Sudoers.d Permissions denied
Solution 1
First, based on the instructions it's ALL=(ALL) ALL , so there's one mess up.
Second , instructions say If your system does not already have sudo set up and enabled , which you really should have checked before doing the rest.
Third, just remove that ken file. Your username is added to sudo group automatically during installation (if that's the username you picked during installation of course, and not created manually).
Finally, look at your /etc/sudoers.d permissions:
root@ken-:/etc# ls -l | grep sud
-rw-r----- 1 root root 745 mar 19 12:11 sudoers
drwxr----- 2 root root 4096 mar 19 14:53 sudoers.d
A directory requires execute permissions bit set in order to navigate into it. You cannot navigate into the directory because only the owner( root ) has x set for it (Related post on serverfault demonstrates that well enough). So your navigation to /etc/sudoers.d issue has nothing to do with sudo but with folder permission bits
But if you are still unconvinced heres a demo on a directory, owned by my user, in my home folder.
$ ls -ld testdir
drwxrwxr-x 2 xieerqi xieerqi 4096 Mar 17 16:34 testdir/
$ chmod -x testdir
$ cd testdir
/bin/mksh: cd: /home/xieerqi/testdir: Permission denied
Solution 2
You should have not added anything to /etc/sudoers.d/!
This is simply unnecessary and dangerous (as you see). All admin users (including the default user account that gets created during the installation) are already allowed to use sudo to run commands with root privileges.
Remove the file /etc/sudoers.d/ken again and revert all changes you might have done to /etc/sudoers.d.
You can use pkexec as temporary replacement for sudo to fix the issues while that does not work:
pkexec rm /etc/sudoers.d/ken
Admin users on Ubuntu are defined by their group membership in the sudo (formerly admin) group.
When you add new admin users through the Unity Control Center GUI, it will take care of those group memberships automatically.
When you add a new user from the terminal using sudo adduser USERNAME, it will not be a member of any additional group. In this case, you have to add those two groups manually to make the account an administrator that is allowed to use sudo:
sudo adduser USERNAME sudo
And in the rare case where you really would have to edit /etc/sudoers or a file in /etc/sudoers.d/, never do that manually but **always use sudo visudo to edit it! This command will verify the files and check for errors before applying the changes and prevent leaving you with a ruined sudo command.
Related videos on Youtube
01 : 44
20 : 15
03 : 27
19 : 10
03 : 05
Ken Sandoval
I am very curious and ask lots of questions about anything to anybody just to start a conversation. I am studying at the linux foundation to get certified for linux administration but I just started so I will be asking more questions. I have a Daughter and I love her. a lot. Thanks
Updated on September 18, 2022Comments
-
Ken Sandoval over 1 year
I am running ubuntu 14.04 in DardDrive. I was taking the Steps for Setting up and Running
sudolocated here http://snag.gy/JAGgt.jpg. But every I typesudo "whatever"as user ($), I get the following message:sudo: unable to stat /etc/sudoers.d/README: Permission denied sudo: unable to stat /etc/sudoers.d/ken: Permission denied.so I leveled up as root and did
ls -l | grep sud. See the following:root@ken-:/etc# ls -l | grep sud -rw-r----- 1 root root 745 mar 19 12:11 sudoers drwxr----- 2 root root 4096 mar 19 14:53 sudoers.dBased on the instructions on how to configure
sudo, I should make a directory named same as my username insudoers.ddirectory and in that file I have to just typeALL(ALL)LLon the user name. but, I also did achmod 440on that file, which makes it look like this:root@ken-Inspiron-5558:/etc/sudoers.d# ls -l total 8 -r--r----- 1 root root 22 mar 19 14:53 ken -r--r----- 1 root root 958 mar 19 12:16 READMEAt this point when I level down using
sudo su ken, and want to get into sudoers.d I keep getting the permission denied statement.I am not even able to access sudoers.d as user, see this:
ken@ken-Inspiron-5558:/etc$ cd /etc/sudoers.d/ bash: cd: /etc/sudoers.d/: Permission denied--
QwertyChouskie about 8 yearsWhy are you trying to manually set upsudo?sudois automatically set up on Ubuntu systems in almost all circumstances. -
muru about 8 yearsPlease don't post screenshots of text. Copy the text here. I don't see any reason you should be able to access/etc/sudoers.das a normal user. -
Byte Commander about 8 yearsNormal users may not read or modify the/etc/sudoers*files and directories, this is correct and intended for security reasons. -
Byte Commander about 8 yearsAnd I have no idea for what Linux distribution the guide you describe is intended, but it has definitely nothing to do with Ubuntu! Ubuntu comes with everything already configured and ready to use.
