Stack Exchange Network
Stack Exchange network consists of 183 Q&A communities including
Stack Overflow
, the largest, most trusted online community for developers to learn, share their knowledge, and build their careers.
Visit Stack Exchange
Unix & Linux Stack Exchange is a question and answer site for users of Linux, FreeBSD and other Un*x-like operating systems. It only takes a minute to sign up.
Sign up to join this community
Teams
Q&A for work
Connect and share knowledge within a single location that is structured and easy to search.
Learn more about Teams
I am using Linux CentOS but suddenly I couldn't run sudo command. I got below errors. Even with root user it got the same error.
$ sudo ls
sudo: unable to stat /etc/sudoers: Permission denied
sudo: no valid sudoers sources found, quitting
sudo: unable to initialize policy plugin
Below is the permission on this file:
ls -l /etc/sudoers
-rwxr-xr-x 1 root root 4241 Jun 9 20:36 /etc/sudoers
# which sudo
/usr/bin/sudo
# ls -l /usr/bin/sudo
--ws-wx-wx. 1 root root 130712 Jun 10 2014 /usr/bin/sudo
What wrong with the system? How can I fix it?
EDIT1
Please see below command output:
# ls -Z /etc/sudoers
-r--r----- root root ? /etc/sudoers
I have run chmod 440 on this file but it seems the permission is broken.
EDIT2
I run below command to set the /etc/sudoers permission but it still not correct:
root@Cool-Too ~]# chmod 440 /etc/sudoers
[root@Cool-Too ~]# ll /etc/sudoers
-r--r----- 1 root root 4241 Aug 14 22:16 /etc/sudoers
[root@Cool-Too ~]# ll -Z /etc/sudoers
-r--r----- root root ? /etc/sudoers
–
–
–
-r--r----- 1 root root 4188 Mar 31 11:30 /etc/sudoers
---s--x--x 1 root root 130720 Mar 31 13:09 /usr/bin/sudo
To fix this, as root
chmod 4111 /usr/bin/sudo
chmod 440 /etc/sudoers
If you see a + sign in the ls -l output then it means there are also ACLs set; these should be removed
setfacl -b /usr/bin/sudo /etc/sudoers
(you don't seem to have this problem; I include it for completeness)
Since your permissions were broken, it's possible the SELinux labels were also broken. You should verify the SELinux labels are correct with ls -Z:
-r--r-----. root root system_u:object_r:etc_t:s0 /etc/sudoers
---s--x--x. root root system_u:object_r:sudo_exec_t:s0 /usr/bin/sudo
These should be fixable with restorecon
restorecon -v /usr/bin/sudo /etc/sudoers
Finally you may have a totally problem install (eg PAM config, /etc/sudo.conf). You can check to see what files have been modified:
rpm --verify sudo
If this throws up any files that look off then you might want to delete them and then reinstall sudo.
rm /etc/sudo.conf /etc/pam.d/sudo*
yum reinstall sudo
(This does require a working yum setup so don't do this if your repo's don't work!)
–
–
If sudo doesn't work, you can become a root user with su -
Later be root, you can re-install sudo using these commands below:
yum remove sudo
yum install sudo
You need to add yourself to /etc/sudoers file, enter:
visudo
Grant vivek user full permission via sudo:
vivek ALL=(ALL) ALL
Save and close the file.
Later do that, you have sudo and you can become a root user using:
sudo -i
If it doesn't work, use
sudo -s
–
