/usr/bin/sudo must be owned by uid 0 and have the setuid bit set
Solution 1
Back up your data and reinstall.
This probably looks extreme but this isn't just sudo
. You destroyed the permission structure of your entire filesystem. Some of the other answers can get sudo
working, but ignoring the whole problem is inviting a later disaster.
You could try to mirror the owners off another install but there are cases (/var/
for example) that are highly dependant on what you've actually got installed. If you want to get a scale of the problem, I've actually had a crack at helping somebody fix this sort of issue before. The fix is manual, long and could easily leave your system insecure or broken.
Picking through that mess is going to take considerably longer than a clean install.
This has had a couple of drive-bys from folks that don't understand the seriousness of the situation here. To them it looks like a big pile of unnecessary work, the sort of thing a rogue plumber or mechanic says to shake you down for a bigger job.
If you've only changed the permissions on /usr/bin/sudo
, by all means, just fix that. But this question is about a total system change. Every file (save the runtime-only ones) are now owned by the user. Everything the user runs (eg browsers, browser exploits) could then overwrite system files, spy on you, extract any data. This needs to be corrected. Per above, this is difficult. The easiest way is a reinstall.
So please, don't be lazy about this. Filesystem permissions help keep you safe, fix them.
Solution 2
As you'll read on this answer on SO, this problem is not as hard as people are making it. You can get the sudo
command working again without a reinstall by following these simple steps:
- Log out as the current user, then log back in as root.
- Execute
chown root:root /usr/bin/sudo && chmod 4755 /usr/bin/sudo
- Log out as root, then log back in as the current user.
This does the trick and is much quicker and less painful than the "nuclear option" recommended in other answers.
If your root password is not set, you can boot in Recovery Mode to set it.
Note that this will resolve the titular error /usr/bin/sudo must be owned by uid 0 and have the setuid bit set
but if like the OP you did more than mess up the permissions of the /usr/bin/sudo
file, a more "nuclear" option may in fact make more sense.
Solution 3
-
go to recovery mode by keep pressing Esc while booting the system.
-
select root option in long list you can see after entering into recovery mode (it is actually root shell)
-
type command -
mount -o remount /
(Or in recovery you can click on grub option. This helped me get read-write permissions on the file system. This basically updated the read/write mode on the file system since the command wasn't working for me initially)It will remount your file system in read and write mode.
-
command -
chown -R root:root /usr
this command will change ownership from "user" to root again recursively -
now still i had problem with
sudo
command, so I again followed step 1,2,3 and executedchmod 4755 /usr/bin/sudo
Now I really think that re-installing would have been really a "nuclear option"
Solution 4
Had the same issue on my droplet on digital ocean.
sudo: /usr/bin/sudo
must be owned by uid 0
and have the setuid
bit set.
Below are command that ive execute and reboot after.
chown -R root:root /usr/bin/sudo
chmod -R a=rx,u+ws /usr/bin/sudo
chown -R root:root /usr/lib/sudo/sudoer.so
chmod -R a=rx,u+ws /usr/lib/sudo/sudoer.so
Hope it helps.
Solution 5
The above methods didn't work for me, because I couldn't "log back in as root" (unknown password) But I got a root shell by editing
vi /etc/lightdm/lightdm.conf
autologin-user=root
greeter-show-manual-login=true
After rebooting I was finally able to run
chown root:root /usr/bin/sudo && chmod 4755 /usr/bin/sudo
Related videos on Youtube
![Pandya](https://i.stack.imgur.com/XpD4D.jpg?s=256&g=1)
Pandya
Started using Linux and StackExchange since Ubuntu 12.04 LTS. Then Upgraded to 14.04 LTS. Now I am using Debian GNU/Linux on my Laptop and PureOS on old Desktop computer. I recommend visiting the Philosophy of GNU Project As I've replaced Ubuntu with Debian GNU/Linux, Now my question(s) are became off-topic on AskUbuntu. So, I continue to Unix & Linux. The second reason for my shifting to U & L is I found U & L more interesting than AU since AU is only Ubuntu specific whereas U & L is a broad concept and in my opinion U & L deserves generic questions. (I know why SE has AU & U & L both).
Updated on September 18, 2022Comments
-
Pandya almost 2 years
I have run following command accidentally
sudo chown [username] -hR /
Now
sudo su
getting error:sudo: /usr/bin/sudo must be owned by uid 0 and have the setuid bit set
How to Solve This?
-
Pandya over 9 yearsNote: When I had this issue, I had reinstalled the OS (Because at that time on-other answers exist and I can't wait more). So, Now new answers will be no longer supported from my side!
-
stryder9k almost 7 yearsThanks to the tiny Warning posted under Option 1 here which I gladly ignored and ended up here!
-
Rupsingh almost 5 yearsUse medium.com/@KongToonArmy/… by KongToonArmy KongToonArmy
-
j D3V over 2 yearsI wanted to answer this, its closed now, and IDK why. Its the oldest post I can find pertaining to this specific error message. Its important to note, that sometimes you can get this error message by adding 2 or more administrators to a single system. Another thing that can happen is that you could have change the permission of your binaries. In both of these situations, you could recieve this error message. Its important to note, that this error message comes the fundamental fsys, and not from distro specific software. From my understanding, this error is basically saying that
-
j D3V over 2 yearsthe sudo command is basically saying that sudo isn't owned by root anymore, which isn't the same as saying you are not the root user. In other words, many people that have answered this question misinterpret what it means. Every time I have encountered this issue its been realitivley easy to fix. Recently I changed an account name, but didn't want to delete my old account, so I just switched permissions for admin from the old account to the new account. I got really confused becuase I was getting this error, but quickly found out, its because I some how set both accounts as admin.
