2

I have been looking around on how to solve the issue of changing the permissions on the directory where the sudoers file is located (in my case /etc/).

This question points to the same problem, however the solution isn't feasible because you still need sudo priviliges which are not accessible.

However, if there were a way to access the session with root privileges, could I run chmod -R ugo+r /etc/ and get things back to normal? How can I login from a SSH (I'm using PuTTY), and get this back to normal?

I cannot currently reboot in safe mode, since it is a cloud server from a client and its out of my reach. It's an Ubuntu 16.04 LTS machine, and I could try to ask for the root credentials, although I have been reading that there are none (so I have no clue how to do 'login' as root...)

EDIT: Now I can't even connect with PuTTY... Please help!

EDIT2: after following the advice provided, here is the pkexec authentication error after typing the correct password

soporteit@redacted:~$ pkexec chmod 555 /etc/sudoers
==== AUTHENTICATING FOR org.freedesktop.policykit.exec ===
Authentication is needed to run `/bin/chmod' as the super user
Authenticating as: Soporte IT,,, (soporteit)
Password:
polkit-agent-helper-1: error response to PolicyKit daemon: GDBus.Error:org.freedesktop.PolicyKit1.Error.Failed: No session for cookie
==== AUTHENTICATION FAILED ===
Error executing command as another user: Not authorized

This incident has been reported.
soporteit@redacted:~$

EDIT2: so far it has been impossible to do this action from the shell. The machine keeps blocking our actions, and after the previous authentication error, it blocks our IP. Going to try to reboot the virtual machine using this tutorial and enter root mode to modify the file permissions

Miguel M.
  • 139
  • Sorry, this comment is not really helpful, but if you have cared to set up a password for root, then use it. If not: I'm very curious for answers that are not short of: transplant the disk to another box and change the settings. – Gyro Gearloose Jan 18 '18 at 19:37
  • I am trying to figure that out as well. But now PuTTY keeps giving me fatal connection errors! I have no clue why this is happening – Miguel M. Jan 18 '18 at 19:40
  • Can you ping the box? – Gyro Gearloose Jan 18 '18 at 19:49
  • 1
    Why does the solution in the linked question not work for you? It requires pkexec, not sudo. pkexec in the default ubuntu configuration requires the user to be a member of the sudo group, but not that there be a valid sudoers. – user4556274 Jan 18 '18 at 19:54
  • @GyroGearloose yes I can ping the box from cmd, but PuTTY cannot establish a connection to port 22... – Miguel M. Jan 19 '18 at 08:41
  • @user4556274 it does work, but then its asked me for credentials, I typed in the password (made sure about caps etc) and it denied authentication – Miguel M. Jan 19 '18 at 08:42
  • @user4556274 I have edited the question to show a screenshot of what happens when i run pkexec – Miguel M. Jan 19 '18 at 10:03

2 Answers2

1

With this 2 commands:

pkexec chmod 555 /etc/sudoers 
pkexec chmod 555 /etc/sudoers.d/README

Y need to recheck my Terminal history to confirm, because I have same problem past week.

OK, checked I do also:

pkexec chown root:root /usr/bin/sudo && chmod 4755 /usr/bin/sudo
manuti
  • 46
  • I have attached pictures of how it fails to do this operation – Miguel M. Jan 19 '18 at 10:02
  • Now, I see the snapshot. This works for me, but without root user you must be able at least to use pkexec or su root About the PuTTY lock, maybe the errors blacklisted your IP, try to access from a different Internet access and different computer. – manuti Jan 19 '18 at 10:36
  • I will try this asap. In the meantime, is there any way to restart the Ubuntu server in secure mode from the ssh? I have read that from this mode you can access with root privileges – Miguel M. Jan 19 '18 at 14:05
  • I don't know if you can enter secure mode without physical access to the computer. – manuti Jan 20 '18 at 16:56
1

OP answering. So I got as far as rebooting in safe mode the Ubuntu Virtual Machine (the System Admin had to).

From there, we executed mount -o ro,remount /

Got to this from this question and changing the -o rw part to -o ro

Miguel M.
  • 139