sudo: /var/lib/sudo/navneet writable by non-owner (040777), should be mode 0700
Solution 1:
You have a really big problem, but not really for the reasons stated here.
Changing the permissions on all of /var
will make it likely you will not get them all back correctly, because you will not know what permissions every file should have. You may have problems later. Depending on the circumstances, your problems might be security-related.
Therefore, you may wish to consider reinstalling Ubuntu. Alternatively, you can try to get the permissions from the files in another, similar, unbroken system. The permissions are usually the same. Usually. A more serious problem is that it's likely your system has some files in /var
that are not present on the other one, so probably not all the permissions will be fixed.
Performing administrative tasks on a desktop system without a working sudo
is usually trivially easy, though.
Changing the permissions back when you know what they should be is easy, and rarely requires booting into recovery mode or from a live CD. This is because, while it's not widely known, desktop versions of Ubuntu (and most other GNU/Linux operating systems these days) have two ways set up to perform administrative tasks:
-
sudo
, which will not work because it requires the permissions in/var
to be correct. - PolicyKit, which tends to be more tolerant of wrong permissions and usually still works.
While we tend to think of sudo
as the way you perform actions as root
on Ubuntu, actually PolicyKit is the way most, though not all, graphical utilities become root
. (It has been this way for some years now.)
Actually, running a graphical program manually with PolicyKit is sometimes a significant undertaking as graphical applications must have special configuration files for PolicyKit to be willing to run them. But terminal applications don't -- it's just as easy to run a text-based command with PolicyKit as with sudo
.
To do it, type pkexec
where you'd otherwise type sudo
. (They don't take all the same command-line options, but the most common syntax for sudo
is sudo command
, and pkexec
works perfectly in its place.)
So, because sudo
is broken, you cannot run:
sudo chmod 0755 /mnt/var/lib/sudo
sudo chmod 0700 /mnt/var/lib/sudo/<username>
But you can run:
pkexec chmod 0755 /mnt/var/lib/sudo
pkexec chmod 0700 /mnt/var/lib/sudo/<username>
That's a good start, and it will probably make sudo
work again. (It's not going to fix all the other files in /var
, though.)
Related (but, in most cases, not identical) situations where pkexec
is helpful:
‣ How to modify an invalid /etc/sudoers file? It throws an error and it's not allowing me to edit again to fix it
‣ accidently blocked access to sudoers.d whilst trying to change ushare config
‣ 'sudo' not working after changing the permissions of '/usr' directory
‣ How to fix sudo after "chmod -R 777 /usr/bin"?, sudo error, is mode 0777, should be 0440,
How to repair "sudo: /etc/sudoers is mode 0640, should be 0440?"
‣ Installing ZFS changed my sudoers file
‣ Password not working for sudo ("Authentication failure")
‣ Why does nothing work after I randomly changed some file permissions?
‣ changed /etc permission in oneiric (ubuntu11.10) by using "sudo chmod 665 /etc" cant use sudo now
‣ How do I run specific sudo commands without a password? (just if something goes wrong)
‣ Can't write /etc/sudoers from Ubuntu live CD (just if something goes wrong)
Solution 2:
You have a really big problem in your hands. First of all, in order to get you sudo
working again, you will need to change the permissions of the /var/lib/sudo
folder and the file navneet
inside of it.
But, in order to do it, you will need root access. If you happen to have changed the root password, then you will only need to su -
and change the permissions as below:
$ chmod 0755 /var/lib/sudo
$ chmod 0700 /var/lib/sudo/navneet
And you are good to go. But, if you haven't changed your root password, you will need to obtain root access by other means. On a standard Ubuntu install you can do this by booting into recovery mode. This is done by rebooting and hitting the shift key after the BIOS screen disappears. It is advisable to hit it repeatedly, but slowly. If you succeed the GRUB Menu will come up and you can chose the second option (marked recovery mode). From the next menu you should chose root shell. This will bring you to a root prompt. On 12.04 you will need to make the hard drive writable to make any changes. The command for this is mount -o,remount,rw /
. It make take several attempts to bring the GRUB menu up.
Alternatively you may use a boot CD.I suggest you to use the Gentoo minimal installation CD, as it is small in size and will get the job done, there are also several specialist recovery CD's available. A standard install CD will often work if you choose to live boot rather than install. Boot your computer through the CD, and mount your partition to /mnt/
(mount /dev/sda1 /mnt
), for example. Then you may change the permissions like this:
chmod 0755 /mnt/var/lib/sudo
chmod 0700 /mnt/var/lib/sudo/navneet
It is best to use this to backup your data and then do get a fresh install. Since other applications may stop working because of wrong permissions, and there could be other consequences that compromise the security of your machine.