I have Windows 11. On it I installed Ubutu 16.04
While editing, I accidentally corrupted the /etc/sudoers. But before editining it I had created a backup of it by copying it as /etc/sudoers.backup
I tried to restore my sudoers file by typing
agrawa22#DESKTOP-B9E5HFJ:/srv/shiny-server$ sudo cp /etc/sudoers.backup /etc/sudoers
But I get error message
/etc/sudoers: syntax error near line 32 <<<
sudo: parse error in /etc/sudoers near line 32
sudo: no valid sudoers sources found, quitting
sudo: unable to initialize policy plugin
I cannot open either /etc/sudoers or /etc/sudoers.backup because they are read only and cant be edited without sudo which is available no more.
agrawa22#DESKTOP-B9E5HFJ:/srv/shiny-server$ ls -lrt /etc/sudoers*
-r--r----- 1 root root 755 Oct 13 06:20 /etc/sudoers.backup
-r--r----- 1 root root 999 Oct 13 06:53 /etc/sudoers
What is the way to fix back my sudoers file? Also how could one avoid such messup in future and what is the best way to edit sudoers so that it can be restored from backup if needed?
Related
I have the following file xx.sh:
#!/bin/bash
echo "hi"
The permissions are defined as follows:
-rwxr-xr-x 1 root root 22 Nov 22 10:55 xx.sh*
but when I run the file ./xx.sh I get:
**-bash: ./xx.sh: Permission denied**
When running with override: bash xx.sh it runs correctly.
What is the permission issue here?
Your system is probably mounted with noexec. Verify by:
findmnt <folder>
If you have noexec in the OPTIONS, then you are not allowed to execute executable binaries in the mounted file system. You can solve using the mount command.
I ran into some strange behavior while setting up a script to start kvm instances today, and am hoping you all can weigh in what's going on here.
Setup:
I have a script that starts a kvm with virt-install.
virt-install ... --disk=image.qcow2 ...
I want to run the same script on different versions of image.qcow2, so I created a symbolic link of a to my latest image.
My directory stucture would look something like this:
startKvm.sh
image.qcow2 -> image_v2.0.qcow2
image_v2.0.qcow2
image_v1.0.qcow2
However, when I tried to run my virt-install command, it returned the following error.
ERROR internal error: process exited while connecting to monitor:
datetime qemu-kvm: -drive file=/path/image.qcow2,if=none,id=drive-ide0-0-0,format=qcow2: could not open
disk image /path/image.qcow2: Could not open file: Permission
denied
Thoughts on the cause and alternate solutions?
I've had a similar idea to use symlinks, however in my scenario I run virt-manager via SSH with X forwarding as a user in wheel (admin) group. Creating a virtual guest produced same error:
Unable to complete install: 'internal error: process exited while connecting to monitor: 2018-02-24T07:53:19.064452Z qemu-kvm: -drive file=/var/lib/libvirt/images/archlinux-2018.02.01-x86_64.iso,format=raw,if=none,id=drive-ide0-0-1,readonly=on: could not open disk image /var/lib/libvirt/images/archlinux-2018.02.01-x86_64.iso: Could not open '/var/lib/libvirt/images/archlinux-2018.02.01-x86_64.iso': Permission denied'
Issue is, in fact, with permissions. When setting up an .iso image using qemu-kvm, it changes its ownership to user/group qemu upon deployment. We need to make sure user qemu has access rights throughout whole path to the file.
Test case
User running virt-manager: yahol (wheel/admin group)
Iso or qcow2 image location: /home/yahol/isos/archlinux-2018.02.01-x86_64.iso
Note: please ignore the timestamps as I've hacked together this answer over 2 days. It was late and I was too tired to finish it the previous day.
Starting with image in user's home directory:
$ ll /home/yahol/isos/archlinux-2018.02.01-x86_64.iso
$ -rw-r--r--. 1 yahol yahol 565182464 Feb 24 08:49 archlinux-2018.02.01-x86_64.iso
Creating symlink as root in default path to KVM images:
# cd /var/lib/libvirt/images
# ln -s /home/yahol/isos/archlinux-2018.02.01-x86_64.iso
lrwxrwxrwx. 1 root root 48 Feb 23 21:35 archlinux-2018.02.01-x86_64.iso -> /home/yahol/isos/archlinux-2018.02.01-x86_64.iso
Symlink belongs to user root, while actual file still has user/group of a regular user.
