Sudo not working in Konsole

Hi all, Greetings,I am using opensuse 12.1 with kde 4 Whenever I use sudo + command in konsole, it returns a error. I have to go into superuser mode (su and then give password ) and then only run the desired command.For example, here is the example to run wvdial.

anish@linux-jmbg:~> sudo wvdialsudo: /usr/lib/sudo/sudoers.so must be only be writable by ownersudo: fatal error, unable to load pluginsanish@linux-jmbg:~> suPassword: linux-jmbg:/home/anish # wvdial--> WvDial: Internet dialer version 1.60--> Initializing modem--> Sending: ATZ

Kindly help me to fix this. TIA.

The use of the CODE tags is for preserving the layout you get in the original. It seems that you lost newlines in this case. Did you realy copy/pasted the output from the terminal emulator directly between the CODE tags.

Also you seem to think that sudo is not to get into “supersuer mode”. But sudo is just another way of becoming the superuser (root).

Whenever you use su (not only in this case where it seems to be afall back for you), then use

su -

do not forget that minus sign.

When I read the message you post trying to guess where some new lines should and spaces were in the original, I think the main error message is:

sudo: /usr/lib/sudo/sudoers.so must be only be writable by owner sudo

which would lead me top check that with

ls -l /usr/lib/sudo/sudoers.so

Please do so and post the result here.

On 2012-05-01 14:26, hcvv wrote:

> Code:
> --------------------
> sudo: /usr/lib/sudo/sudoers.so must be only be writable by owner sudo
> --------------------

And who changed that file?


Cheers / Saludos,

Carlos E. R.
(from 11.4 x86_64 “Celadon” at Telcontar)

@hcvv: Hi, I copy pasted the code you gave: the result:

anish@linux-jmbg:~> ls -l /usr/lib/sudo/sudoers.so
-rwxrwxrwx 1 root root 211240 Jan 31 14:29 /usr/lib/sudo/sudoers.so
anish@linux-jmbg:~>

Since new lines didnt appear in that previous post, here I repaste the problem again

anish@linux-jmbg:~> sudo wvdialsudo: /usr/lib/sudo/sudoers.so must be only be writable by owner
sudo: fatal error, unable to load plugins
anish@linux-jmbg:~> 

@Robin: Who changed that file? -> I dont know what you mean. I havent even seen that file in my system.

As you see the file is also writable by the group and the world. sudo does see this as a violation of security and thus gives the error message and quits. This is my explanation, seeing the error message and checking if that error message tells the truth (which is the case).

I however must add that I did not look into it using any further sudo knowledge (which is llimited in my person because I almost never use it). On my 11.4 system that file is not even present at all!

@Carlos points to the fact that when sudo fails on these sorts of security checks, it is most likely that somebody (as root) changed things in the sudo configuration/environment manualy, not using the appropriate tools. He does implicitly (but he is never very talkative in his answers/suggestion) suggest you to ask yourself when and how you did something to configure/change anything that may have influence onn sudo.

My question now would be the same as Carlos implicit one: what did you (try to) change to sudo?
Second, maybe someone comes and can telll more about this file in particular.

BTW, this is the contents of my* /usr/lib/sudo/*:

boven:~ # ls -l /usr/lib/sudo/
total 20
-rwxr-xr-x 1 root root 5684 Jan  5 17:20 sesh
-rwxr-xr-x 1 root root 9556 Jan  5 17:20 sudo_noexec.so
boven:~ #

As you see all there is only writable for the owner (root).

On 2012-05-08 10:26, hcvv wrote:

> @Carlos points to the fact that when -sudo- fails on these sorts of
> security checks, it is most likely that somebody (as -root-) changed
> things in the -sudo- configuration/environment manualy, not using the
> appropriate tools. He does implicitly (but he is never very talkative in
> his answers/suggestion) suggest you to ask yourself when and how you did
> something to configure/change anything that may have influence onn
> -sudo.-
>
> My question now would be the same as Carlos implicit one: what did you
> (try to) change to -sudo-?

Thank you - I couldn’t have explained it better :slight_smile:

And his answer confuses me, because he says “I havent
even seen that file in my system.” - when he obviously has that file as the
ls output a paragraph above shows.

So, being a bit paranoid, at this point I would think the OP has been hacked.

> Second, maybe someone comes and can telll more about this file in
> particular.

I have no idea, that file is new in 12.1, 11.4 doesn’t have it. And
obviously sudo does a sanity check on itself, it fails, and aborts execution.

> As you see all there is only writable for the owner (-root)-.

Right. It is possible to run “rpm --verify sudo” and see what more has
changed - unless sudo has been reinstalled from another rpm source.

I remember a recent post where somebody did something to his filesystem and
the result was that every file changed ownership to a certain user, and
what he did was chown back everything to root. I wondered if it was the OP,
but no, I think not. But something weird is going on there, changing
permissions of security critical libraries.


