Changing read permissions on /private/etc recursively

macos sudo permission

I was trying to make my /private/etc folder and all its contents world-readable. 'Permission denied' messages from a number of internal files and folders were a recurrent theme whenever I did a find operation on that folder. But chmod -R seems to have failed here. Can someone please explain why I get this error message and what I should do to fix it? I'm on OS X 10.8.3.

$ sudo chmod -R a+r /private/etc
sudo: /private/etc/sudoers is mode 0444, should be 0440
sudo: no valid sudoers sources found, quitting

In fact any read operation in the directory seems to fail:

$sudo stat /private/etc/raddb/sql/sqlite 
sudo: /private/etc/sudoers is mode 0444, should be 0440
sudo: no valid sudoers sources found, quitting

Changing the permissions on /private/etc/sudoers is definitely a no-no. The sudo command will fail to work if that file's permissions are not 0440 as you are noticing. This is a security measure -- the command distrusts any permission setting that is less restrictive than 0440 as it allows for potential tampering with sudo permissions on the box.

Normally you'd boot in to single user mode to fix this problem. This lets you log in with elevated privledges so you can do a:

chmod 440 /private/etc/sudoers

and get your sudo command back.

But I found this article that had an alternative that doesn't require a reboot and works if your account has Administrator level access. I haven't tried it, but it seems sound.

Open a Finder window a hit Shift-Command-G to get the "Go To" dialog. Enter /private/etc in the dialog and hit the Go button.

Find the sudoers file in the Finder window, select it and press Command-I to open the information window for the file and change the permissions on the file so they match:

Permissions for your sudoers file

Close the information window and you should be back in business.

All this being said: I would strongly encourage you to rethink changing the permissions of everything under /private/etc to be world readable. This poses a serious security risk (as seen from the way sudo locks you out when you make /private/etc/sudoers world readable) to your machine. Maybe there's another Ask Different question here that'll help you solve a problem you think you're solving by making these unsafe changes?

Related

Time Machine backing up more data than I can physically have
OSX 10.9 Mavericks Update Causes Non-Stop Kernel Panics
How to hide all file extensions in subdirectories of a given folder?
Single-user mode, data recovery, mount usb
Pages 5: Increase indentation in table of contents?
Where are the files installed when you execute a mpkg file?
How can I turn my top menu bar and all the window bars dark?
If I take the hard drive out of my macBook Pro and put it in a non-apple laptop, will it boot?
Where are the /dev folder and the /dev/null device located on Mac OS X Mountain Lion?
Hide month in menu bar in OS X
OS X Terminal not recognizing any commands [duplicate]
Make F8 work as F8 on MacBook Pro