I told someone to "chmod sudoers", then she couldn't change it back. Is this a bug?
The story is simple. Someone asked me how to let another user to use "sudo". I told her to edit /etc/sudoers. Since I am an "Emacs" guy and not familiar with vi and visudo, so the fatal step is that I told her to:
Code:
sudo chmod 0666 /etc/sudoers I have never thought that Linux has been so fragile: a little mistake by a normal user could make such a big problem! I think this is a bug! Feel free to give your comments, thanks! |
No, this is not a bug, no, this wasn't done as normal user. When using sudo you effectively are root, so you have to be as careful as when you would directly have logged in as root.
By the way, to use a different editor with visudo you have nothing more to do than set your EDITOR environment variable. You can do that temporarily with using a construct like Code:
EDITOR=emacs visudo The real question that remains is why don't you simply have used Code:
sudo emacs /etc/sudoers Anyways, unless the person you advised to do that has a root shell open, gets the root password or is able to reboot the machine there is no way to fix that. |
Thank you for your reply, Tobi.
I admit that what I instructed her was a mistake. But the stupid thing is that: 1. sudo can do a change. 2. sudo can't change it back. So I consider it as a bug. And by the way, in my salckware, Code:
sudo emacs /etc/sudoers Your tip about "EDITOR=emacs" might be useful. And your these sentences really make sense: Quote:
|
You can edit files as root from within a running emacs with
Code:
C-x C-f /sudo::/path/to/file RET Quote:
|
Quote:
|
Quote:
Thank you, anyway. |
Quote:
It should forbid non-root users to touch the file /etc/sudoers. |
Quote:
|
Quote:
|
Quote:
http://psychocats.net/ubuntu/fixsudo Note that in my experience from reading threads here on LQ, one of the best ways to break an Ubuntu system is to enable the root account, and or to mess with the /etc/sudoers file. I have used every version of Ubuntu since the inaugural 4.10. I have never enabled the root account on Ubuntu because I have never found any valid reason for doing it. I also never mess with the /etc/sudoers file. I also never have these problems. You can elevate users to use sudo from the user accounts GUI on Ubuntu. |
Quote:
Quote:
You are right, one should not mess with the /etc/sudoers file. |
Quote:
By the way, today I rebooted the system, and got into "recovery mode". Without the root password I can log in as root! Is this safe? It's convenient though. New question: What should I do if I made the same mistake on a system without a "Recovery Mode"? (If I didn't have the root password either.) By now all I can think of is to boot the machine with another linux system (using a live CD or a thumb-drive). Will it work? Or are there any better ways? |
Quote:
Quote:
it's called single user mode and can be accessed by manually (temporarily) appending the word 'Single' to the end of the kernel line of the grub entry at boot, or worst comes to worst adding Code:
init=/bin/bash Code:
mount -oremount / Code:
# mkdir /rescue this creates an environment in which you have root control over your installed system, and if it works, can fix a non bootable system as a last resort to having to re-install the above methods are exactly why physical access trumps any security so again, in answer to your query, there is always a recovery mode of some nature available on any Linux system, even if it isn't conveniently stuck in the boot menu for you. even modern macs, which are a bsd userspace on a mach microkernel has single user mode, not sure if they have chroot but that's off topic. |
Quote:
|
Quote:
|
All times are GMT -5. The time now is 11:27 PM. |