HPE Community
Operating System - HP-UX
1753449 Members
6589 Online
108794 Solutions
New Discussion юеВ

Re: sudoers file 0644 not 0440

 
Bob Manocchia
Regular Advisor

тАО05-12-2010 05:51 AM

тАО05-12-2010 05:51 AM

sudoers file 0644 not 0440

I have an itanium server running 11i V2. I have given my user the ability to unlock the root account using /usr/lbin/modprpw. When I run sudo /usr/lbin/modprpw -lk root I get the following error
sudo: /opt/iexpress/sudo/etc/sudoers is mode 0644, should be 0440

Any ideas.
0 Kudos
4 REPLIES 4
Jeff_Traigle
Honored Contributor

тАО05-12-2010 05:53 AM

тАО05-12-2010 05:53 AM

Re: sudoers file 0644 not 0440

Just like it states. When the sudoers file was put in place its mode was set to 0644 (rw-r--r-- permissions). chmod 440 /opt/iexpress/sudo/etc/sudoers will fix it, making permissions r--r-----.
--
Jeff Traigle
0 Kudos
Bob Manocchia
Regular Advisor

тАО05-12-2010 05:56 AM

тАО05-12-2010 05:56 AM

Re: sudoers file 0644 not 0440

I have tried that but when I run visudo and change that file it reverts back to 0644. The problem is the root user is disabled and I need to unlock it but cannot due to this problem.
0 Kudos
John Guster
Trusted Contributor

тАО05-12-2010 07:28 AM

тАО05-12-2010 07:28 AM

Re: sudoers file 0644 not 0440

How did you change the permission to 0440, as root or a regular user? It has to be root I guess. If you can do thing as root, I don't see there is any issue to change back to 0440 after visudo but before modprpw. There maybe some bug in the sudo.
0 Kudos
Bob Manocchia
Regular Advisor

тАО05-12-2010 07:33 AM

тАО05-12-2010 07:33 AM

Re: sudoers file 0644 not 0440

I did this on another server running HPUX11i V2. I found a way around the problem of the disabled root account. I restored the file /tcb/files/auth/r/root from yesterday and the root account is not disabled anymore. I then changed the sudoers file to ownership bin:bin and 0440. Not the command work fine.

Thanks
0 Kudos
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.