Bug 48 – Generic sudo profile

Bug 48 - Generic sudo profile


Summary:	Generic sudo profile

Status:	NEW

Product:	Sudo
Classification:	Unclassified
Component:	Visudo
Version:	1.6.3
Hardware:	Other Other

Importance:	high high
Assigned To:	Todd C. Miller

URL:	http://askubuntu.com/questions/45035/...

Depends on:
Blocks:
	Show dependency tree / graph

Reported:	2001-08-23 06:03 MDT by l.l.g.m.wolfs
Modified:	2020-05-08 14:29 MDT (History)
CC List:	2 users (show)

See Also:

Attachments
sudo: /usr/bin/sudo must be owned by uid 0 and have the setuid bit set (145.59 KB, application/octet-stream) 2020-05-08 13:38 MDT, Carlos Rostro Garcia	Details
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description l.l.g.m.wolfs 2001-08-23 06:03:52 MDT

Hello,

I have the following problem:
We have >40 UNIX boxes. We plan to use SUDO. To minimize the time to administer
SUDO and to keep a good overview of the privileges, I want to have ONE sudoers
file. This works fine, BUT on every system there's an application user whose
privileges have to be delegated to named users. These application users do not
have the same name, and there can be more than one application on one system.
To summarize: about 25 users have to manage about 60 applications on more than
40 UNIX boxes.
It would be a help (to keep the sudoers file as small as possible) to have a
program (UNIX executable) SU'd by the file owner.
By this I mean that the named user gets the privilege to execute the program
(mentioned in the sudoers file) by the file owner. Because the name of the
owner is so various, some kind of runas_alias would help (maybe FILEOWNER).


Thanks,

Lucien Wolfs

Comment 1 Todd C. Miller 2001-12-17 16:59:59 MST

I like this idea and will consider doing something like it in a future release (but not for
1.6.4).

Comment 2 kavya 2013-03-07 01:33:30 MST

Hello,

I have the following problem:

I want to remove sudo permission. Every time while compiling i got to give sudo which would effect further. So I jus want to remove sudo from root.

Thanks in advance,

Kavya

Comment 3 Carlos Rostro Garcia 2020-05-08 13:38:28 MDT

Created attachment 543 [details]
sudo: /usr/bin/sudo must be owned by uid 0 and have the setuid bit set

Whenever I write sudo in the terminal it writes "sudo: /usr/bin/sudo must be owned by uid 0 and have the setuid bit set" and ignores the command. I tried the sudo -v command but it does the same thing; I tried too with the sysctl -deprecated but it is no use; I just do not know what to do.

Comment 4 Todd C. Miller 2020-05-08 14:29:50 MDT

That message is trying to tell you that /usr/bin/sudo has either the wrong permissions or wrong owner.  It must be owned by root and have the set-user-ID bit set.  It you run "ls -l /usr/bin/sudo" it should look similar to this:

-rwsr-xr-x 1 root root 2366560 May  6 16:35 /usr/bin/sudo

You can see that the binary is owned by root (the group is not important) and the set-user-ID bit it set in the file mode (that is the 's' after the 'rw').  If yours doesn't look like that you can repair it by running the following as root:

chown root /usr/bin/sudo
chmod 4755 /usr/bin/sudo

If your root user doesn't have a password set (as is the case on Ubuntu) you will probably need to boot into single user mode to fix the permissions.