Ubuntu
update-manager package

/etc/sudoers is mode 0777, should be 0440

Asked by ed

after trying to make it possible to save to x configuration file (chmod to etc with -R and 777) no updates are possible --
the update manager simply does not do anything ...

system:

double core AMD64 athlon

ubuntu:
release 9.10
kernel:2.6.31-23-generic
gnome 2.28.1

wishing to use a program (openhot) that best runs with 10.10 I do want to upgrade.
trying to change from LTS to normal I get this message in the system monitor:

gallery@amd64-2:~$ sudo gedit /etc/update-manager/release-upgrades
sudo: /etc/sudoers is mode 0777, should be 0440
Segmentation fault
gallery@amd64-2:~$

thaks for help/hints

Question information

Language:
English Edit question
Status:
Solved
For:
Ubuntu update-manager Edit question
Assignee:
No assignee Edit question
Solved by:
Manfred Hampl
Solved:
Last query:
Last reply:
Revision history for this message
Manfred Hampl (m-hampl) said : 		#1

Fiddling around with file access rights in the system area (including /etc) is never a good idea, because it might open your system for malicious attacks.

sudo has some inbuilt logic to ensure that no unauthorized person has tampered with its configuration file and does not work if the access rights on /etc/sudoers is different from 0440.

You have several options to go on:
1. restore the system as it was before your 'chmod -R' command (if you have got a backup from that time).
2. reinstall a clean system
3. reset the file protection settings on the /etc/sudoers file. This will make sudo running again, but will not repair the file protections settings on the other files below /etc.

For option 3 do the following:
reboot you system and hold down the shift key that the grub menu shows up
select 'recovery mode'
on the next screen select 'root console'
when the prompt shows up issue the command
chmod 0440 /etc/sudoers
for rebooting issue the command
reboot
This should allow the sudo command to work again. Please note that after that action there will still be lots of files below the /etc directory with wrong protection settings!

Revision history for this message
ed (ed-galeria-wl) said : 		#2

I choosed option 3.
worked well ..

after that I updated

and wishing to protect again I did: chmod -R 0440 /etc

and after that I estarted ....

well I wanted to but the computer says : chroot: connot execute /etc/apparamor/initransfs: permission denied

thanks

Revision history for this message
ed (ed-galeria-wl) said : 		#3

hi
tried to boot the computer with an installation disk (cd with ubuntu iso burned) ... does not work

tried to enter console from cd leads to message "
run init: /sbin/iniyt: I/O error
[275.399993] kernel panic - not synking: atempt to kill init!

Revision history for this message
Best Manfred Hampl (m-hampl) said : 		#4

"chmod -R 0440 /etc" is as wrong as "chmod -R 777 /etc".

Different files below the /etc folder need different protection settings.
e.g. /etc/sudoers needs 440 to correctly work
e.g. /etc/hosts needs read access for everybody for networking to function (as far as I can remember the default is chmod 644).

So there is no simple "one-line" command that repairs the effect of your "chmod -R 777 /etc" command.

Some ideas how you might go further:
1. wipe your system and install a clean system from scratch, or
2. boot into a clean system (either with a live CD or on an other system) and then set the protection settings on your computer to the same values as the other system, or
3. (on your own risk:) leave the file protections as unsecure as they are, having a system that is unsecure, but running.

Revision history for this message
ed (ed-galeria-wl) said : 		#5

Well forgot to comment on this, at the time I had this problem:

I choose to format disk, and do a new clean install ...

Revision history for this message
ed (ed-galeria-wl) said : 		#6

Thanks Manfred Hampl, that solved my question.