-
Sergiy Kolodyazhnyy about 8 yearsSee my answer guys, his directory navigation issues have nothing to do with sudo
-
-
Byte Commander about 8 yearsYes, you messed up your
sudocommand by adding a wrong configuration file. Usepkexec rm /etc/sudoers.d/ken. -
Ken Sandoval about 8 yearsI did, thanks, but, now, it is weird, because, when I level down to my ken user, and I do $sudo ls, I actually get my list of files, for example, in my home directory, I get the following: ken@ken-Inspiron-5558:~$ sudo ls sudo: unable to stat /etc/sudoers.d/README: Permission denied Photos Videos Music Files Personal. This is like if I was getting denied permissions on a README file but the permissions on the README file are the following: _____________# ls -l /etc/sudoers.d/README -r--r----- 1 root root 958 mar 19 12:16 /etc/sudoers.d/README
-
Byte Commander about 8 yearsDid you modify the content of the readme file? When you open it (as root), is there any line in it that does not start with a
#sign? Did you make any modifications to/etc/sudoers? -
Ken Sandoval about 8 yearsCan you take a look at this: snag.gy/lnJqV.jpg. it is the README file which I had to open as root of course using vim. here are the permissions of this file snag.gy/Zvwm8.jpg Should I change it ?
-
Byte Commander about 8 years@heemayl I disagree with your edit. When I check the group memberships of the default admin user (UID 1000) on all of my machines, none of them is member of an
admingroup. My current group memberships on this machine arebytecommander adm cdrom sudo dip plugdev lpadmin sambashare kvm libvirtd. There doesn't even exist anyadmingroup. Therefore I rolled back your edit. If you want to discuss it, please reply to this comment or in chat. -
heemayl about 8 yearsYou don't get it..checksudo grep admin /etc/sudoers..admingroup is legacy, it was beforesudogroup was introduced..it is just kept for legacy's sake..by default no user is a member of the group (checkgetent group admin), although you can assign one....alsoadmis just for logs permission..no offense but you should do your homework first honestly before reverting back my edit.. -
Byte Commander about 8 years@heemayl Okay, the
admgroup is probably my mistake. But I still have noadmingroups on any machine.sudo adduser bytecommander adminreports back that theadmingroup does not exist. Also it's not in/etc/group. That's at least the case on 15.10. -
Sergiy Kolodyazhnyy about 8 yearsI'm on 14.04, and
adminisn't created ( by default ), but it's part of/etc/sudoersfile, becauseadmingroup as far as I understand from this exists for backward compatability with older systems ( before 12.04 LTS ) whereadmingroup was the superuser type of group.admgroup apparently exists only for being able to read logs. In a nut shell,admisn't related tosudo,adminis in/etc/sudoersfor compatability. Hope that helps ? -
Byte Commander about 8 years@Serg Thanks for the nice explanation and linked reference. Now I understand what heemayl wanted. But as the
admingroups seems abandoned since 12.04 inclusive, it's probably better not to use it. -
Sergiy Kolodyazhnyy about 8 years@ByteCommander Well , it could serve as a workaround, but i really see no reason why OP cannot
suto root and purgesudowith apt-get , then reinstall it (if that can help the situation of course) -
Byte Commander about 8 yearsI don't like your answer, because there's no need to add a user to the
/etc/sudoersfile to allow him to become root usingsudo. That's what thesudogroup (formerlyadmingroup, as I just learned) is for in Ubuntu. Also, one should never edit/etc/sudoersdirectly but always only using the commandvisudoas root (or withsudo), because that only saves the changes if the new file would parse correctly and does not contain syntax errors that would break the entiresudosystem. Also, why useNOPASSWD!? That's a huge security risk! -
Byte Commander about 8 years@Serg Dunno if that works... And I'm not going to try it.
-
Prakash about 8 yearscorrect in the sense that sudoers file should be edit as visudo and not vi only. That is why I have not edited sudoers file itself (check out above again). If you are concern about security risk then you shouldn't use NOPASSWD and limit sudo commands.
-
Byte Commander about 8 yearsSyntax errors in files in
/etc/sudoers.d/also break the entire sudo sytsem, as you can see in the question. All the files there are simply appended to/etc/sudoersand then the whole thing is evaluated at once. -
Byte Commander about 8 yearsCorrect catch that
#includedir /etc/sudoers.dis commented out, but Ubuntu never adds single user names to/etc/sudoersautomatically. The privileges are granted through membership of thesudogroup only by default. -
Sergiy Kolodyazhnyy about 8 years@ByteCommander Thanks, good catch. What I mean is that when you install Ubuntu and create the username , you will be added to
sudogroup automatically. -
Derek Veit over 7 yearsThe pound sign in
#includedirdoes not make it a comment. Seeman sudoers. -
Sergiy Kolodyazhnyy over 7 years@DerekVeit Didn't know that. Thanks. I'll edit my answer in a moment
