Suddenly can't run sudo

command-line root permissions sudo mount

I didn't do anything on the computer except Internet for a few days and suddenly when I tried to do:

$ sudo apt-get update

I got:

sudo: effective uid is not 0, is /usr/bin/sudo on a file system with the 'nosuid' option set
      or an NFS file system without root privileges?

I have no idea what happened, last time I remember running sudo is when I did update.


Solution 1:

sudo works with a mechanism that is called setuid (Set User ID, or also called suid). If that bit is set on an executable file (like sudo), then the application is executed under the permissions of the user, who is the owner of that file (in case of sudo, the owner is the root user).

That means, sudo is executed as root. So far so good. But, now nothing prevents you from inserting an USB-drive with a shell on it, that has the setuid bit set. You have full root access! That's why normally USB-drives are mounted with the mount option noexec, to prevent executing binary/scripts on such a device. Another mount option, if you still want to execute files, is the one that is mentioned in the error message in your question: nosuid.

See that excerpt of the mount manual page:

[...]
nosuid     Do not allow set-user-identifier or set-group-identifier bits to take effect.
[...]

With the mount command, you can determine, if your root filesystem is mounted with that option. Just type:

$ mount

You can now remount the filesystem on-the-fly and change mount options:

$ mount -n -o remount,suid /

That sets the suid option, which is the exact opposite of nosuid.

Related

Apache2 modules folder where is it?
Change sound output from command line
How to completly disable LLMNR?
US Intl keyboard layout without dead keys
/var/crash/ - should I send it?
Span Wallpaper Across Displays in Lockscreen
Batch-convert and split .ape with .cue to .flac in various folders from terminal
How can I copy text from xfce4 terminal emulator to the clipboard?
Can I install Godot Engine using Command Line?
What's the difference between network-manager.service and NetworkManager.service in Systemd?
Share my VPN connection with other LAN users
Why should I avoid having differents filesystem for / and /home?