[sudo-users] repairing corrupted sudoers

Mahmood Naderan nt_mahmood at yahoo.com
Fri Jan 14 11:38:01 EST 2011


Actually when this file is corrupted for any reason, no one can run previledged 
commands. Also the roor login is disabled by default.

>If you use visudo to edit /etc/sudoers you won't have these types
>of problems.

How without sudo, one can use visudo?mahmood at localhost:~$ visudo
visudo: /etc/sudoers: Permission denied
visudo: /etc/sudoers: Permission denied


>If you can login as root via ssh or su to root via a normal user
>you can fix the permissions, either directly via "chmod 0440
>/etc/sudoers" or by running visudo.

mahmood at localhost:~$ sudo su
sudo: /etc/sudoers is mode 0640, should be 0440
sudo: no valid sudoers sources found, quitting
mahmood at localhost:~$ sudo -s
sudo: /etc/sudoers is mode 0640, should be 0440
sudo: no valid sudoers sources found, quitting
mahmood at localhost:~$ su
Password:
su: Authentication failure

The last one shows that the root login is disabled. Before this problem "sudo 
su" worked well.

>Aside from suggesting using ldap...
>I would suggest implementing puppet and enforcing the permissions / content that 
>way.

I am not familiar with those, especially I have never heard about puppet. Can 
you explain more about how they can be used to solve my problem?

 
// Naderan *Mahmood;




________________________________
From: Todd C. Miller <Todd.Miller at courtesan.com>
To: Mahmood Naderan <nt_mahmood at yahoo.com>
Cc: sudo-users at sudo.ws
Sent: Fri, January 14, 2011 7:19:37 PM
Subject: Re: [sudo-users] repairing corrupted sudoers

On Fri, 14 Jan 2011 03:31:13 PST, Mahmood Naderan wrote:

> Is there any way to fix the corrupted sudoers file without livecd.
> For servers which we work remotely, there should be a way to remotely
> fix that. Currently for every sudo command, I get:
>
> sudo: /etc/sudoers is mode 0640, should be 0440
> sudo: no valid sudoers sources found, quitting

If you use visudo to edit /etc/sudoers you won't have these types
of problems.

If you can login as root via ssh or su to root via a normal user
you can fix the permissions, either directly via "chmod 0440
/etc/sudoers" or by running visudo.

- todd



      


More information about the sudo-users mailing list