LinuxQuestions.org
Did you know LQ has a Linux Hardware Compatibility List?
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices

Reply
 
Search this Thread
Old 11-25-2012, 06:30 AM   #1
awladnas
LQ Newbie
 
Registered: Nov 2012
Posts: 3

Rep: Reputation: Disabled
sudo: effective uid is not 0, is sudo installed setuid root?


I'm new in linux ubuntu 12.04. i was installing jdk7. now when i run any command with sudo like :


sudo chown -R awlad /usr/

<b> sudo: effective uid is not 0, is sudo installed setuid root? </b>
i've googling for this about 2 hours.how can i solve this
more info:
ls -l $(which sudo)
give me:
-rwxr-xr-x 1 awlad root 112888 Jul 16 18:14 /usr/bin/sudo

Last edited by awladnas; 11-25-2012 at 06:46 AM.
 
Old 11-25-2012, 06:55 AM   #2
TobiSGD
Moderator
 
Registered: Dec 2009
Location: Hanover, Germany
Distribution: Main: Gentoo Others: What fits the task
Posts: 15,616
Blog Entries: 2

Rep: Reputation: 4072Reputation: 4072Reputation: 4072Reputation: 4072Reputation: 4072Reputation: 4072Reputation: 4072Reputation: 4072Reputation: 4072Reputation: 4072Reputation: 4072
Quote:
Originally Posted by awladnas View Post
I'm new in linux ubuntu 12.04. i was installing jdk7. now when i run any command with sudo like :


sudo chown -R awlad /usr/

<b> sudo: effective uid is not 0, is sudo installed setuid root? </b>
i've googling for this about 2 hours.how can i solve this
more info:
ls -l $(which sudo)
give me:
-rwxr-xr-x 1 awlad root 112888 Jul 16 18:14 /usr/bin/sudo
Have you run a command like that successfully before? If yes then you have borked your machine. Changing the owner of all files in /usr to your own unpriviledged user is exactly what would cause such issues and is a good way to break your system.
 
Old 11-25-2012, 06:58 AM   #3
awladnas
LQ Newbie
 
Registered: Nov 2012
Posts: 3

Original Poster
Rep: Reputation: Disabled
Quote:
Originally Posted by TobiSGD View Post
Have you run a command like that successfully before? If yes then you have borked your machine. Changing the owner of all files in /usr to your own unpriviledged user is exactly what would cause such issues and is a good way to break your system.
thanks for your reply. Yes may be i'm not sure. is there any way to overcome it?
 
Old 11-25-2012, 07:49 AM   #4
shivaa
Senior Member
 
Registered: Jul 2012
Location: Grenoble, Fr.
Distribution: Sun Solaris, RHEL, Ubuntu, Debian 6.0
Posts: 1,797
Blog Entries: 4

Rep: Reputation: 285Reputation: 285Reputation: 285
Executable file /usr/bin/sudo must have root as owner, not any other user. And that is why it is saying that effective UID isn't 0 (since root has EUID equal to 0). Also note that changing owner of /usr/ may cause other problems to your system. So better try to change owner of /usr/bin/sudo, and then try installing jdk.
Code:
sudo su - root
chown -R root:root /usr/bin/sudo
Then try to install jdk.
If you get permission denied type of error while using sudo cmd then, check whether you've permissions to invoke it or not, using:
Code:
sudo -l

Last edited by shivaa; 11-25-2012 at 07:59 AM.
 
Old 11-25-2012, 09:32 AM   #5
TobiSGD
Moderator
 
Registered: Dec 2009
Location: Hanover, Germany
Distribution: Main: Gentoo Others: What fits the task
Posts: 15,616
Blog Entries: 2

Rep: Reputation: 4072Reputation: 4072Reputation: 4072Reputation: 4072Reputation: 4072Reputation: 4072Reputation: 4072Reputation: 4072Reputation: 4072Reputation: 4072Reputation: 4072
Quote:
Originally Posted by awladnas View Post
thanks for your reply. Yes may be i'm not sure. is there any way to overcome it?
Something like that will normally cause a whole bunch of weird effects, the one with sudo you now can see is one of the harmless ones because it gives you a clear error message. If other issues occur I would recommend a clean re-install.
 
