Weird messages when using sudo

Whenever I run a sudo command in the terminal, this happens:

arun@arun-GP70-2OD:~$ sudo apt-get update
sudo: /etc/sudoers.d/README is world writable
sudo: /var/lib/sudo writable by non-owner (040777), should be mode 0700 [sudo] password for arun:

The sudo commands still work (I think so, although the only one I have tested is sudo apt-get).

What are these strange messages before I get asked for the password? Is there any big problem here? Should I do something about this? Or can I just leave it like this and continue using my system?

3

1 Answer

The messages are self explanatory.

By design sudo related files and libraries should only be readable (and writable if needed) by root.

The directory /var/lib/sudo contains individual user's sudo related data, which could be easily read/modified if a non-root user have sufficient permission, which is of course a security issue.

The file /etc/sudoers.d/README contains info regarding implementation of sudo. Imagine a rogue user edit the file and add false info (and you follow that).

So, in a nutshell, fix the permissions:

sudo chmod 0400 /etc/sudoers.d/README
sudo chmod -R 0700 /var/lib/sudo ## Recursively

And of course make sure the owner is root (and group root).

2

Your Answer

Sign up or log in

Sign up using Google Sign up using Facebook Sign up using Email and Password Submit

Post as a guest

Post Your Answer Discard

By clicking “Post Your Answer”, you agree to our terms of service, privacy policy and cookie policy