How to get rid off - sudo: /usr/lib/sudo/sudoers.so must be only be writable by owner sudo: fatal error, unable to load plugins

jags picture jags · Jun 6, 2013 · Viewed 15.1k times · Source

I am trying to configure apache2 with cgi (python). For that, I have to change permissions of some folders and files but I am getting sudo fatal errors every time I try to change permission of a file or a Folder.

For Example:

1

j@ubuntu:/etc/apache2$ ls

apache2.conf envvars magic mods-enabled sites-available

conf.d httpd.conf mods-available ports.conf sites-enabled



j@ubuntu:/etc/apache2$ sudo chmod 777 httpd.conf

sudo: /usr/lib/sudo/sudoers.so must be only be writable by owner

sudo: fatal error, unable to load plugins

...................................................................................

2

j@ubuntu:/usr/lib/cgi-bin$ sudo /etc/init.d/apache2 restart

sudo: /usr/lib/sudo/sudoers.so must be only be writable by owner

sudo: fatal error, unable to load plugins

...................................................................................

3

j@ubuntu:/usr/lib$ sudo chmod -R 777 /usr/lib/cgi-bin

sudo: /usr/lib/sudo/sudoers.so must be only be writable by owner

sudo: fatal error, unable to load plugins

...................................................................................

Note:

j@ubuntu:/etc/apache2$ ls -l /usr/lib/sudo/sudoers.so

-rwxrwxrwx 1 root root 177452 Jan 31 2012 /usr/lib/sudo/sudoers.so

Any help would be highly appreciated !

Answer

Sébastien Dan picture Sébastien Dan · Jan 23, 2020

If you have docker installed on your host, you can leverage its permission vulnerabilities on volumes to solve this issue.

Run docker run -it -v /usr/lib/sudo:/tmp ubuntu:xenial

Once inside the container, being the root user there, you can:

  • cd /tmp
  • chown root sudoers.so or chmod 644 sudoers.so depending on the exact issue

It's not a really clean solution but it solves the issue.