I am getting the following error while switching to root user
[~]# sudo su -
sudo: must be setuid root
The current permission of sudo is
[~]# ls -l /usr/bin/sudo
---s--x--x 2 root root 190904 Mar 10 2014 /usr/bin/sudo*
It's may CLOUDLINUX 5.11 x86_64 cPanel live server. Any suggestions on how to fix this?
Try to Enter system with recovery mode.(maybe Esc or Shift when start.)
Then choose the content row with 'root' in recovery menu.
Then:
#mount -o remount,rw /
#chown root:root /usr/bin/sudo
#chmod 4755 /usr/bin/sudo
now, restart...
try:
sudo ls
but if following exception raise:
#sudo: /usr/lib/sudo/sudoers.so must be owned by uid 0
#sudo: fatal error, unable to load plugins
Then you need entering recovery mode again and try:
#chown root /usr/lib/sudo/sudoers.so
restart...
I have fixed it my self. Currently the user is set to jailed shell and now I changed it to normal shell and could switch to root. – Techiescorner
Related
i want to ask for a specific user to use certain root commands in redhat?
my server run redhat OS 7.6. i dont have any idea how to set a user that can run certain commands from root.
let say i have one user id name MY_CIT, so MY_CIT can run certain commands for example to create print queue #lpadmin -p printer -v socket://printer:9100 -E
so MY_CIT no need root access to trigger the command.
Anyone experience on this? kindly help. thanks
You'll be able to use file ACLs. As a test I removed execute permissions from the nano command, just to show how this will work.
You won't need to do this, however, you will need root permissions to the machine. Instead of nano, use 'lpadmin' as per your requirements
[root#server bin]# chmod o-x /bin/nano
[root#server bin]# ls -lah /bin/nano
-rwxr-xr-- 1 root root 202K Jun 10 2014 nano
To test, we change to user1 and try use nano to edit a file:
[user1#server ~]$ nano file1
-bash: /bin/nano: Permission denied
Now, as root again, we add an ACL to the nano program. This allows only user1 to execute the program.
[root#server bin]# setfacl -m u:user1:x /bin/nano
Display ACL with getfacl:
[root#server bin]# getfacl /bin/nano
getfacl: Removing leading '/' from absolute path names
# file: bin/nano
# owner: root
# group: root
user::rwx
user:user1:--x <<-- Note this
group::r-x
mask::r-x
other::r--
As user1, we are able to use the nano program, but not as user2:
[user1#server ~]$ nano file1
[user1#server ~]$ ls
file1
[user1#server ~]$ exit
logout
[root#server bin]# su - user2
[user2#server ~]$ nano file1
-bash: /bin/nano: Permission denied
ACLs allow admins to extend permissions past just user/group/other. You're able to set permissions for specific users on the system.
Run command with a root privilege:
sudo visudo
It opens file /etc/sudoers for edit.
Add this line at the end of the file (and after keep one blank line):
MY_CIT ALL = NOPASSWD: /usr/sbin/lpadmin
where:
MY_CIT - name of your user
/usr/sbin/lpadmin - path to executible file. Note please that in your distro path can be different. You can check this with command whereis lpadmin.
After user can run command lpadmin with arguments with sudo without password:
sudo lpadmin ...
When I clear Linux caches, I use this:
echo 3 > /proc/sys/vm/drop_caches
It tells me: Insufficient permissions
Then I inspect the file drop_caches with:
ls -l /proc/sys/vm/drop_caches
and I get this:
-rw-r--r-- 1 root root 0 1月 22 01:21 /proc/sys/vm/drop_caches
So I use:
chmod 777 /proc/sys/vm/drop_caches
to change the file permissions, but insufficient permissions is printed again.
Current user is root, how can I change the permissions of this file?
As root, echo 3 > /proc/sys/vm/drop_caches should work. Run whoami to make sure you are root.
If not, type sudo -i or su to open a root shell where you can run these commands.
You can't.
Permissions on /proc nodes are defined in the kernel, and cannot be changed at runtime.
I want to create a new cronjob via Plesk. After submit the configuration i get the error from my topic.
I have tried chmod and chown to the crontabmng without success.
my crontabmng owner is
root:root and the permission is -rwxr-xr-x
Check for suid bit 's' on /usr/bin/crontab:
# ls -la /usr/bin/crontab
-rwsr-xr-x. 1 root root 57552 Mar 31 2016 /usr/bin/crontab
SOLVED i think with the following:
service psa stopall
chown root.psaadm /usr/local/psa/admin/sbin/wrapper
chmod 4110 /usr/local/psa/admin/sbin/wrapper
chown root.psaadm /usr/local/psa/admin/sbin/mod_wrapper
chmod 4110 /usr/local/psa/admin/sbin/mod_wrapper
and the last step takes some time
service psa start
for now its all running and i get no errors.
hope it helps.
I am getting following error while trying to switch to root.
[~]# sudo su -
sudo: must be setuid root
and I have confirmed the permission of sudo file set to correct
[~]# ls -l /usr/bin/sudo
---s--x--x 2 root root 190904 Mar 10 2014 /usr/bin/sudo*
also the user is already wheels group. please help
Please make sure that the user has normal jail access
In my machine sudo command is not working and it is giving following message.
sudo: /usr/bin/sudo must be owned by uid 0 and have the setuid bit set
When I tried
ls -l /usr/bin/sudo it is giving
-rwxr-xr-x 1 'whoami' root 155008 Aug 28 2015 /usr/bin/sudo
It looks like, at some point, someone tried to take over ownership of the sudo executable but used single quotes rather than backticks:
chown 'whoami' /usr/bin/sudo # The wrong way
chown `whoami` /usr/bin/sudo # The right way
chown $(whoami) /usr/bin/sudo # Another right way
Note that I say "right way" but it's probably not something anyone should be doing anyway.
You're going to have to figure out some other way of getting into the root account (such as booting in single user mode) and changing the ownership and permissions back to what they should be:
chown root /usr/bin/sudo
chmod u+s /usr/bin/sudo
After that, it should be back at the correct:
-rwsr-xr-x 1 root root 155008 Aug 28 2015 /usr/bin/sudo