-
j D3V over 2 yearsI just changed permissions for the other account, restarted the computer and everything worked.
-
-
George over 9 yearsIf you do not have a root user, restart and press Esc to enter the grub menu. There select Advanced options for Ubuntu and select recovery mode. Then select root and you can find yourself in the root shell. If you get an error that the filesystem is in read only mode, do: mount -o remount,rw /
-
psusi over 9 yearsSure, that will fix
sudo
, but it isn't going to fix the dozens of other things that were broken. -
Oli almost 9 yearsThe "log in as root" originally said was actually "Reboot into recovery mode and pick the root shell". But as other comments have said, this only rescues the
sudo
. There are dozens and dozens of files that need the correct security which you have to manually fix. A reinstall is both quicker and more likely to fix everything. -
Aurelijus Rozenas almost 8 yearsHad same problem in my lxc container, additionally had to do this:
chown root:root /usr/lib/sudo/sudoers.so && chmod 4755 /usr/lib/sudo/sudoers.so;
chown root:root /etc/sudoers;
chown root:root /etc/sudoers;
-
Brian Thomas almost 8 yearsusing
su root
instead ofsudo su
, followed by the root password can save you some headache, if your ssh, or instead of going to grub. -
Roman Bekkiev almost 8 yearsin addition to what @infro said I also needed
chown
for/etc/sudoers.d
,/etc/sudoers.d/README
and/var/lib/sudo
-
Zanna almost 8 yearsYou don't need
-R
here. How did you manage to get permission tochown
andchmod
the files? -
Zanna over 7 yearsexcept Ubuntu has disabled root access by default so you can't
su root
-
Tisch about 7 yearsThis should not be the accepted answer. Boot into recovery mode and run the commands in the following answer: askubuntu.com/a/471503/311767
-
Oli about 7 years@Tisch That answer fixes
sudo
. The question assumes the entire system is owned by$USER
. Just repairingsudo
leaves the rest of the system in a very vulnerable state. A reinstall is justified unless you want to spend hours trawling a working system to compare who system files should be owned by. -
Mr world wide almost 7 yearsstill not solved my problem:
sudo chown root:root /usr/bin/sudo && chmod 4755 /usr/bin/sudo sudo: /usr/bin/sudo must be owned by uid 0 and have the setuid bit set
-
nodws over 6 yearsBet this guy owns a PC "repair" shop in a mall
-
Noerr Programs IT over 6 years"doctor, my toe is hurting.. what can I do??" "Oh my dear patient, I'm afraid you will have to chop away your leg". How can this be the accepted answer?
-
Oli over 6 years@oidualc Because it's the right answer. I'd already covered this in a previous comment and I've just added an edit. Filesystem permissions are a serious security feature. Don't be lazy about fixing this. To finish your analogy, your toe has gangrene and it's given you septicemia. You cannot see that in your delirious state, but trust me, I'm a doctor.
-
deepelement over 6 yearsThis answer is bogus. "su" then "chown root:root /usr/bin/sudo"
-
Noerr Programs IT over 6 years@Oli I see your point and I strongly disagree. The question is "Now sudo su is getting an error. How do I solve this?". The fix is the answer right below, the workaround is this very answer and the workaround has a huuuuuge side effect.
-
Noerr Programs IT over 6 yearsI was about to reinstall the whole system on my office laptop, you sir are my hero and saved me hours of work. Besides, I just learned something new
-
Oli over 6 years@oidualc You're welcome to disagree but it doesn't mean you're not still confusing a single symptom with a systemic problem.
-
Israel Morales over 6 yearsI fixed the permissions following your instructions and everything was ok, and then I checked the security of my install with github.com/CISOfy/lynis what else do I need to do? just to be sure that my system has no need to be re-formated
-
wjandrea about 6 years@Zanna Digital Ocean images have root login enabled by default.
-
Deepak Mahakale almost 6 years1.
su
2.chown root:root /usr/bin/sudo && chmod 4755 /usr/bin/sudo
3.exit
-
qwr almost 6 yearsAs much as I hate to say it, this will save time in the long run. In general one should be extremely careful with
chown
andchmod
for system directories. -
mdo123 over 5 years@Hridaynath you're missing the / in usr/bin/sudo on #5 in your answer
-
Peter Drinnan about 5 yearsI ran into this issue when I accidentally installed composer with sudo. The installer changed ownership of the entire /usr/local/bin/$USER folder. The fix was NOT to drop a thermal nuclear warhead on the machine, but rather just run chown root:root /usr/local/bin/sudo && chmod 4755 /usr/local/bin/sudo
-
Oli about 5 years@PeterDrinnan The answer involving nuclear ordinance assumes a global chowning. Your case sounds much more discrete. That said, why on earth do you have a
sudo
binary in/usr/local/bin/
? That seems very dodgy to me. -
Lon Kaut about 5 yearsI have a strong feeling @Oli is right about this. Assuming you didn't just accidentally screw up permissions of the sudo binary, Chances are, you probably did something stupid like me. While in /root/, tried to RECURSIVELY set permissions for every hidden directory in that directory that was moved over from a non-root user.
sudo chmod -R root:root .*
Who knew that..
was included in that list. Yikes! -
THE JOATMON over 3 yearsIs it possible this is a product of being on a VPS?
-
Jacolack almost 3 yearsHelpful tip: if you are using WSL, check out this tutorial to log in and out of root: tenforums.com/tutorials/…
-
Jay Killeen over 2 yearsAlso helpful tip for WSL. askubuntu.com/questions/931940/…
wsl -u root
will login to wsl as root -
Admin about 2 yearsEven if the user got permission for all directories: What problem will it create, if we just give the ownership for all directories back to root?