Old 11-25-2012, 09:38 AM   #6
shivaa
Senior Member
 
Registered: Jul 2012
Location: Grenoble, Fr.
Distribution: Sun Solaris, RHEL, Ubuntu, Debian 6.0
Posts: 1,797
Blog Entries: 4

Rep: Reputation: 285Reputation: 285Reputation: 285
I would add, the executable /usr/bin/sudo has SUID set on it (-rwsr-xr-x), which means, when you will execute /usr/bin/sudo, you will get same authorization what it's owner i.e. root has. This concept is used for many other executables utilities such /usr/bin/passwd. So simple solution is to change it's owner to root again as suggested above.
 
Old 11-26-2012, 01:58 AM   #7
chrism01
Guru
 
Registered: Aug 2004
Location: Sydney
Distribution: Centos 6.5, Centos 5.10
Posts: 16,311

Rep: Reputation: 2040Reputation: 2040Reputation: 2040Reputation: 2040Reputation: 2040Reputation: 2040Reputation: 2040Reputation: 2040Reputation: 2040Reputation: 2040Reputation: 2040
@shivaa: As TobiSGD has pointed out, if the OP has run a cmd to change multiple file ownerships/perms, trying to fix them manually would be almost impossible and in the meantime could be open to exploits.
A re-install would be best.
There is a way to fix rpm based systems (http://www.cyberciti.biz/tips/reset-...ermission.html) but it looks like .deb systems like Ubuntu can't do that.
 
Old 03-15-2013, 11:20 AM   #8
clunkpt
LQ Newbie
 
Registered: Mar 2013
Posts: 1

Rep: Reputation: Disabled
Just open terminal and do "su"
then just type chmod 4755 /usr/bin/sudo
 
Old 05-19-2013, 07:49 AM   #9
earthling297
LQ Newbie
 
Registered: May 2013
Distribution: Mint
Posts: 1

Rep: Reputation: Disabled
you could try reinstalling it
it worked for me
 
Old 09-20-2013, 04:24 PM   #10
whatsupdeepak
LQ Newbie
 
Registered: Sep 2013
Posts: 1

Rep: Reputation: Disabled
Just came across this thread as I ran into same issue "effective uid is not 0, is sudo installed setuid root" message, when trying to use 'sudo su -' command.
Here are my 2 cents. After you have checked /usr/bin/sudo and /usr for proper permissions and ownerships etc etc, check your /etc/fstab file, and take out the option 'nosuid' for /usr, if it is there.
Good luck.
 
Old 08-30-2014, 07:03 PM   #11
d4rkstorm
LQ Newbie
 
Registered: Aug 2014
Posts: 8

Rep: Reputation: Disabled
Smile Just a note... tried eveything then...

Tried evrything.. debian7 x86 box,.... then, i tried something on my own, and seem to have fixed...

