help for permission "/etc"?

Hi
i change permission folder /etc but not work my system and not work command sudo
how to set default permission for folder /etc/
when use command sudo
show this error

 sudo
sudo: /etc/sudoers is world writable
sudo: no valid sudoers sources found, quitting
sudo: unable to initialize policy plugin


Thanks

Are you sure you only changed the permission for the directory /etc?
Or did you change permission for several/all files in /etc also?

And you could at least post some facts with your story, like

ls -ld /etc

so we can see what the permissions are now.

BTW the permission (and ownership) of the directory /etc should be:

henk@boven:~> ls -ld /etc
drwxr-xr-x 124 root root 12288 27 jan 23:30 /etc
henk@boven:~>

I change permission for several/all files in /etc also.(with dophin root)
and cahange my home folder and sub folders to chmod 700

n4xz:~> ls -ld /etc
drwxr-xr-x+ 134 root root 12288 Jan 28 20:43 /etc


>ls -ld /home/my home/
drwxrwx---+ 52 my home root 4096 Jan 28 20:41 /home/my home/


how to fix ?

after change permissions
I use this commands
pkexec chmod 555 /etc/sudoers
pkexec chmod 555 /etc/sudoers.d/README
sudo chmod 440 /etc/sudoers

 # chkstat --system --warn

and if happy

 # chkstat --system --set /etc/

also

 > chkstat --help

Very confusing. But when you changed permission on “several/all files in /etc”, then you have borked your system considerable. I have no idea why you did that, but in my opinion, whoever told you to do this was giving very bad advice.

This is also not easy to repair, but if I ma correct, there is some tool that sets them to what they should be by consulting the RPMs from which they were installed. Maybe somebody knows more.

BTW

drwxrwx---+ 52 my home root 4096 Jan 28 20:41 /home/my home/

looks also challenging to me. A user name with a blank space in it is not something I would prefer. Also a normal user should not be a member of the root group.

In other words it looks as if you have a very customized system where not many will feel enough at home to be able to help you efficiently :frowning: .

Edit: I see that eng-int knows the tool.

after change permission not booting my opensuse
i use live cd and change permission chmod -R 777 /etc/* , then my opensuse is boot compleat
now work my system but i think not complete workings

chkstat --system --warn

 # chkstat --system --warn
Checking permissions and ownerships - using the permissions files
        /etc/permissions
        /etc/permissions.easy
        /etc/permissions.d/postfix
        /etc/permissions.local
/var/cache/man/ should be man:root 0755. (wrong owner/group man:man)
/var/log/lastlog should be root:root 0644. (wrong owner/group root:utmp permissions 0664)
/var/log/btmp should be root:root 0600. (wrong owner/group root:utmp)
/etc/passwd should be root:root 0644. (wrong permissions 0777)
/etc/shadow should be root:shadow 0640. (wrong permissions 0777)
/etc/init.d/ should be root:root 0755. (wrong permissions 0777)
/etc/hosts should be root:root 0644. (wrong permissions 0777)
/etc/hosts.allow should be root:root 0644. (wrong permissions 0777)
/etc/hosts.deny should be root:root 0644. (wrong permissions 0777)
/etc/hosts.equiv should be root:root 0644. (wrong permissions 0777)
/etc/hosts.lpd should be root:root 0644. (wrong permissions 0777)
/etc/ld.so.conf should be root:root 0644. (wrong permissions 0777)
/etc/ld.so.cache should be root:root 0644. (wrong permissions 0777)
/etc/ppp/ should be root:root 0750. (wrong permissions 0777)
/etc/ppp/chap-secrets should be root:root 0600. (wrong permissions 0777)
/etc/ppp/pap-secrets should be root:root 0600. (wrong permissions 0777)
/etc/sysconfig/network/providers/ should be root:root 0700. (wrong permissions 0777)
/etc/ssh/ssh_config should be root:root 0644. (wrong permissions 0777)
/etc/ssh/sshd_config should be root:root 0640. (wrong permissions 0777)
/etc/crontab should be root:root 0600. (wrong permissions 0777)
/etc/exports should be root:root 0644. (wrong permissions 0777)
/etc/fstab should be root:root 0644. (wrong permissions 0777)
/etc/ftpusers should be root:root 0644. (wrong permissions 0777)
/usr/bin/at: unknown group trusted
/usr/bin/crontab: unknown group trusted
/usr/bin/fusermount: unknown group trusted
/sbin/pccardctl: unknown group trusted
/usr/sbin/mgnokiidev: unknown group uucp
/etc/postfix/sasl_passwd should be root:root 0600. (wrong permissions 0777)


if I will fix all the above errors,change all permissions wrongs,
Is my system correct?

