Everytime I run a sudo command, I get the following error message:
/etc/sudoers: syntax error near line 1 <<<
sudo: parse error in /etc/sudoers near line 1
sudo: no valid sudoers sources found, quitting
sudo: unable to initialize policy plugin
My sudoers file within /etc/ is empty. How do I resolve this issue? I'm on Mac OS High Sierra
You could try this link to grab some sudoer file examples. Re-create your sudoers file using the visudo command
http://www.softpanorama.org/Access_control/Sudo/sudoer_file_examples.shtml
In case the link breaks, here is a "default" sudoer file that is described on that page:
# Sample /etc/sudoers file.
#
# This file MUST be edited with the 'visudo' command as root.
#
# See the sudoers man page for the details on how to write a sudoers file.
#
##
# User alias specification
##
User_Alias FULLTIMERS = millert, mikef, dowdy
User_Alias PARTTIMERS = bostley, jwfox, crawl
User_Alias WEBMASTERS = will, wendy, wim
##
# Runas alias specification
##
Runas_Alias OP = root, operator
Runas_Alias DB = oracle, sybase
##
# Host alias specification
##
Host_Alias SPARC = bigtime, eclipse, moet, anchor:\
SGI = grolsch, dandelion, black:\
ALPHA = widget, thalamus, foobar:\
HPPA = boa, nag, python
Host_Alias CUNETS = 128.138.0.0/255.255.0.0
Host_Alias CSNETS = 128.138.243.0, 128.138.204.0/24, 128.138.242.0
Host_Alias SERVERS = master, mail, www, ns
Host_Alias CDROM = orion, perseus, hercules
##
# Cmnd alias specification
##
Cmnd_Alias DUMPS = /usr/sbin/dump, /usr/sbin/rdump, /usr/sbin/restore, \
/usr/sbin/rrestore, /usr/bin/mt
Cmnd_Alias KILL = /usr/bin/kill
Cmnd_Alias PRINTING = /usr/sbin/lpc, /usr/bin/lprm
Cmnd_Alias SHUTDOWN = /usr/sbin/shutdown
Cmnd_Alias HALT = /usr/sbin/halt
Cmnd_Alias REBOOT = /usr/sbin/reboot
Cmnd_Alias SHELLS = /sbin/sh, /usr/bin/sh, /usr/bin/csh, /usr/bin/ksh, \
/usr/local/bin/tcsh, /usr/bin/rsh, \
/usr/local/bin/zsh
Cmnd_Alias SU = /usr/bin/su
Cmnd_Alias VIPW = /usr/sbin/vipw, /usr/bin/passwd, /usr/bin/chsh, \
/usr/bin/chfn
##
# Override built-in defaults
##
Defaults syslog=auth
Defaults>root !set_logname
Defaults:FULLTIMERS !lecture
Defaults:millert !authenticate
Defaults#SERVERS log_year, logfile=/var/log/sudo.log
##
# User specification
##
# root and users in group wheel can run anything on any machine as any user
root ALL = (ALL) ALL
%wheel ALL = (ALL) ALL
# full time sysadmins can run anything on any machine without a password
FULLTIMERS ALL = NOPASSWD: ALL
# part time sysadmins may run anything but need a password
PARTTIMERS ALL = ALL
# jack may run anything on machines in CSNETS
jack CSNETS = ALL
# lisa may run any command on any host in CUNETS (a class B network)
lisa CUNETS = ALL
# operator may run maintenance commands and anything in /usr/oper/bin/
operator ALL = DUMPS, KILL, SHUTDOWN, HALT, REBOOT, PRINTING,\
sudoedit /etc/printcap, /usr/oper/bin/
# joe may su only to operator
joe ALL = /usr/bin/su operator
# pete may change passwords for anyone but root on the hp snakes
pete HPPA = /usr/bin/passwd [A-z]*, !/usr/bin/passwd root
# bob may run anything on the sparc and sgi machines as any user
# listed in the Runas_Alias "OP" (ie: root and operator)
bob SPARC = (OP) ALL : SGI = (OP) ALL
# jim may run anything on machines in the biglab netgroup
jim +biglab = ALL
# users in the secretaries netgroup need to help manage the printers
# as well as add and remove users
+secretaries ALL = PRINTING, /usr/bin/adduser, /usr/bin/rmuser
# fred can run commands as oracle or sybase without a password
fred ALL = (DB) NOPASSWD: ALL
# on the alphas, john may su to anyone but root and flags are not allowed
john ALPHA = /usr/bin/su [!-]*, !/usr/bin/su *root*
# jen can run anything on all machines except the ones
# in the "SERVERS" Host_Alias
jen ALL, !SERVERS = ALL
# jill can run any commands in the directory /usr/bin/, except for
# those in the SU and SHELLS aliases.
jill SERVERS = /usr/bin/, !SU, !SHELLS
# steve can run any command in the directory /usr/local/op_commands/
# as user operator.
steve CSNETS = (operator) /usr/local/op_commands/
# matt needs to be able to kill things on his workstation when
# they get hung.
matt valkyrie = KILL