root@sudoer:~# ls -l /usr/bin/sudo
-rwsr-xr-x 2 hax hax 119172 Mar 1 2013 /usr/bin/sudo
root@sudoer:~# chown -R root:root /usr/bin/sudo
root@sudoer:~# sudo ls
sudo: parse error in /etc/sudoers near line 25
sudo: no valid sudoers sources found, quitting
sudo: unable to initialize policy plugin
root@sudoer:~# chown -R root:root /usr/bin/sudo
root@sudoer:~# sudo ls
sudo: parse error in /etc/sudoers near line 25
sudo: no valid sudoers sources found, quitting
sudo: unable to initialize policy plugin
root@sudoer:~# nano /etc/sudoers
root@sudoer:~# sudo ls
sudo: parse error in /etc/sudoers near line 24
sudo: no valid sudoers sources found, quitting
sudo: unable to initialize policy plugin
root@sudoer:~# nano /etc/sudoers
root@sudoer:~# sudo ls
sudo: parse error in /etc/sudoers.d/sudoers near line 29
sudo: no valid sudoers sources found, quitting
sudo: unable to initialize policy plugin
root@sudoer:~# nano /etc/sudoers.d/sudoers
root@sudoer:~# sudo ls
sudo: parse error in /etc/sudoers.d/sudoers near line 28
sudo: no valid sudoers sources found, quitting
sudo: unable to initialize policy plugin
root@sudoer:~# sudo -l
sudo: parse error in /etc/sudoers.d/sudoers near line 28
sudo: no valid sudoers sources found, quitting
sudo: unable to initialize policy plugin
root@sudoer:~# cd /etc/sudoers.d
root@sudoer:/etc/sudoers.d# ls
README sudoers sudoers.so
root@sudoer:/etc/sudoers.d# rm sudoers sudoers.so
root@sudoer:/etc/sudoers.d# sudo ls
README

so, i got my sudo back... then i did chmod settings wich i asked for from a vps hoster
of mine, they simply gave me a very good start, so il post it here

chmod o= /usr/bin/last
chmod o= /usr/bin/lastlog
chmod o= /usr/bin/w
chmod o= /usr/bin/who
chmod o= /usr/bin/chsh
chmod o= /usr/bin/chfn ##added in as it is abused with some methods
chmod o= /usr/bin/sudoedit
chmod o= /usr/bin/smbmnt
chmod o= /usr/bin/traceroute6
chmod o= /bin/umount
chmod o= /bin/ping6
chmod o= /bin/ping
chmod o= /usr/bin/finger
chmod o= /usr/bin/write
chmod o= /usr/bin/nmap
chmod o= /usr/bin/ncat
chmod o= /usr/bin/nping
chmod o= /usr/sbin/hping3
chmod o= /usr/bin/oping
#chmod o= /usr/bin/
chmod o= /usr/bin/nc
chmod o= /usr/bin/cc
chmod o= /usr/bin/netcat
chmod o= /usr/bin/netcat6
chmod o= /bin/mount
chmod o= /usr/bin/top
chmod o= /sbin/umount.cifs
chmod o= /sbin/mount.cifs
chmod og-rwx /etc/rc*
chmod og-rwx /usr/bin/last
chmod og-rwx /usr/sbin/lastlogin
chmod og-rwx /var/log/messages
chmod og-rwx /var/log/maillog
chmod og-rwx /log/maillog
chmod og-rwx /bin/lastlogin
chmod go= /usr/bin/telnet
chmod go= /bin/netstat
chmod go= /bin/telnet
chmod go= /usr/bin/locate
#chmod go-r /bin
#chmod go-r /etc ## we will be making this much better now,readon
chmod go-r /home ## NOTE: I have used for ages simply chmod -r /home ,seems to work fine with debian/ubuntu based,and possibly centOS v5,not v6
#chmod -r /home
#chmod go-r /sbin
#chmod go-r /usr
#chmod go-r /usr/bin
chmod go-r /usr/local
chmod go-r /usr/local/bin/
chmod go-r /usr/local/sbin
chmod go-r /usr/sbin
chmod go-r /usr/src
chmod go-r /usr/src/sys
chmod go-r /usr/src/sys/i386/conf
chmod go-r /var
chmod go-r /var/log
chmod go-r /src/sys/i386/conf
chmod go-r /src/sys
chmod 700 /boot
chmod 700 /dist
chmod 700 /rescue
chmod 700 /root
chmod o+x-r /mnt
chmod 0 /proc/net/netlink

## for tmp dirs, we can also add tmpwatch app on most Linux ..wich then is easily started once, on restart of box.. so need universal-starter.sh made also (todo's)
chmod 660 /var/log/tmp
chmod 660 /var/log/wtmp
chmod 660 /var/run/utmp
chmod 660 /var/log/btmp