Cheers / Saludos,

Carlos E. R.
(from 11.4 x86_64 “Celadon” at Telcontar)

I remember a recent post where somebody did something to his filesystem and
the result was that every file changed ownership to a certain user, and
what he did was chown back everything to root.

rotfl!rotfl! Sorry, I should not do that.

Yes, that has happened in the history of Unix/Linux a lot of times by system managers not understanding much of it. The same happend to those by incident (un)setting certain access bits through all of the system and then reversing that for all files in the system. Let us hope this is not the case here.

Back to the problem. I suddenly realize that I have a 12.1 installation on line. That means I can mount that root partition and look in it. The result:

boven:/mnt/B/usr/lib/sudo # l
total 300
drwxr-xr-x   2 root root   4096 Mar  6 12:04 ./
drwxr-xr-x 157 root root  73728 Mar  6 12:09 ../
-rwxr-xr-x   1 root root   5640 Jan 31 09:53 sesh*
-rwxr-xr-x   1 root root   9556 Jan 31 09:53 sudo_noexec.so*
-rwxr-xr-x   1 root root 202912 Jan 31 09:53 sudoers.so*
boven:/mnt/B/usr/lib/sudo # 

This show that @thinkanish’s system is broken.

Now, you can of course easily remove those two w bits, but it is realy important to find out how this happened. If this happened, there can be more on the system. And when you can not pinpoint how this happened (and repair it thouroughly), a reinstall of sudo would be the minimum, but a complete reinstall might be better (depending on the security you ask from your system).

Over to you thinkanish.

On 2012-05-08 13:46, hcvv wrote:
>
>> I remember a recent post where somebody did something to his filesystem and
>> the result was that every file changed ownership to a certain user, and
>> what he did was chown back everything to root.
> rotfl!rotfl! Sorry, I should not do that.
>
> Yes, that has happened in the history of Unix/Linux a lot of times by
> system managers not understanding much of it. The same happend to those
> by incident (un)setting certain access bits through all of the system
> and then reversing that for all files in the system. Let us hope this is
> not the case here.

It can be accidental. If I remember correctly, the admin used a system
command (change user?) to change the UID of some user and all his home
files. So far, so good. The problem was that that system user (not his
direct doing) listed “/” as being the home directory - so it applied the
change to the entire filesystem. Every file resulted owned by that user,
and the root cause is the wrong definition of the home directory of a
system user (ie, one created by an rpm package). A bug, IMO.

The problem, of course, is how to revert the damage. One is reinstall.
Another is via rpm --verify, I think there is a method to redo permissions,
and if not, it can be scripted. Another is install another system in
parallel, and compare permissions.


Cheers / Saludos,

Carlos E. R.
(from 11.4 x86_64 “Celadon” at Telcontar)

Hi
Nah, much simpler to run chkstat…


Cheers Malcolm °¿° (Linux Counter #276890)
openSUSE 12.1 (x86_64) Kernel 3.1.10-1.9-desktop
up 3 days 10:58, 4 users, load average: 0.04, 0.03, 0.05
CPU Intel i5 CPU M520@2.40GHz | Intel Arrandale GPU

On 2012-05-08 15:09, malcolmlewis wrote:
> Nah, much simpler to run chkstat…

Interesting. Ah, it is what “SuSEconfig --module permissions” uses. To
apply the proper permissions to the entire filesystem you need a list of
the entire filesystem in the appropriate format, which we don’t have.


Cheers / Saludos,

Carlos E. R.
(from 11.4 x86_64 “Celadon” at Telcontar)

Hi friends,
Thanks for trying to help me out.
Pardon my ignorance for I can understand completely nothing from your discussions.
Let me explain my scenario:
First I had openSUSE 12.1 installed with gnome 3.
With gnome 3, there was no problem like this. sudo “somecommand” would work fine like for example: sudo nautilus

Then I liked to play with customizations of KDE. and so I installed KDE 4 from the yast software manager.
Ever since I installed KDE, this problem persists. That is, for instance, “sudo nautilus” or “sudo dolphin” would return the error as given in the first post.
No matter which desktop environment i choose (gnome/kde) this problem persists.
And I one more thing,
During login session window, (where we choose which deskop environment) I have gnome and two entries for kde (as “kde plasma”). Is this the cause of problem? As you all know, I am only a student penguin, I cant understand what you were discussing. Could anyone spare your time to elaborate it?

Thanks,
Anish

This is getting a bit time consuming and the missus will call me to dnner in a few minutes. After that we go for some running. So you may have to wait a bit or read what others want to teach you.

This has nothing to do with your desktop. sudo is a good old command older then desktps.

For understanding this, you should understand file ownership (by user and group) and file protection (by read-, write- and execute-bits for user, group and world). This is very basic in Unix/Linux. Can you post back if we can skip teaching you this because you understand it?

