/usr/bin/sudo must be owned by uid 0 and have the setuid bit set

sudo root chown

460,087

Solution 1

Back up your data and reinstall.

This probably looks extreme but this isn't just sudo. You destroyed the permission structure of your entire filesystem. Some of the other answers can get sudo working, but ignoring the whole problem is inviting a later disaster.

You could try to mirror the owners off another install but there are cases (/var/ for example) that are highly dependant on what you've actually got installed. If you want to get a scale of the problem, I've actually had a crack at helping somebody fix this sort of issue before. The fix is manual, long and could easily leave your system insecure or broken.

Picking through that mess is going to take considerably longer than a clean install.

This has had a couple of drive-bys from folks that don't understand the seriousness of the situation here. To them it looks like a big pile of unnecessary work, the sort of thing a rogue plumber or mechanic says to shake you down for a bigger job.

If you've only changed the permissions on /usr/bin/sudo, by all means, just fix that. But this question is about a total system change. Every file (save the runtime-only ones) are now owned by the user. Everything the user runs (eg browsers, browser exploits) could then overwrite system files, spy on you, extract any data. This needs to be corrected. Per above, this is difficult. The easiest way is a reinstall.

So please, don't be lazy about this. Filesystem permissions help keep you safe, fix them.

Solution 2

As you'll read on this answer on SO, this problem is not as hard as people are making it. You can get the sudo command working again without a reinstall by following these simple steps:

Log out as the current user, then log back in as root.
Execute chown root:root /usr/bin/sudo && chmod 4755 /usr/bin/sudo
Log out as root, then log back in as the current user.

This does the trick and is much quicker and less painful than the "nuclear option" recommended in other answers.

If your root password is not set, you can boot in Recovery Mode to set it.

Note that this will resolve the titular error /usr/bin/sudo must be owned by uid 0 and have the setuid bit set but if like the OP you did more than mess up the permissions of the /usr/bin/sudo file, a more "nuclear" option may in fact make more sense.

Solution 3

go to recovery mode by keep pressing Esc while booting the system.
select root option in long list you can see after entering into recovery mode (it is actually root shell)
type command - mount -o remount / (Or in recovery you can click on grub option. This helped me get read-write permissions on the file system. This basically updated the read/write mode on the file system since the command wasn't working for me initially)

It will remount your file system in read and write mode.
command - chown -R root:root /usr this command will change ownership from "user" to root again recursively
now still i had problem with sudo command, so I again followed step 1,2,3 and executed chmod 4755 /usr/bin/sudo

Now I really think that re-installing would have been really a "nuclear option"

Solution 4

Had the same issue on my droplet on digital ocean.

sudo: /usr/bin/sudo must be owned by uid 0 and have the setuid bit set. Below are command that ive execute and reboot after.

chown -R root:root /usr/bin/sudo
chmod -R a=rx,u+ws /usr/bin/sudo
chown -R root:root /usr/lib/sudo/sudoer.so
chmod -R a=rx,u+ws /usr/lib/sudo/sudoer.so

Hope it helps.

Solution 5

The above methods didn't work for me, because I couldn't "log back in as root" (unknown password) But I got a root shell by editing

vi /etc/lightdm/lightdm.conf

autologin-user=root
greeter-show-manual-login=true

After rebooting I was finally able to run

chown root:root /usr/bin/sudo && chmod 4755 /usr/bin/sudo

View more solutions

460,087

Pandya

Started using Linux and StackExchange since Ubuntu 12.04 LTS. Then Upgraded to 14.04 LTS. Now I am using Debian GNU/Linux on my Laptop and PureOS on old Desktop computer. I recommend visiting the Philosophy of GNU Project As I've replaced Ubuntu with Debian GNU/Linux, Now my question(s) are became off-topic on AskUbuntu. So, I continue to Unix & Linux. The second reason for my shifting to U & L is I found U & L more interesting than AU since AU is only Ubuntu specific whereas U & L is a broad concept and in my opinion U & L deserves generic questions. (I know why SE has AU & U & L both).

Updated on September 18, 2022

Comments

Pandya almost 2 years
I have run following command accidentally
```
sudo chown [username] -hR /
```
Now sudo su getting error:
```
sudo: /usr/bin/sudo must be owned by uid 0 and have the setuid bit set
```
How to Solve This?
- Pandya over 9 years
  
  Note: When I had this issue, I had reinstalled the OS (Because at that time on-other answers exist and I can't wait more). So, Now new answers will be no longer supported from my side!
- stryder9k almost 7 years
  
  Thanks to the tiny Warning posted under Option 1 here which I gladly ignored and ended up here!
- Rupsingh almost 5 years
  
  Use medium.com/@KongToonArmy/… by KongToonArmy KongToonArmy
- j D3V over 2 years
  
  I wanted to answer this, its closed now, and IDK why. Its the oldest post I can find pertaining to this specific error message. Its important to note, that sometimes you can get this error message by adding 2 or more administrators to a single system. Another thing that can happen is that you could have change the permission of your binaries. In both of these situations, you could recieve this error message. Its important to note, that this error message comes the fundamental fsys, and not from distro specific software. From my understanding, this error is basically saying that
- j D3V over 2 years
  
  the sudo command is basically saying that sudo isn't owned by root anymore, which isn't the same as saying you are not the root user. In other words, many people that have answered this question misinterpret what it means. Every time I have encountered this issue its been realitivley easy to fix. Recently I changed an account name, but didn't want to delete my old account, so I just switched permissions for admin from the old account to the new account. I got really confused becuase I was getting this error, but quickly found out, its because I some how set both accounts as admin.
- j D3V over 2 years
  