## Small read-on section, explaining wqhat is todo,has been done and, ofc, still it is in TESTING on CentOS-6
## ok some simple addins wich are essential (this will both kill most auditd bugs and mainly the udev.d 0days),but really need a perl-pipe-upload blocker,and a FWall tht GOOD!
## wich can add ips as it is being attackd, wich can have own sigs added, or, even script to generate those rules for the ips, and how the rule should be structered.Simply
## using methods like --hash-limit ,will almost kill your use of TCp,so, i have made eth0 based ipv4/6; */network/interface/eth0/* ipv4 or ipv6/ then, modified EACH rule
## THEn there is KNOWN blocks of IPS like, ones we do NOT need, nor will ever use for anything BUT these are also many of boxes wich are pwnable,so must kill them thru iptables
## mixed with (BSD: sysctl.conf and Linux is thru interfaces/ to achieve same thing),BSD has a few different places,and handles tmp dirrently,and will be added to universal
## script for setup of boxes,and for adding of users, after the actual setup scripts,and ip6tables* ipfw6/pf ,must also be accounted for,but on BSD,it use many things.
## Also dont be scred to use some anti-* scripts,nor ddos_deflate, IF you set it right, it works gr8,aswith an upto-date A/V,one wich will find shelling,bindshells,rkits.
## WILL be added/done for Linux/BSD and, will have 2-3 scripts wich you basically then get info for on howto use, plz,dont beg me for shit, if your luicky, and ask, i will ask
## you maybe for some minor helps like, login.sh wich, i would LOVE to be able to make asciigenerator for the motd,and, basically GUI for setting motd,banner.
## MAIN todo, i thik is to check some methods out on restricting /sbin/nologin accounts,passwd/shadow,and blocking even root user echoing to those files,MUST use editor as root
## that, then, i gues, adding as we find new problems, ie; XML,TYP03 ,and other Java/Pdf/Browser exploit stuff wich MAY be used on linux websites hacked,and need to kill these.

## Udev.D and other stuffs we need and have added
chmod 700 /sbin/udevd
chmod 660 /var/log/faillog
chmod 660 /var/log/lastlog
chmod 660 /var/log/lastlogin

## not many people think about 'dash' or 'ash' but theyre BOTH used BUT permissions are VERY different
chmod 511 /bin/dash
chmod 511 /bin/ash
chmod 511 /bin/sh

## this can maybe JUSt be the config wich need to have 100% chmod,but dont know if /ssh/ is useful to blockout. i dont see any harm,so this would be better,or add more to chmod.
chmod 700 /etc/ssh/sshd_config
chmod 700 /etc/ssh/*
chmod 700 /etc/hosts.allow
chmod 700 /etc/hosts.deny
chmod 700 /etc/hosts.equiv

## MAKESURE you do chmod the '/etc/sudoers' file, or it will NOT work right! MUST be,always 0440 .
chmod +x `which sudo`
chmod 440 /etc/sudoers

## Other GOOD ways to chmod what we need ONLY in /etc ,not the WHOLE dir.Pretty easy way to get out of doing a 'good' script/job,so,do BY FILE you NEED ONLY.
## Now we add syslog-ng and use this BUT remmeber rsyslogd ,is STILL active..so must edit syslogging conf, for this and other 'notifiers' of abusive stuff,ie; root-use eMech,etc
chmod 700 /etc/sysctl.conf
chmod 700 /etc/syslog.conf
chmod 700 /etc/syslog-ng.conf
chmod 700 /etc/pam.conf
chmod 700 /etc/profile
chmod 700 /etc/bashrc
chmod 700 /etc/cshrc
chmod 700 /etc/tcshrc
chmod 700 /etc/fstab
chmod 700 /etc/php.ini
chmod 700 /etc/php.conf