# users in the WEBMASTERS User_Alias (will, wendy, and wim)
# may run any command as user www (which owns the web pages)
# or simply su to www.
WEBMASTERS www = (www) ALL, (root) /usr/bin/su www
# anyone can mount/unmount a cd-rom on the machines in the CDROM alias
ALL CDROM = NOPASSWD: /sbin/umount /CDROM,\
/sbin/mount -o nosuid\,nodev /dev/cd0a /CDROM
Never open sudoer file with a normal editor. always use visudo
just type
sudo visudo
this will take you to /etc/sudoers and upon saving it will make sure that there is no error in formatting.
if you make an error in sudoer file, you will lose sudo access, so always use visudo
You can use pkexec if you are stuck.
pkexec allows you to execute program as another user. If you don't specify a user then the program will be executed as root
Root Escalation
pkexec bash
Fix your syntax error
visudo
Ubuntu 20.04 encounter this error upon "sudo anycommand"
/etc/sudoers.d/sudoers: too many levels of includes near line 29 <<<
sudo: parse error in /etc/sudoers.d/sudoers near line 29
sudo: no valid sudoers sources found, quitting
sudo: unable to initialize policy plugin
My solution:
Though not know how the sudoers file created in /etc/sudoers.d.
After reading README in /etc/sudoers.d,
Extract of README
Note that there must be at least one file in the sudoers.d directory (this one will do), and all files in this directory should be mode 0440.
Removed the sudoers in /etc/sudoers.d
pkexec rm /etc/sudoers.d/sudoers
System will prompt for user password.
Can execute sudo command as usual.
I'm using proftpd server with below dir structure:
main www dir:
/home/www
also there are some symbolic links to that main dir:
/home/john -> linked to /home/www
/home/mark -> linked to /home/www
etc.
When one of that users upload of new file he is the owner of that file but I need to change ownership and permissions for default 0755 and www:www
Of couse all users are in the same group www but sometimes user upload file with to low permissions so no one from group can change/remove the file from ftp.
Is there any way to do it automatically?
I am using Samba 3.6.6 on Debian Wheezy.
I want to be able to change www files on my dev server using my macbook.
So I setup samba and made a share for the /var/www directory.
I added the users bart & root to samba to connect. And connect using command K and then smb://192.168.2.100 (my samba server).
As apache uses www-data as a user and group for the www files I use force user and force group in samba to prevent errors in the rights.
However it does force the group www-data, but doesn't force the user. Every file I create is being owned by root in the group www-data.
To seek for errors I tailed the logs in /var/log/samba and only found an error in the log.smbd when restarting the samba service. See the log here:
smbd version 3.6.6 started.
Copyright Andrew Tridgell and the Samba Team 1992-2011
[2013/09/23 11:14:22.601031, 0] printing/print_cups.c:110(cups_connect)
Unable to connect to CUPS server localhost:631 - Connection refused
[2013/09/23 11:14:22.602215, 0] printing/print_cups.c:487(cups_async_callback)
failed to retrieve printer list: NT_STATUS_UNSUCCESSFUL
And here is my smb.conf:
[global]
server string = %h server
map to guest = Bad User
obey pam restrictions = Yes
pam password change = Yes
passwd program = /usr/bin/passwd %u
passwd chat = *Enter\snew\s*\spassword:* %n\n *Retype\snew\s*\spassword:* %n\n *password\supdated\ssuccessfully* .
unix password sync = Yes
syslog = 0
log file = /var/log/samba/log.%m
max log size = 1000
dns proxy = No
usershare allow guests = Yes
panic action = /usr/share/samba/panic-action %d
idmap config * : backend = tdb
[homes]
comment = Home Directories
valid users = %S
create mask = 0700
directory mask = 0700
browseable = No
[printers]
comment = All Printers
path = /var/spool/samba
create mask = 0700
printable = Yes
print ok = Yes
browseable = No
[print$]
comment = Printer Drivers
path = /var/lib/samba/printers
[www]
comment = www
path = /var/www/
valid users = bart, root
admin users = bart, root
write list = bart, root
force user = www-data
force group = www-data
read only = No
I even tried adding www-data to the valid users as well as the admin users and the write list. This of course did not have any effect.