Thanks for reply
i dont use space name home folder, sorry that’s fake name for here

for learning
how to change permissions this command (for example)

/etc/init.d/ should be root:root 0755. (wrong permissions 0777)

sudo chmod 755 /etc/init.d/ (true or false)

If you run this command as root:

 # chkstat --system --set

You will have a set of sensible file permissions according to your chosen security level. Did you read the output of:

 > chkstat --help

Only you will know if that is what you want. The chkstat command will not restore the deleted groups “uucp” and “trusted”.

what means is output?
chkstat --system --set /etc/* (The output was more, i copy just apart )

 # chkstat --system --set /etc/*
/etc/adjtime: cannot verify root:root 0755 - not listed in /etc/permissions
/etc/alsa-pulse.conf: cannot verify root:root 0755 - not listed in /etc/permissions
/etc/alternatives: cannot verify root:root 0755 - not listed in /etc/permissions
/etc/apparmor: cannot verify root:root 0755 - not listed in /etc/permissions
/etc/apparmor.d: cannot verify root:root 0755 - not listed in /etc/permissions
/etc/asound-pulse.conf: cannot verify root:root 0755 - not listed in /etc/permissions
/etc/at.deny: cannot verify root:root 0755 - not listed in /etc/permissions
/etc/audisp: cannot verify root:root 0755 - not listed in /etc/permissions
/etc/audit: cannot verify root:root 0755 - not listed in /etc/permissions
/etc/autofs.conf: cannot verify root:root 0755 - not listed in /etc/permissions
/etc/autofs_ldap_auth.conf: cannot verify root:root 0755 - not listed in /etc/permissions
/etc/auto.master: cannot verify root:root 0755 - not listed in /etc/permissions
/etc/auto.master.d: cannot verify root:root 0755 - not listed in /etc/permissions
/etc/auto.misc: cannot verify root:root 0755 - not listed in /etc/permissions
/etc/auto.net: cannot verify root:root 0755 - not listed in /etc/permissions
/etc/auto.smb: cannot verify root:root 0755 - not listed in /etc/permissions
/etc/avahi: cannot verify root:root 0755 - not listed in /etc/permissions
/etc/bash.bashrc: cannot verify root:root 0755 - not listed in /etc/permissions
/etc/bash_command_not_found: cannot verify root:root 0755 - not listed in /etc/permissions
/etc/bash_completion.d: cannot verify root:root 0755 - not listed in /etc/permissions
/etc/bind.keys: cannot verify root:root 0755 - not listed in /etc/permissions
/etc/bindresvport.blacklist: cannot verify root:root 0755 - not listed in /etc/permissions
/etc/binfmt.d: cannot verify root:root 0755 - not listed in /etc/permissions
/etc/blkid.conf: cannot verify root:root 0755 - not listed in /etc/permissions
/etc/bonobo-activation: cannot verify root:root 0755 - not listed in /etc/permissions
/etc/boto.cfg-2.7: cannot verify root:root 0755 - not listed in /etc/permissions
/etc/ca-certificates: cannot verify root:root 0755 - not listed in /etc/permissions
/etc/chromium: cannot verify root:root 0755 - not listed in /etc/permissions
/etc/cifs-utils: cannot verify root:root 0755 - not listed in /etc/permissions
/etc/ConsoleKit: cannot verify root:root 0755 - not listed in /etc/permissions
/etc/cron.d: cannot verify root:root 0755 - not listed in /etc/permissions
/etc/cron.daily: cannot verify root:root 0755 - not listed in /etc/permissions
/etc/cron.deny: cannot verify root:root 0755 - not listed in /etc/permissions
/etc/cron.hourly: cannot verify root:root 0755 - not listed in /etc/permissions
/etc/cron.monthly: cannot verify root:root 0755 - not listed in /etc/permissions
/etc/cron.weekly: cannot verify root:root 0755 - not listed in /etc/permissions
/etc/crypttab: cannot verify root:root 0755 - not listed in /etc/permissions

i use this commands for repair
chkstat --system --set
chkstat --system --set /etc/
chkstat --system --set /etc/*
final output


#chkstat --system --set 
/usr/bin/at: unknown group trusted
/usr/bin/crontab: unknown group trusted
/usr/bin/fusermount: unknown group trusted
/sbin/pccardctl: unknown group trusted
/usr/sbin/mgnokiidev: unknown group uucp

Is it done?
how to repair permission /etc/?

Nonsense command parameter, therefore nonsense output.

The file permissions seem to have been restored to those defined by the ‘permisions’ package.
As I mentioned before, you have commands that belong to the ‘trusted’ and ‘uucp’ groups that you seem to have deleted. You can reinstate them with

 # groupadd --help
 # groupadd trusted
 # groupadd uucp

the GIDs on my Tumbleweed are
trusted 42
uucp 14

You should now probably perform a ‘zypper dup’ using only Tumbleweed repositories.

@eng-int
Thanks you