Weird messages when using sudo

command-line sudo 14.04

Whenever I run a sudo command in the terminal, this happens:

arun@arun-GP70-2OD:~$ sudo apt-get update
sudo: /etc/sudoers.d/README is world writable
sudo: /var/lib/sudo writable by non-owner (040777), should be mode 0700
 [sudo] password for arun:

The sudo commands still work (I think so, although the only one I have tested is sudo apt-get).

What are these strange messages before I get asked for the password? Is there any big problem here? Should I do something about this? Or can I just leave it like this and continue using my system?


Solution 1:

The messages are self explanatory.

By design sudo related files and libraries should only be readable (and writable if needed) by root.

The directory /var/lib/sudo contains individual user's sudo related data, which could be easily read/modified if a non-root user have sufficient permission, which is of course a security issue.

The file /etc/sudoers.d/README contains info regarding implementation of sudo. Imagine a rogue user edit the file and add false info (and you follow that).

So, in a nutshell, fix the permissions:

sudo chmod 0400 /etc/sudoers.d/README
sudo chmod -R 0700 /var/lib/sudo  ## Recursively

And of course make sure the owner is root (and group root).

Related

Split log file by date
grep -r "pattern" not responding
How to recover `/usr/lib/jvm` in Ubuntu? [duplicate]
How to open a file with "sudo"?
Find file by matching on its path
Can not change ssh port | Server 16.04
What is the difference between cat /etc/services and service --status-all?
How to disable the Super Key? (18.04+) [duplicate]
How to install wxpython 4 ubuntu 18.04
Any downside of installing Ubuntu in C drive over full format install?
Where is the read command?
Why can't you have multiple instances of Synaptic?