Setting up and deploying virtual machine via virt-manager. Notice how user/group of image file changes to qemu:
$ ll /home/yahol/isos/archlinux-2018.02.01-x86_64.iso
-rw-r--r--. 1 qemu qemu 565182464 Feb 24 08:49 archlinux-2018.02.01-x86_64.iso
At this point VM manager, be it virt-manager or virt-install, throws the aforementioned error. This happens because user qemu doesn't have access to full path. Home dir of user yahol is only accessible to user yahol:
$ ll -d /home/yahol/
drwx------. 7 yahol yahol 258 Feb 24 08:37 /home/yahol/
Now let's create another path to which qemu has full access:
# mkdir -p /Qemu/Test/Iso
# mv archlinux-2018.02.01-x86_64.iso /Qemu/Test/Iso/
# chown -R qemu:qemu /Qemu/
# cd /var/lib/libvirt/images
# ln -s /Qemu/Test/Iso/archlinux-2018.02.01-x86_64.iso
# ll /Qemu/Test/Iso/archlinux-2018.02.01-x86_64.iso
-rw-rw-r--. 1 qemu qemu 565182464 Feb 23 08:53 /Qemu/Test/Iso/archlinux-2018.02.01-x86_64.iso
# ll /var/lib/libvirt/images
lrwxrwxrwx. 1 root root 46 Feb 24 09:39 archlinux-2018.02.01-x86_64.iso -> /Qemu/Test/Iso/archlinux-2018.02.01-x86_64.iso
This works perfectly fine, virtual machine has been deployed and it's running.
Possible solutions:
change ownership to entire path to actual image to user/group qemu
# chown -R qemu:qemu /Qemu/
give read+execute permissions to others (world) to entire path to image
# chmod -R o+rx /Qemu/
WARNING: This might have security implications!
create a directory owned by user/group qemu dedicated to iso images that will be symlinked
# mkdir -p /Qemu/Test/Iso
# chown -R qemu:qemu /Qemu/
Summary:
Even though everything is done by user with root privileges, the actual user working with VM images is qemu. Adding qemu to wheel group would still require providing means to authenticate and, since it's a no-login user, it might be tricky.
I am always getting this error. What is the solution ?
As the error message says: your /etc/sudoers file has the wrong permissions.
the normal permissions (on OS X 10.10) are:
$ ls -l /etc/sudoers
-r--r----- 1 root wheel 1293 Sep 19 2012 /etc/sudoers
so get a root shell in some other manner and issue chmod 660 /etc/sudoers
and/or the appropriate chgrp and chown commands.
To get a root shell, it all depends on what you have left as assets.
The failsafe method would be from a recovery partition, but booting in single user mode should be enough in most cases.
Single user mode: boot holding "Command-S"
ref: https://support.apple.com/en-us/HT201573
When I try to change the permissions for a file it doesn't seem to work. chmod says it is changing it but the file permissions remain the same. Can anyone explain what I am doing wrong? Here is a copy of my command line.
~$ sudo chmod -v u+x ex01
mode of 'ex01' changed from 0600 (rw-------) to 0700 (rwx------)
~$ ls -l ex01
-rw------- 1 user user 60297 Feb 6 21:50 ex01
Certain file systems, such as vfat, don't support Unix permissions. The owners and permissions of the files are decided when the file system is mounted. On vfat for example there is an option to set the permissions to whatever you want, and another that sets the execute bit only for .exe, .com, .bat and similar files. See https://www.kernel.org/doc/Documentation/filesystems/vfat.txt
I'm trying to edit the httpd.conf file located in /private/etc/apache2, and I can't figure out how to get permission to write
I've done
$ cd /private/etc/apache2
$ sudo chown bdh httpd.conf
$ ls -lash
0 drwxr-xr-x 13 root wheel 442B Jun 7 00:11 .
0 drwxr-xr-x 93 root wheel 3.1K Jun 26 10:51 ..
0 drwxr-xr-x 13 root wheel 442B Jan 3 16:26 extra
24 -r--r--r-- 1 bdh wheel 24K Jun 7 00:11 httpd.conf
...etc...
$ vim httpd.conf
and it says "httpd.conf" [readonly] 677L, 24330C
tried cping to the desktop, but I cant get permission to edit it there either
I'm pretty new to using the terminal, is there some other command I can use?
It is normally unnecessary and undesirable to alter access permissions to edit a file. To edit a file that requires administrator (or other user) privileges without altering the access permissions, use:
sudo -e /private/etc/apache2
Sudo's -e option tells it you want to edit the given file.
This command copies the file and makes it writable by you, tells the editor specified with the SUDO_EDITOR, VISUAL or EDITOR environment variables (they're checked in that order) to edit the file, and when the editor exits, the file is copied back to the original without altering its access permissions.
See the sudo man page for details: x-man-page://8/sudo
The chmod command is what you're looking for I believe: http://en.wikipedia.org/wiki/Chmod
chmod 777 will let anyone read, write or execute for instance.
As richardhsu correctly added, 744 is RWX, R--,R-- and thats probably what you want.