jan 05 '16 at 10:17

3 Answers3

1

You will need to boot a live cd and run

sudo chown root:root -R /media/$USER/*/etc

You will need to open the folder in the file browser to mount the disk

Yo Yo Saty Singh
  • 341
  • 1
  • 5
0

Run: vim /etc/sudoers

You will find a line similar to: 

$ROOT: $ALL

Insert this line after:

$ <your_uid> : $ALL

But you need root permissions to do this.

Tshilidzi Mudau
  • 4,173
Sachin Mokashi
  • 101
  • actually its not the same here it is:

    `# User privilege specification root ALL=(ALL:ALL) ALL

    Members of the admin group may gain root privileges

    %admin ALL=(ALL) ALL

    Allow members of group sudo to execute any command

    %sudo ALL=(ALL:ALL) ALL`

     – david Jan 05 '16 at 09:09
  • i can vim and write using '!' to override , it gives me hope now. what else can i do? – david Jan 05 '16 at 09:10
  • Defaults env_reset Defaults secure_path="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"

    Host alias specification

    User alias specification

    Cmnd alias specification

    User privilege specification

    root ALL=(ALL:ALL) ALL ee209195 ALL=(ALL:ALL) ALL

    Members of the admin group may gain root privileges

    %admin ALL=(ALL) ALL

    Allow members of group sudo to execute any command

    %sudo ALL=(ALL:ALL) ALL

    See sudoers(5) for more information on "#include" directives:

    #includedir /etc/sudoers.d ~

     – Sachin Mokashi Jan 05 '16 at 09:34
  • what do i do with it? – david Jan 05 '16 at 09:39
-1
#
# This file MUST be edited with the 'visudo' command as root.
#
# Please consider adding local content in /etc/sudoers.d/ instead of
# directly modifying this file.
#
# See the man page for details on how to write a sudoers file.
#
Defaults        env_reset
Defaults        secure_path="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"

# Host alias specification

# User alias specification

# Cmnd alias specification

# User privilege specification
root    ALL=(ALL:ALL) ALL
**ee209195 ALL=(ALL:ALL) ALL    # TODO ADD THIS LINE With your uid**

# Members of the admin group may gain root privileges
%admin ALL=(ALL) ALL

# Allow members of group sudo to execute any command
%sudo   ALL=(ALL:ALL) ALL

# See sudoers(5) for more information on "#include" directives:

#includedir /etc/sudoers.d
muru
  • 197,895
  • 55
  • 485
  • 740
Sachin Mokashi
  • 101
  • I tried it , my uid is 1000 but it doesnt work 1000 ALL=(ALL:ALL) ALL

    tried to vim it and :wq! to override write read-only file

     – david Jan 05 '16 at 09:44