133

I have run following command accidentally 

sudo chown [username] -hR /

Now sudo su getting error:

sudo: /usr/bin/sudo must be owned by uid 0 and have the setuid bit set

How to Solve This?

Pandya
  • 37,289

12 Answers12

223

As you'll read on this answer on SO, this problem is not as hard as people are making it. You can get the sudo command working again without a reinstall by following these simple steps:

  1. Log out as the current user, then log back in as root.
  2. Execute chown root:root /usr/bin/sudo && chmod 4755 /usr/bin/sudo
  3. Log out as root, then log back in as the current user.

This does the trick and is much quicker and less painful than the "nuclear option" recommended in other answers.

If your root password is not set, you can boot in Recovery Mode to set it.

Note that this will resolve the titular error /usr/bin/sudo must be owned by uid 0 and have the setuid bit set but if like the OP you did more than mess up the permissions of the /usr/bin/sudo file, a more "nuclear" option may in fact make more sense.

user10962
  • 2,619
50

Back up your data and reinstall.

If this looks extreme, that's because it is. This isn't just sudo. You destroyed the permissions structure across your entire filesystem. Some of the other answers can get sudo working, but ignoring the whole problem is inviting a later disaster.

You could try to mirror the owners off another install but there are cases (/var/ for example) that are highly dependant on what you've actually got installed. If you want to get a scale of the problem, I've actually had a crack at helping somebody fix this sort of issue before. The fix is manual, long and could easily leave your system insecure or broken.

Picking through that mess is going to take considerably longer than a clean install.

This has had a couple of drive-bys from folks that don't understand the seriousness of the situation here. To them it looks like a big pile of unnecessary work, the sort of thing a rogue plumber or mechanic says to shake you down for a bigger job.

If you've only changed the permissions on /usr/bin/sudo, by all means, just fix that. But this question is about a total system change. Every file (save the runtime-only ones) are now owned by the user. Everything the user runs (eg browsers, browser exploits) could then overwrite system files, spy on you, extract any data. This needs to be corrected. Per above, this is difficult. The easiest way is a reinstall.

So please, don't be lazy about this. Filesystem permissions help keep you safe, don't mess with them.

Oli
  • 299,380
21

  1. go to recovery mode by keep pressing Esc while booting the system.

  2. select root option in long list you can see after entering into recovery mode (it is actually root shell)

  3. type command - mount -o remount / (Or in recovery you can click on grub option. This helped me get read-write permissions on the file system. This basically updated the read/write mode on the file system since the command wasn't working for me initially)

    It will remount your file system in read and write mode.

  4. command - chown -R root:root /usr this command will change ownership from "user" to root again recursively

  5. now still i had problem with sudo command, so I again followed step 1,2,3 and executed chmod 4755 /usr/bin/sudo

Now I really think that re-installing would have been really a "nuclear option"

Community
  • 1
Hridaynath
  • 349
10

Had the same issue on my droplet on digital ocean.

sudo: /usr/bin/sudo must be owned by uid 0 and have the setuid bit set. Below are command that ive execute and reboot after.

chown -R root:root /usr/bin/sudo
chmod -R a=rx,u+ws /usr/bin/sudo
chown -R root:root /usr/lib/sudo/sudoer.so
chmod -R a=rx,u+ws /usr/lib/sudo/sudoer.so

Hope it helps.

Tshilidzi Mudau
  • 4,171
Marvee Lou Manriquez Ventures
  • 101
4

The above methods didn't work for me, because I couldn't "log back in as root" (unknown password) But I got a root shell by editing

vi /etc/lightdm/lightdm.conf

autologin-user=root
greeter-show-manual-login=true

After rebooting I was finally able to run

chown root:root /usr/bin/sudo && chmod 4755 /usr/bin/sudo
Anno2001
  • 141
3

Unfortunately, if you do not have a full backup, probably the best thing you can do at this point is to reinstall.

Consider that you have changed all the files ownership to the same user, completely messing the security paradigm of your system....

If you search this site there are a lot of similar problems with chmod, as for example How can I recover from chmod -R a-wrx / command?

Community
  • 1
Rmano
  • 32,167
2

I was not able to edit lightdm.conf file under running system. I fixed things like this:

  1. boot Ubuntu live usb
  2. mount the root partition in order to access /etc/lightdm/lightdm.conf on the installation

  3. sudo -H gedit /mnt/etc/lightdm/lightdm.conf and add the following lines from Anno2001's answer

    autologin-user=root
greeter-show-manual-login=true

  4. reboot

  5. run command:

    chown root:root /usr/bin/sudo && chmod 4755 /usr/bin/sudo

  6. Change back default user in /etc/lightdm/lightdm.conf (you don't want to autologin as root every time, which would be very insecure and dangerous)

  7. reboot, and my system works fine again.
Community
  • 1
DrackG
  • 39
1

If you have root user password then:

  1. Login as root user

  2. open terminal

  3. Enter following commands:

    mount -o remount /
chown root:root /usr/bin/sudo && chmod 4755 /usr/bin/sudo
chown root:root /usr/lib/sudo/sudoers.so && chmod 4755/usr/lib/sudo/sudoers.so
chown root:root /var/* && chmod 4755 /var/*

If you do not have root user password then:

  1. Reboot your system in recovery mode(boot and press and hold esc button to enter in recovery mode)

    here it looks like

  2. Navigate to (advance option for linux) by using down arrow button and press two times Enter

    here it looks like

  3. Navigate to root by using down arrow button and press Enter

    here it looks like

  4. Now enter following commands:

    mount -o remount /
chown root:root /usr/bin/sudo && chmod 4755 /usr/bin/sudo
chown root:root /usr/lib/sudo/sudoers.so && chmod 4755/usr/lib/sudo/sudoers.so
chown root:root /var/* && chmod 4755 /var/*

  5. Press ctrl+d and then select resume option to boot normal

muru
  • 207,228
Ritesh Rana
  • 11
  • 3
0

You destroyed the permission structure of your entire filesystem - YES IT's TRUE.Entire root is corrupted. But don't panic recovery is quite simple.Create a new volume of the root disk with the latest snapshot then dettach the old volume and attach it to the instance with the same disk name.With 5 minutes downtime you can login to the server again.

Priyanka
  • 1
0

This applies to those environments where they have docker / Kubernetes environment running and has host root file system is mounted into the container / pod.

kubectl exec -it mypod -- chown root:root /host/usr/bin/sudo && chmod 4755 /host//usr/bin/sudo

I have not tried creating a fresh Kubernetes pod but I guess that should work too.

Hem
  • 141
0

For those who does not have the root password, but who do have docker installed, here is a one-liner:

docker run -v /:/target bash bash -c "chown root:root /target/usr/bin/sudo && chmod 4755 /target/usr/bin/sudo"

Since the docker image run as root, you are root in the image. The volume mounted allow you to change your root structure. The command allow you to fix your sudo.

PS: imagine what else you could don without root permission and a docker...

jehon
  • 205
-2

I have changed /usr/lib/ to root owner but but sudo only executes with root login in the terminal.

step one: su root step two: cd /usr/lib step three: chown -R root:root sudo

and that is it. Just NOTE you have tu run su root every time you want to use sudo.

Cyprian Maina
  • 1