3

After running this command - sudo chown -R $(whoami) usr/{lib/node_modules,bin,share} I am not able to run sudo anymore: sudo: /usr/bin/sudo must be owned by uid 0 and have the setuid bit set. How do I fixed that?

I read this thread but I am not sure what advice to follow and if it's applicable to my case.

Community
  • 1
roy
  • 287

1 Answers1

8

Okay, we need to clean up the mess made of your system first. You'll need to boot into recovery mode first, because you need root for this.

  1. Fix /usr/bin
    First off, we need to fix your binaries. Run the below command to repair all binaries and let root re-take ownership:

    chown -R root /usr/bin

  2. Fix setuid binaries
    Now that /usr/bin is fixed, we can focus on all the binaries that lost their setuid status. The setuid flag is a special executable flag that allows for an executable to run as the owning user, as opposed to the calling user. Run the below commands to fix this:

    chmod u+s chfn chsh gpasswd newgrp passwd pkexec sudo

  3. Fix /usr/lib
    Similarly to step 1, we need to reassign everything in /usr/lib to the root user.

    chown -R root /usr/lib

  4. Fix /usr/share
    This one is a much more involved process because things in /usr/share could (possibly) be owned by non-root users. For now, you're going to have to restore all permissions to root, and then fix any problems that come up as they come up. Be sure to watch your log files for any permission errors or the like.

    chown -R root /usr/share

  5. Reboot and Pray
    Running commands like chown and chmod recursively on system folders without knowing exactly what you're doing is very dangerous. While it is occasionally possible to recover from a mess like this, it's not always possible. You (fortunately) only really reverted folders where everything is owned by root, so fixing problems is pretty simple. But, it is important to know that this could have ended with you being forced to reinstall your entire system. You've also dodged a bullet by not overwriting groups -- that could have very easily been catastrophic.

Don't mess around with chown/chmod, and if you're using those commands with sudo, you're probably doing something wrong. Double- and triple-check what you're doing and make sure what you want to do is sane. Also make sure your commands are free of typos.

Also be sure you're not getting into the habit of prefixing everything that doesn't work with sudo -- this is a one-step method to destroying a Linux install because of carelessness.

Community
  • 1
Kaz Wolfe
  • 34,122
  • 21
  • 114
  • 172
  • Works! for anyone else reading this. I don't have 'pxexec' so I had to omit that executable from your second command. Also, here are the instructions I used to get into recovery mode. – roy Jan 23 '17 at 00:00
  • @roy, Hey sorry, that was a typo. Re-run that command with pkexec please, just to be safe. – Kaz Wolfe Jan 23 '17 at 18:40