  I just changed permissions for the other account, restarted the computer and everything worked.
George over 9 years

If you do not have a root user, restart and press Esc to enter the grub menu. There select Advanced options for Ubuntu and select recovery mode. Then select root and you can find yourself in the root shell. If you get an error that the filesystem is in read only mode, do: mount -o remount,rw /
psusi over 9 years

Sure, that will fix sudo, but it isn't going to fix the dozens of other things that were broken.
Oli almost 9 years

The "log in as root" originally said was actually "Reboot into recovery mode and pick the root shell". But as other comments have said, this only rescues the sudo. There are dozens and dozens of files that need the correct security which you have to manually fix. A reinstall is both quicker and more likely to fix everything.
Aurelijus Rozenas almost 8 years

Had same problem in my lxc container, additionally had to do this: chown root:root /usr/lib/sudo/sudoers.so && chmod 4755 /usr/lib/sudo/sudoers.so; chown root:root /etc/sudoers; chown root:root /etc/sudoers;
Brian Thomas almost 8 years

using su root instead of sudo su, followed by the root password can save you some headache, if your ssh, or instead of going to grub.
Roman Bekkiev almost 8 years

in addition to what @infro said I also needed chown for /etc/sudoers.d, /etc/sudoers.d/README and /var/lib/sudo
Zanna almost 8 years

You don't need -R here. How did you manage to get permission to chown and chmod the files?
Zanna over 7 years

except Ubuntu has disabled root access by default so you can't su root
Tisch about 7 years

This should not be the accepted answer. Boot into recovery mode and run the commands in the following answer: askubuntu.com/a/471503/311767
Oli about 7 years

@Tisch That answer fixes sudo. The question assumes the entire system is owned by $USER. Just repairing sudo leaves the rest of the system in a very vulnerable state. A reinstall is justified unless you want to spend hours trawling a working system to compare who system files should be owned by.
Mr world wide almost 7 years

still not solved my problem: sudo chown root:root /usr/bin/sudo && chmod 4755 /usr/bin/sudo sudo: /usr/bin/sudo must be owned by uid 0 and have the setuid bit set
nodws over 6 years

Bet this guy owns a PC "repair" shop in a mall
Noerr Programs IT over 6 years

"doctor, my toe is hurting.. what can I do??" "Oh my dear patient, I'm afraid you will have to chop away your leg". How can this be the accepted answer?
Oli over 6 years

@oidualc Because it's the right answer. I'd already covered this in a previous comment and I've just added an edit. Filesystem permissions are a serious security feature. Don't be lazy about fixing this. To finish your analogy, your toe has gangrene and it's given you septicemia. You cannot see that in your delirious state, but trust me, I'm a doctor.
deepelement over 6 years

This answer is bogus. "su" then "chown root:root /usr/bin/sudo"
Noerr Programs IT over 6 years

@Oli I see your point and I strongly disagree. The question is "Now sudo su is getting an error. How do I solve this?". The fix is the answer right below, the workaround is this very answer and the workaround has a huuuuuge side effect.
Noerr Programs IT over 6 years

I was about to reinstall the whole system on my office laptop, you sir are my hero and saved me hours of work. Besides, I just learned something new
Oli over 6 years

@oidualc You're welcome to disagree but it doesn't mean you're not still confusing a single symptom with a systemic problem.
Israel Morales over 6 years

I fixed the permissions following your instructions and everything was ok, and then I checked the security of my install with github.com/CISOfy/lynis what else do I need to do? just to be sure that my system has no need to be re-formated
wjandrea about 6 years

@Zanna Digital Ocean images have root login enabled by default.
Deepak Mahakale almost 6 years

1. su 2. chown root:root /usr/bin/sudo && chmod 4755 /usr/bin/sudo 3. exit
qwr almost 6 years

As much as I hate to say it, this will save time in the long run. In general one should be extremely careful with chown and chmod for system directories.
mdo123 over 5 years

@Hridaynath you're missing the / in usr/bin/sudo on #5 in your answer
Peter Drinnan about 5 years

I ran into this issue when I accidentally installed composer with sudo. The installer changed ownership of the entire /usr/local/bin/$USER folder. The fix was NOT to drop a thermal nuclear warhead on the machine, but rather just run chown root:root /usr/local/bin/sudo && chmod 4755 /usr/local/bin/sudo
Oli about 5 years

@PeterDrinnan The answer involving nuclear ordinance assumes a global chowning. Your case sounds much more discrete. That said, why on earth do you have a sudo binary in /usr/local/bin/? That seems very dodgy to me.
Lon Kaut about 5 years

I have a strong feeling @Oli is right about this. Assuming you didn't just accidentally screw up permissions of the sudo binary, Chances are, you probably did something stupid like me. While in /root/, tried to RECURSIVELY set permissions for every hidden directory in that directory that was moved over from a non-root user. sudo chmod -R root:root .* Who knew that .. was included in that list. Yikes!
THE JOATMON over 3 years

Is it possible this is a product of being on a VPS?
Jacolack almost 3 years

Helpful tip: if you are using WSL, check out this tutorial to log in and out of root: tenforums.com/tutorials/…
Jay Killeen over 2 years

Also helpful tip for WSL. askubuntu.com/questions/931940/… wsl -u root will login to wsl as root
Admin about 2 years

Even if the user got permission for all directories: What problem will it create, if we just give the ownership for all directories back to root?