Archive

Posts Tagged ‘setuid’

Solution after sudo/su is ruined

图像

Table for linux user/group permission format .

The command “sudo chmod -R 777 /usr” ruined /usr/bin/sudo and /usr/bin/su

After ruined, when “sudo …” is executed, error occurs like

$ sudo
sudo: /usr/bin/sudo must be owned by uid 0 and have the setuid bit set

or

$ su
Password: 
su: Authentication failure

According to the hints of error, this problem is solved by rebooting computer into a chroot mode, and execute following command

# chmod 4755 /usr/bin/sudo

# chown root:root /usr/bin/sudo # this makes ‘sudo’ owned by root (uid=0)

# chmod u+s /usr/bin/sudo        # this set the ‘setuid’ bit, which is the third character in first triad

Explaination of setuid:

setuid and setgid (short for “set user ID upon execution” and “set group ID upon execution”, respectively)[1] are Unix access rights flags that allow users to run anexecutable with the permissions of the executable’s owner or group respectively and to change behaviour in directories. They are often used to allow users on a computer system to run programs with temporarily elevated privileges in order to perform a specific task. While the assumed user id or group id privileges provided are not always elevated, at a minimum they are specific.

 

Advertisements
Categories: Alive Tags: , ,