[PLUG] I broke sudo

Rogan Creswick creswick at gmail.com
Wed Nov 5 17:38:43 UTC 2008


On Wed, Nov 5, 2008 at 8:44 AM, John Jason Jordan <johnxj at comcast.net> wrote:
>
> It turns out that the problem listed in the thread is exactly what
> happened. A few days ago I needed a graphic located in /usr and I
> couldn't get it into the Gimp in anything but read-only mode. The
> graphic came as part of the openclipart package that I installed a long
> time ago with Synaptic. I have no idea why the package installed the
> graphics into /usr with root ownership instead of into ~/.
>

Packages are (almost?) always installed system-wide, so any user can
access them.  If the content was installed into your home directory,
that would restrict the access to only you.  (and you install things
as root -- how would it know which user's home dir to put the files
in?)

> The part I did wrong was that I took ownership of the whole /usr folder
> instead of just the /usr/share/openclipart folder. That broke sudo.

As a general rule of thumb: you should (almost) never change the
permissions of something under /usr (or really under anything other
than your home directory).  You don't have write access to those
things for very good reasons :).  The notable exception is if you're
following a tutorial you trust, or really, really know what you're
doing.  (For what it's worth, changing permissions is more common in
/var than /usr.  /usr is fairly static -- some systems even mount it
read-only, so not even *root* can make changes.)

The "right" way to do this is to copy the clipart you want to modify
into your home directory, then if you need to put a modified copy back
in to /usr/share/openclipart you can use sudo to do so.  Keep in mind,
when you update openclipart, you may very well loose your
modifications.

My apologies for harping on how you should never touch permissions in
/usr, but it really *is* important :).

--Rogan

> Fortunately I am not the first Ubuntuoid to do this, and the forum
> thread gives instructions for how to fix it. However, the instructions
> are not working:
>
> jjj at Devil7:~$ ls -l /usr/bin/sudo
> -rwxr-xr-x 2 jjj jjj 122688 2008-09-10 12:42 /usr/bin/sudo
> jjj at Devil7:~$ chown root:root /usr/bin/sudo
> chown: changing ownership of `/usr/bin/sudo': Operation not permitted
> jjj at Devil7:~$ chmod 4755 /usr/bin/sudo  #note that this operation worked
> jjj at Devil7:~$ sudo su
> sudo: must be setuid root
> jjj at Devil7:~$ chown root:root /usr/bin/sudo
> chown: changing ownership of `/usr/bin/sudo': Operation not permitted
> jjj at Devil7:~$ chmod 0440 /etc/sudoers
> chmod: changing permissions of `/etc/sudoers': Operation not permitted
> jjj at Devil7:~$ sudo su
> sudo: must be setuid root
> jjj at Devil7:~$ chmod 4755 /bin/su
> chmod: changing permissions of `/bin/su': Operation not permitted
>
> OK, not such a clever little Linux dude after all.
>
> The computer continues to run just fine, but I have no access to sudo.
> Before I mess things up even more I thought I'd ask here for help from
> someone who understands permissions and ownership better than me.
> _______________________________________________
> PLUG mailing list
> PLUG at lists.pdxlinux.org
> http://lists.pdxlinux.org/mailman/listinfo/plug
>



More information about the PLUG mailing list