How to fix sudo after "chmod -R 777 /usr/bin"?

permissions sudo root chmod

77,835

Solution 1

^{Accepted status notwithstanding, I'm now convinced this answer is wrong. (I hope to improve it soon, after consulting with the OP about the accept.) I think I recall others saying this worked, but I believe their problems were at least slightly different. The method described herein remains valuable for some situations where chmod -R 777 /usr/bin is interrupted with Ctrl+C or otherwise does not complete. But once it does, pkexec is un-setuid'd too and it won't work any better than sudo, as Damien Roche and Oli have rightly commented.}

On an Ubuntu desktop system, PolicyKit is installed, so pkexec can be used to repair a broken sudo executable or sudoers file. You do not need to boot into recovery mode and you do not need to boot from a live CD. You don't even need to reboot.

In this case, run the following commands:

pkexec chown root:root /usr/bin/sudo
pkexec chmod 4755 /usr/bin/sudo

See this question for more information.

Solution 2

Even when running from the live CD / Pendrive, you must prefix your chmod command with sudo. So your steps will be like the following:

boot from a live CD / Pendrive
check whether your disk was already automounted (and where to). If not, mount it (see below)
use sudo chmod 0755 <path> to adjust the permissions

How to figure out where your disk is mounted: from a terminal window, run mount (without arguments). This will list up all mounted devices. Check for the type listed -- you can skip everything not using a "real file system" (your disk probably uses either ext3 or ext4 -- you can for sure skip things like proc, sysfs and the like). If something sounds promising (looking like /dev/sda1 on /media/sda1 type ext3), check its contents using ls /media/sda1 to see if it's that.

If it is not mounted, you can check with the /dev entries where the disk could be (using ls /dev/ |grep '/dev/sd to check for available devices; your disk should look like /dev/sdaX, /dev/sdbX or the like -- with X being a number). Compare this with the list of mounted devices. If it's not there, try to mount it and check its contents (as shown above). To mount it, first create a mountpoint, e.g. sudo mkdir /mnt/mydisk, then try to mount the device using mount /dev/sda1 /mnt/mydisk and check its contents using ls /mnt/mydisk.

Once you get the right disk there, you can go to change the permissions back on your usr dir: sudo chmod 0755 /mnt/mydisk/usr.

Now you still might be in trouble if you originally ran the chmod command recursively, using the -R parameter. In that case you can either try to fix each entry manually -- or you can go straight for a fresh install...

Solution 3

In an attempt to set permissions for my local scripts, I broke the sudo permission and changed ownership, by mistake. I was able to change back the ownership of sudo to root by doing the following:

Step 1: Switch to ubuntu recovery mode. If you are unaware of the process, you can refer an answer here: https://askubuntu.com/a/172346/223901

Step 2: Once in recovery mode, select root - Drop to root shell prompt

Step 3: Do the following commands

mount -o remount,rw /
chown root:root /usr/bin/sudo
chmod 4755 /usr/bin/sudo
reboot

Wait for your system to boot normally and you will see the ownership of sudo back to root.

Solution 4

I think Mat's correct, you must be root to add the bit to /usr/bin, but of course sudo is broken. If you have a root password you can use that to logon as root and then fix the permissions with the above command. If you don't, however, (and I don't either) it would probably be best to:

boot from a Linux live CD
become root there
mount the partition with the above system
then straighten out the permissions on that file system using a terminal.

Root is always user number 0 so root on any system can make changes allowed to root on other file systems.

Solution 5

I don't have much knowledge. But these steps solved my problem even without restarting my machine. Follow these steps:

su root
<enter root password>
cd /usr
chmod -R 755 *

View more solutions

77,835

Author by

Manojkumar

Full stack web developer

Updated on September 18, 2022

Comments

Manojkumar over 1 year

I entered chmod -R 777 /usr/bin and now sudo is not working.

It says sudo must be setuid root.

Some advice online said to run chown root:root /usr/bin/sudo chmod 4755 /usr/bin/sudo.

On entering chown root:root /usr/bin/sudo it shows an opened in readonly mode error.
- Admin over 9 years
  
  Manoj Kumar: Did the pkexec method in my answer (which you've marked as accepted) solve this problem for you? I've become convinced that, as Damien Roche and Oli have commented, this method does not actually work after a sudo chmod -R 777 /usr/bin command has successfully completed. Like sudo, pkexec has to be setuid root to work. (I'm not sure why, as it uses the polkit service, but it does.) However, I think I've heard other people say this has worked for them, which is curious! Had you pressed Ctrl+C before the 777 chmod command finished?
- Admin about 7 years
  
  Hello. This method actually has worked for me after I accidentally successfully ran sudo chmod -R 777 /usr/bin, but only after logging into the root account.
vin almost 12 years

I tried to create mount point, but I got an error which read mount point mnt/mydisk does not exists is mydisk to be replaced with some thing and just for the record i wrote mount /dev/sda /mnt/mydisk from root@Ubuntu:/dev#
David Tod almost 12 years

You did a) create that mount point (directory) before issuing the mount command (as described) and b) took care for the leading slash as well? Try mkdir -p /mnt/mydisk && mount /dev/sda1 /mnt/mydisk (I don't think you have no partitions on /dev/sda, so you must have missed the partition number as well. Make sure you specify the correct device (or mount will fail).
Damien Roche over 10 years

pkexec must be setuid root! What a nightmare!
Oli almost 10 years

As Damien points out, the problem with this approach is pkexec is in exactly the same predicament as sudo. It's normally setuid and lives in /usr/bin. I've tested it and this just doesn't work after chmod -R 777 /usr/bin.
Eliah Kagan over 9 years

@DamienRoche, Oli: I'm sorry for not fixing this way sooner! You're both right. I'm unsure why pkexec has to be setuid root to work (doesn't it work through the polkit daemon like other non-setuid processes?), but it does need that. I've commented on the question to see if the OP (who accepted this) can shed light on what, if anything, is right or helpful about this answer. And I've added a temporary banner to the top of this post so I don't further mislead. If this answer continues to exist, its improved form will probably incorporate some info currently in that banner.
Rinzwind about 9 years

You are missing at least a "cd" command. If you do it like this you are doing the "chmod" on the home dir for root. That will make things worse.
Manu Mohan Thekkedath about 9 years

thaks... edited my answer... i was in /usr folder
David Foerster over 8 years

This only works, if a password is set for root, which is not the default configuration of Ubuntu.
FliiFe almost 7 years

You could just use su, which is located under /bin
Eliah Kagan almost 7 years

@FliiFe Fixing the permissions (or ownership) of files in /usr/bin requires root privileges, but you cannot su to root on most Ubuntu systems because root logins are disabled by default. Unlike sudo and pkexec, when you use su to get a root shell or to run a command as root, you have to provide root's password, not your own. But root has no password by default in Ubuntu (which is to say that password-based authentication for root will always fail, not that entering a blank password would work). See RootSudo for details.
FliiFe almost 7 years

@EliahKagan Ah, yeah. Didn't really think about this. I had this issue on a debian server (which you have to set up using root account).