## Directory /libs
chmod g+w /usr/lib
chmod 755 /usr/lib

## anti-AUDIT-xploit stuff ie; common pathways used to attack,and the EXACT libs,we can restrict
chmod 711 /sbin/auditd
chmod 711 /dev/shm/*
chmod 755 /proc/fd3/map/*
chmod g+r /proc/fd3/map/*
chmod 755 /proc/*
chmod g+r proc/*
chmod 700 /libs/pcprofile.so
chmod 700 /libs/pcprofile.so.*
chmod 700 /libs/liblftp.so
chmod 700 /libs/liblftp.so.3
chmod 700 /libs/liblftp.so.4
chmod 700 /libs/liblftp.so.*

## apps we add (MOST COMMDON)
chmod 660 /usr/sbin/pure-ftpd
chmod go-r /usr/sbin/pure-ftpd
chmod 700 /usr/etc/pure-ftpd.conf
chmod g+r /usr/sbin/oidentd
chmod 755 /usr/sbin/oidentd
chmod go-r /etc/oidentd.conf
chmod go-r /usr/etc/oidentd.conf
chmod go-r /etc/oidentd_masq.conf
chmod go-r /usr/etc/oidentd.conf
touch ~/.oidentd.conf
chmod 644 ~/.oidentd.conf

## we better CHECk these and also makesure the pure-ftpd stuff done right in /opt/ftpusers/* coz this is user ftp-dir; setup when you add the user (bash-script-addon).
chmod 700 /etc/php-zts.d
chmod 700 /etc/php.d
chmod 700 /etc/php.ini.rpmnew
chmod 700 /etc/httpd/conf.d/php.conf
chmod 700 /etc/php-zts.d/*
chmod 700 /etc/php.d/*
chmod 700 /lib/modules/*

## sometimes this could be anything your using for easy setup and backup, but, to chmod etc/ alone is NOT a great idea,is better to restrict by filenames.
chmod 700 /root/vhosts.php
chmod 700 /root/vhoststest.php
chmod 700 /root/llvm
chmod 700 /root/ftpd-up.sh
chmod 700 /root/webminstart.sh
chmod 700 /root/oidentd.sh
chmod 700 /root/webminstart.sh
chmod 700 /root/ipv6.sh
chmod 700 /root/ipv6-he.sh
chmod 700 /root/vhosts.sh
chmod a+x /etc/motd

## IRC/IRCD and/or anything USER necessary, and some blocks against PHP (.ini) attacks
chmod a+x /usr/bin/irssi
chmod 700 /etc/irssi.conf
chmod a+x /usr/bin/znc
chmod a+x /usr/bin/BitchX
cp /usr/lib64/bx/script/example-.bitchxr ~/.bitchxrc
chmod 711 .bitchxrc
cp /usr/bin/BitchX /usr/bin/bx
chmod a+x /usr/bin/bx
chmod a+x /usr/bin/scr-bx

## added for php,apache,lynx and var/www/ and anything else wich does not fit in other areas.
chmod 700 /usr/bin/php
chmod 700 /usr/bin/php-cgi
chmod 700 /usr/bin/phpize
chmod 700 /usr/lib64/php
chmod 700 /usr/lib64/php-zts
chmod 700 /usr/lib64/php/modules/
chmod 700 /usr/share/php
chmod 700 /var/lib/php
chmod 700 /var/lib/php/session
chmod a+x /usr/bin/lynx
chmod 644 /etc/lynx.cfg
cp /etc/lynx.cfg ~/lynx.cfg
chmod 644 ~/lynx.cfg

