[sudo-users] repairing corrupted sudoers
Mahmood Naderan
nt_mahmood at yahoo.com
Fri Jan 14 11:38:01 EST 2011
Actually when this file is corrupted for any reason, no one can run previledged
commands. Also the roor login is disabled by default.
>If you use visudo to edit /etc/sudoers you won't have these types
>of problems.
How without sudo, one can use visudo?mahmood at localhost:~$ visudo
visudo: /etc/sudoers: Permission denied
visudo: /etc/sudoers: Permission denied
>If you can login as root via ssh or su to root via a normal user
>you can fix the permissions, either directly via "chmod 0440
>/etc/sudoers" or by running visudo.
mahmood at localhost:~$ sudo su
sudo: /etc/sudoers is mode 0640, should be 0440
sudo: no valid sudoers sources found, quitting
mahmood at localhost:~$ sudo -s
sudo: /etc/sudoers is mode 0640, should be 0440
sudo: no valid sudoers sources found, quitting
mahmood at localhost:~$ su
Password:
su: Authentication failure
The last one shows that the root login is disabled. Before this problem "sudo
su" worked well.
>Aside from suggesting using ldap...
>I would suggest implementing puppet and enforcing the permissions / content that
>way.
I am not familiar with those, especially I have never heard about puppet. Can
you explain more about how they can be used to solve my problem?
// Naderan *Mahmood;
________________________________
From: Todd C. Miller <Todd.Miller at courtesan.com>
To: Mahmood Naderan <nt_mahmood at yahoo.com>
Cc: sudo-users at sudo.ws
Sent: Fri, January 14, 2011 7:19:37 PM
Subject: Re: [sudo-users] repairing corrupted sudoers
On Fri, 14 Jan 2011 03:31:13 PST, Mahmood Naderan wrote:
> Is there any way to fix the corrupted sudoers file without livecd.
> For servers which we work remotely, there should be a way to remotely
> fix that. Currently for every sudo command, I get:
>
> sudo: /etc/sudoers is mode 0640, should be 0440
> sudo: no valid sudoers sources found, quitting
If you use visudo to edit /etc/sudoers you won't have these types
of problems.
If you can login as root via ssh or su to root via a normal user
you can fix the permissions, either directly via "chmod 0440
/etc/sudoers" or by running visudo.
- todd
More information about the sudo-users
mailing list