Bugzilla – Bug 880
Catastrophic effect of changed permissions of `/`
Last modified: 2019-07-15 02:40:03 MDT
Out of the blue I could no longer use `sudo`, which had started failing with an error about not being able to stat /etc/sudoers . Nothing was wrong with that file or any of the files in sudoers.d . It took me hours (during which I almost launched a complete restore from a recent backup) before I figured out that a manual install I had done just before had changed ownership and permissions on a number of directories including `/` (making that one exclusive to me). pkexec continued to work, so I could reboot cleanly (which I'd better not done)... I fail to see how the permissions change could have affected sudo (and not pkexec) but I am ready to accept that it could be required for utmost security. However, the error message could and should be more helpful; repairing my mistake could have taken much less time (basically, the time required to remember that I had set a root password). At the very least the issue should be caught by `visodo -c`, and sudo itself could have a repair mode for this which it should be able to run because installed SUID. It's amazing how helpless you feel when sudo starts failing for no (easily) apparent reason!
Sudo tries to stat (and open) sudoers as a non-zero uid to make it possible to store sudoers on NFS. However, this will fail if the parent directory of sudoers is not accessible to a non-zero uid. I just committed the following change to retry as root in this case: https://www.sudo.ws/repos/sudo/rev/6a50adb25f2e
That sounds like it should do the trick, thanks. I do not have a test environment around ATM in which I could test (and am not really motivated to change permissions on my `/` right now ;)) but I guess you did.