## now for httpd and /var/www/
chmod 700 /usr/lib64/httpd/modules/
chmod 660 /var/www/icons/*
chmod 660 /var/www/*

## added for 'syslog-ng' on LINUX,and for -> (CentOS.v6.3 x64-Minimal 2012 Kernel)
## NOTE: THis is currently the box Im using to make this script
## TODO: need x86 pathways for centOS and more better setup chmods ,still need to test some but sofar it is OK for sudo/root,user base being tested/debugged
chmod 700 /etc/syslog-ng
chmod 700 /etc/rc.d/init.d/syslog-ng
chmod 700 /etc/sysconfig/syslog-ng
chmod 700 /etc/syslog-ng/modules.conf
chmod 700 /etc/syslog-ng/patterndb.d
chmod 700 /etc/syslog-ng/scl.conf
chmod 660 /etc/syslog-ng/syslog-ng.conf
chmod 660 /lib64/libsyslog-ng.so.0
chmod 700 /lib64/libsyslog-ng.so.0.0.0
chmod 660 /lib64/syslog-ng
chmod 660 /lib64/syslog-ng/libaffile.so
chmod 660 /lib64/syslog-ng/libafprog.so
chmod 660 /lib64/syslog-ng/libafsocket-notls.so
chmod 700 /lib64/syslog-ng/libafsocket.so
chmod 700 /lib64/syslog-ng/libafuser.so
chmod 700 /lib64/syslog-ng/libbasicfuncs.so
chmod 700 /lib64/syslog-ng/libconfgen.so
chmod 700 /lib64/syslog-ng/libconvertfuncs.so
chmod 700 /lib64/syslog-ng/libcsvparser.so
chmod 700 /lib64/syslog-ng/libdbparser.so
chmod 700 /lib64/syslog-ng/libdummy.so
chmod 700 /lib64/syslog-ng/libsyslogformat.so
chmod 700 /sbin/syslog-ng
chmod 700 /sbin/syslog-ng-ctl
chmod 700 /usr/share/syslog-ng
chmod 700 /usr/share/syslog-ng/include/scl/*
chmod 700 /usr/share/syslog-ng/include/scl/pacct/plugin.conf
chmod 700 /usr/share/syslog-ng/include/scl/syslogconf/plugin.conf
chmod 700 /usr/share/syslog-ng/include/scl/system/generate-system-source.sh
chmod 700 /usr/share/syslog-ng/include/scl/system/plugin.conf
chmod 660 /usr/share/syslog-ng/xsd/*
chmod 660 /var/lib/syslog-ng
chmod 644 /usr/share/doc/*
chmod 644 /usr/share/doc/*/rsyslog_php_syslog_ng.html

## yum manager/repos on centOS/RHEL based distros wich use yum.
chmod 700 /var/lib/yum/yumdb/
chmod 700 /var/lib/yum/yumdb/s/
chmod 700 /etc/yum.repos.d/

## rc.d directorys (centOS6.3-x64) based paths.
#chmod 700 /etc/rc.d/*
chmod 700 /etc/rc.d/rc0.d/*
chmod 700 /etc/rc.d/rc1.d/*
chmod 700 /etc/rc.d/rc2.d/*
chmod 700 /etc/rc.d/rc3.d/*
chmod 700 /etc/rc.d/rc4.d/*
chmod 700 /etc/rc.d/rc5.d/*
chmod 700 /etc/rc.d/rc6.d/*


along with the o/s , might help... oh, i had to run dpkg-reconfigure vsftpd for vsftpd users,thats only way to reset your configs then just reset that up.. theres alot still untouched, but this atleast gives you a chance... and heym , now my vps loaded all init scripts etc fine no erors...so i have somewhat reccovered from this on debian ** (remember deb was apprently not possible,..and frankly i tried everything..until the above when i removed the sudoers file from sudoers.d it seeemed to work as there is a sudoers.tmp file wich seems visudo will create, thats the problem in debian.. you have to reset your sudoers file in /etc/ chmod it as root, then go hard
xd
 
  


Reply

Tags
sudo, ubuntu 12.04


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
sudo: must be setuid root mswamy78 Linux - Newbie 23 11-23-2012 10:20 AM
Linux AMI - Error: sudo: must be setuid root fortran Linux - Server 3 03-21-2012 10:45 AM
[SOLVED] sudo: must be setuid root xrideordie987x Linux - Newbie 7 03-14-2012 12:47 AM
[SOLVED] sudo:must be setuid root rahulkya Linux - Software 7 02-21-2011 04:25 PM
Sorry, sudo must be setuid root kurtdriver Fedora 6 10-22-2008 08:47 PM


All times are GMT -5. The time now is 06:22 PM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration