Unable to run sudo command on linux
Solution 1
Your permissions are very off, indeed.
They should be similar to:
-r--r----- 1 root root 4188 Mar 31 11:30 /etc/sudoers
---s--x--x 1 root root 130720 Mar 31 13:09 /usr/bin/sudo
To fix this, as root
chmod 4111 /usr/bin/sudo
chmod 440 /etc/sudoers
If you see a +
sign in the ls -l
output then it means there are also ACLs set; these should be removed
setfacl -b /usr/bin/sudo /etc/sudoers
(you don't seem to have this problem; I include it for completeness)
Since your permissions were broken, it's possible the SELinux labels were also broken. You should verify the SELinux labels are correct with ls -Z
:
-r--r-----. root root system_u:object_r:etc_t:s0 /etc/sudoers
---s--x--x. root root system_u:object_r:sudo_exec_t:s0 /usr/bin/sudo
These should be fixable with restorecon
restorecon -v /usr/bin/sudo /etc/sudoers
Finally you may have a totally problem install (eg PAM config, /etc/sudo.conf
). You can check to see what files have been modified:
rpm --verify sudo
If this throws up any files that look off then you might want to delete them and then reinstall sudo.
eg
rm /etc/sudo.conf /etc/pam.d/sudo*
yum reinstall sudo
(This does require a working yum
setup so don't do this if your repo's don't work!)
Solution 2
If sudo
doesn't work, you can become a root user with su -
Later be root, you can re-install sudo using these commands below:
yum remove sudo
yum install sudo
You need to add yourself to /etc/sudoers file, enter:
visudo
Grant vivek user full permission via sudo:
vivek ALL=(ALL) ALL
Save and close the file. Later do that, you have sudo and you can become a root user using:
sudo -i
If it doesn't work, use
sudo -s
Related videos on Youtube
Joey Yi Zhao
Updated on September 18, 2022Comments
-
Joey Yi Zhao almost 2 years
I am using Linux CentOS but suddenly I couldn't run sudo command. I got below errors. Even with root user it got the same error.
$ sudo ls sudo: unable to stat /etc/sudoers: Permission denied sudo: no valid sudoers sources found, quitting sudo: unable to initialize policy plugin
Below is the permission on this file:
ls -l /etc/sudoers -rwxr-xr-x 1 root root 4241 Jun 9 20:36 /etc/sudoers # which sudo /usr/bin/sudo # ls -l /usr/bin/sudo --ws-wx-wx. 1 root root 130712 Jun 10 2014 /usr/bin/sudo
What wrong with the system? How can I fix it?
EDIT1
Please see below command output:
# ls -Z /etc/sudoers -r--r----- root root ? /etc/sudoers
I have run chmod 440 on this file but it seems the permission is broken.
EDIT2
I run below command to set the /etc/sudoers permission but it still not correct:
root@Cool-Too ~]# chmod 440 /etc/sudoers [root@Cool-Too ~]# ll /etc/sudoers -r--r----- 1 root root 4241 Aug 14 22:16 /etc/sudoers [root@Cool-Too ~]# ll -Z /etc/sudoers -r--r----- root root ? /etc/sudoers
-
user4556274 almost 8 yearsOn CentOS, there are probably corrupted SELinux permissions. Try
restorecon /etc/sudoers
(as root). -
FelixJN almost 8 yearsPermissions are odd, they usually should be
440
for/etc/sudoers
(i.e.-r--r----- root root
). Usechmod 440 /etc/sudoers
(as root) - if the problem persists usevisudo
and check if there are syntax errors in your sudoers file. -
Gilles 'SO- stop being evil' almost 8 yearsThose permissions are really strange. Beware, even if you fix sudo, there may be other things that are broken. This doesn't happen on its own… Did you run strange commands recently?
-
-
Joey Yi Zhao almost 8 yearsI have tried these command but they don't work. I have updated my post for the output of ls -Z command.
-
Joey Yi Zhao almost 8 yearsI become root and reinstalled sudo but it still not work. The output of sudo -i and sudo -s are the same as the error I showed on my post.
-
Chad almost 8 yearsOK, anyway, you can be root user with su?
-
Joey Yi Zhao almost 8 yearsYes I can be root with su but other user can't run sudo command.
-
Joey Yi Zhao almost 8 yearsrpm --verify sudo return 'S.5....T. c /etc/sudoers'. Is this correct?
-
Stephen Harris almost 8 yearsThat seems fine. As long as
visudo -c
responds OK. -
Joey Yi Zhao almost 8 yearswhat else could be the problem?
-
Joey Yi Zhao almost 8 yearsI have checked that visudo -c response ok