Can you point a good article explaining that? I cannot find any article related to file permissions in swerdna’s website.(I mean according to me, no one writes openSUSE clearer than swerdna :slight_smile: )

This is the first one I found using Google. Seems reasonable OOK: Linux file permissions

On 2012-05-08 16:56, thinkanish wrote:

> And I one more thing,
> During login session window, (where we choose which deskop environment)
> I have gnome and two entries for kde (as “kde plasma”). Is this the
> cause of problem? As you all know, I am only a student penguin, I cant
> understand what you were discussing. Could anyone spare your time to
> elaborate it?

The problem is that your sudo is broken, and probably something more. It is
either your doing, or it is somebody else’s doing - and it is not related
at all to installing kde.

That somebody else - like a hacker - could modify your sudo, is
preoccupying, because you don’t recognize having done it yourself.

At a minimum, you have to reinstall sudo, and who knows what more.

If you don’t understand this, I don’t know what more to say. Perhaps you
should reinstall, or get somebody to look over your system.


Cheers / Saludos,

Carlos E. R.
(from 11.4 x86_64 “Celadon” at Telcontar)

On Wed, 09 May 2012 03:08:06 +0530, Carlos E. R.
<robin_listas@no-mx.forums.opensuse.org> wrote:

> On 2012-05-08 16:56, thinkanish wrote:
>
>> And I one more thing,
>> During login session window, (where we choose which deskop environment)
>> I have gnome and two entries for kde (as “kde plasma”). Is this the
>> cause of problem? As you all know, I am only a student penguin, I cant
>> understand what you were discussing. Could anyone spare your time to
>> elaborate it?
>
> The problem is that your sudo is broken, and probably something more. It
> is
> either your doing, or it is somebody else’s doing - and it is not related
> at all to installing kde.
>
> That somebody else - like a hacker - could modify your sudo, is
> preoccupying, because you don’t recognize having done it yourself.
>
> At a minimum, you have to reinstall sudo, and who knows what more.
>
> If you don’t understand this, I don’t know what more to say. Perhaps you
> should reinstall, or get somebody to look over your system.
>

certainly better to be safe than sorry, but how likely is it that his
machine has been hacked?

fixed IP address and services open to the internet? many half- or
not-at-all trusted people access to the machine? big stakes, like online
banking for the whole neighborhood?

if not, and it’s just a “normal” PC used by somebody who still has a lot
to learn and perhaps his family, i’d think that neither the risk is that
great (avoid online banking for a while…), nor the probability that it’s
anything else but user error, i.e., he didn’t exactly know what he was
doing, and ended up this way.

if it was me, i’d reinstall sudo and hope for the best…but i’m not very
concerned about security i must admit. it’s probably wiser to listen to
carlos…


phani.

On Tue, 08 May 2012 21:54:36 +0000, phanisvara das wrote:

> if it was me, i’d reinstall sudo and hope for the best…but i’m not
> very concerned about security i must admit. it’s probably wiser to
> listen to carlos…

I’d also be inclined to run rkhunter as well as using RPM to verify each
installed package on the system. Takes a little knowledge to do the
latter and properly ignore changes that are valid (like configuration
file changes in some cases).

Jim


Jim Henderson
openSUSE Forums Administrator
Forum Use Terms & Conditions at http://tinyurl.com/openSUSE-T-C

On 2012-05-08 23:54, phanisvara das wrote:
> On Wed, 09 May 2012 03:08:06 +0530, Carlos E. R. <> wrote:

> certainly better to be safe than sorry, but how likely is it that his
> machine has been hacked?

Improbable, but no idea.

The problem is that the OP doesn’t even know how this happened. He doesn’t
understand the issue, and that is another problem.

> if not, and it’s just a “normal” PC used by somebody who still has a lot to
> learn and perhaps his family, i’d think that neither the risk is that great
> (avoid online banking for a while…), nor the probability that it’s
> anything else but user error, i.e., he didn’t exactly know what he was
> doing, and ended up this way.

It is quite possible that it was user error, but which? He does not know,
he blames KDE installation.

> if it was me, i’d reinstall sudo and hope for the best…but i’m not very
> concerned about security i must admit. it’s probably wiser to listen to
> carlos…

I do not know for sure, I’m not a real security expert. But I’m afraid. If
I saw such a change in my system I would be very scared.


Cheers / Saludos,

Carlos E. R.
(from 11.4 x86_64 “Celadon” at Telcontar)

On 2012-05-09 00:09, Jim Henderson wrote:

> I’d also be inclined to run rkhunter as well as using RPM to verify each
> installed package on the system. Takes a little knowledge to do the
> latter and properly ignore changes that are valid (like configuration
> file changes in some cases).

Another possibility is “rpm -qa --verify”, but the resulting list needs
interpretation.


Cheers / Saludos,

Carlos E. R.
(from 11.4 x86_64 “Celadon” at Telcontar)