Can you help me out? Thanks in advance!
With a little help from someone else who said:
"I think that in this case the option admin users overrides the option force user."
I removed the admin users and my issue was solved!
Can someone explain what I am getting an access denied message when I try accessing the folders via Windows 8
[global]
workgroup = WORKGROUP
usershare allow guests = yes
security=share
#security=user
follow symlinks = yes
wide links = no
unix extensions = no
lock directory = /var/cache/samba
realm = localdomain
server role = domain controller
[pi]
browsable = yes
read only = no
guest ok = yes
path = /home/pi
#force user = pi (no longer needed)
[devices]
browsable = yes
guest ok = yes
writable = yes
path = /media
[Toshiba HDD]
browsable = yes
guest ok = yes
writable = yes
path = /ToshibaHDD
That may depend on the directory and file rights. If the us who runs smb have no access rights, you can't read or write files. You can find out file permissions with ls -la you will also see owner and owner group.
You can try to set read and write permissions for all (chmod 777 directory -R). If this was the problem, then you should give read and write permissions only to the user that runs smb. Set permissions for all back to 0 (770) because of security reasons.
Here you find a tutorial on set up samba for Rasapberry Pi.
I am currently running Cygwin on a target Windows Server 2003 machine to fire off a shell script that, among other things, creates a bunch of files on disc. However after the files are created I no longer have permissions to manipulate them through Windows.
When the files are created the owner is getting set to 'SYSTEM' and the permissions for Administrators/Creator Group/Creator Owner/system are set to only 'special permissions' and nothing else.
The permissions for Everyone and Users have Read & Execute, List folder contents and Read.
My problem is that I cannot delete/modify the files now through Windows. I would prefer to have something built into my scripts (either the shell script or something to call in Cygwin) that would allow Administrators full control on the folder and all contents.
My current workaround has been to either do file modifications through Cygwin but this is not preferable. I have also used setfacl -r -m default:other:rwx to add write permissions for the 'Users' group but it doesn't appear to have a recursive option and still doesn't give 'full control'
Is there a better way to use setfacl? Can I call the shell script using different/elevated permissions?
Results of getfacl on a newly created directory:
$ getfacl Directory/
# file: Directory/
# owner: SYSTEM
# group: root
user::rwx
group::r-x
group:Users:rwx
mask:rwx
other:r-x
default:user::rwx
default:group::r-x
default:group:Users:rwx
default:mask:rwx
default:other:r-x
You can try setting umask:
umask u=rwx,g=rwx,o=rwx
That should give user, group, and other read/write/execute on any newly created dirs.
If you only want the modified umask permanently, you can add it to your .bash_profile
Edit - Added example of mkdir before/after umask.
Here's the output of getfacl on a directory created before I set umask:
[/cygdrive/c/Documents and Settings/NOYB/Desktop]
==> getfacl test_wo_umask/
# file: test_wo_umask/
# owner: NOYB
# group: Domain Users
user::rwx
group::r-x
group:root:rwx
group:SYSTEM:rwx
mask:rwx
other:r-x
default:user::rwx
default:user:NOYB:rwx
default:group::r-x
default:group:root:rwx
default:group:SYSTEM:rwx
default:mask:rwx
default:other:r-x
Here's the output of getfacl on a directory created after I set umask:
[/cygdrive/c/Documents and Settings/NOYB/Desktop]
==> getfacl test_w_umask/
# file: test_w_umask/
# owner: NOYB
# group: Domain Users
user::rwx
group::rwx
group:root:rwx
group:SYSTEM:rwx
mask:rwx
other:rwx
default:user::rwx
default:user:NOYB:rwx
default:group::rwx
default:group:root:rwx
default:group:SYSTEM:rwx
default:mask:rwx
default:other:rwx