sudo problem

when i execute sudo syscheck ,
i get the following:

sudo: /etc/sudoers is world writable
sudo: no valid sudoers sources found, quitting
sudo: unable to initialize policy plugin

tried resolving using bash pkexec: pkexec: command not found

not able to install policy kit , i get error as below:

debian@beaglebone:/etc$ apt-get install -y policykit-1-gnome.
E: Could not open lock file /var/lib/dpkg/lock-frontend - open (13: Permission denied)
E: Unable to acquire the dpkg frontend lock (/var/lib/dpkg/lock-frontend), are you root?

kindly help. very urgent.

Looks like you posted this twice.

Did you make a change to your sudoers file? If not, then have you tried changing to root via “sudo su -” ?

As far as the install issue, you need to run that with sudo when running as the debian user:
Ex:
sudo apt-get install -y policykit-1-gnome

Cheers,

Jon

Hi,

i tried the command

debian@beaglebone:/etc$ sudo apt-get install -y policykit-1-gnome
sudo: /etc/sudoers is world writable
sudo: no valid sudoers sources found, quitting
sudo: unable to initialize policy plugin

whats the soluion? should i copy the .img file again and reboot?

sudo: /etc/sudoers is world writable

This appears to be your basic problem. The file /etc/sudoers says which users are allowed to use sudo to perform system activities. However, the file is “world writable,” which means that anyone could go in there and add themselves to the list. So sudo is not allowing anybody to do system administration.

If you can figure out a way to change the permissions on that file, you should be in an improved position. You might try booting from an SD card and changing the permission on the copy of /etc/sudoers that’s on the MMC, or if you’re already booting from an SD card, you might be able to put that card in a different Linux computer and change the permissions from there.

Can you post the output of “ls -l /etc”? That might help (especially the line for sudoers, but maybe there are widespread permission problems in /etc?)

hi,

debian@beaglebone:/etc$ visudo sudoers
visudo: sudoers: Permission denied
debian@beaglebone:/etc$ ls -l
total 940
-rwxrwxrwx 1 root root 2987 Apr 6 10:29 adduser.conf
drwxrwxrwx 3 root root 4096 Jul 16 15:05 alsa
drwxrwxrwx 2 root root 4096 Jun 25 17:53 alternatives
drwxrwxrwx 3 root root 4096 Apr 6 10:24 apache2
drwxrwxrwx 3 root root 4096 Apr 6 10:28 apparmor.d
drwxrwxrwx 3 root root 4096 Apr 6 10:16 apport
drwxrwxrwx 7 root root 4096 Apr 6 10:30 apt
-rwxrwxrwx 1 root root 1127 Apr 6 10:29 asound.conf
drwxrwxrwx 3 root root 4096 Apr 6 10:18 avahi
-rwxrwxrwx 1 root root 1994 Apr 18 2019 bash.bashrc
-rwxrwxrwx 1 root root 45 Feb 11 2019 bash_completion
drwxrwxrwx 2 root root 4096 Jun 19 17:01 bash_completion.d
-rwxrwxrwx 1 root root 0 Jul 22 18:33 bb-bbai-tether.dnsmasq.enable
-rwxrwxrwx 1 root root 367 Mar 2 2018 bindresvport.blacklist
drwxrwxrwx 2 root root 4096 Jan 29 18:07 binfmt.d
drwxrwxrwx 2 root root 4096 Apr 6 10:19 bluetooth
drwxrwxrwx 3 root root 4096 Apr 6 10:16 ca-certificates
-rwxrwxrwx 1 root root 6151 Jun 19 17:01 ca-certificates.conf
-rwxrwxrwx 1 root root 5713 Apr 6 10:17 ca-certificates.conf.dpkg-old
drwxrwxrwx 2 root root 4096 Apr 6 10:17 calendar
drwxrwxrwx 2 root root 4096 Apr 6 10:24 connman
-rwxrwxrwx 1 root root 18 Apr 6 10:18 cpsw_0_mac
-rwxrwxrwx 1 root root 18 Jul 22 18:33 cpsw_1_mac
-rwxrwxrwx 1 root root 18 Jul 22 18:33 cpsw_2_mac
-rwxrwxrwx 1 root root 18 Jul 22 18:33 cpsw_3_mac
-rwxrwxrwx 1 root root 18 Jul 22 18:33 cpsw_4_mac
-rwxrwxrwx 1 root root 18 Jul 22 18:33 cpsw_5_mac
drwxrwxrwx 2 root root 4096 Apr 6 10:17 cron.d
drwxrwxrwx 2 root root 4096 Jun 19 16:56 cron.daily
drwxrwxrwx 2 root root 4096 Apr 6 10:17 cron.hourly
drwxrwxrwx 2 root root 4096 Apr 6 10:17 cron.monthly
-rwxrwxrwx 1 root root 1042 Oct 11 2019 crontab
drwxrwxrwx 2 root root 4096 Apr 6 10:28 cron.weekly
drwxrwxrwx 4 root root 4096 Apr 6 10:16 dbus-1
-rwxrwxrwx 1 root root 2969 Feb 26 2019 debconf.conf
-rwxrwxrwx 1 root root 5 May 2 10:00 debian_version
drwxrwxrwx 2 root root 4096 Jul 21 16:12 default
-rwxrwxrwx 1 root root 604 Jun 26 2016 deluser.conf
drwxrwxrwx 4 root root 4096 Apr 6 10:17 dhcp
-rwxrwxrwx 1 root root 27381 Sep 17 2018 dnsmasq.conf
drwxrwxrwx 2 root root 4096 Apr 6 10:18 dnsmasq.d
-rwxrwxrwx 1 root root 56 Apr 6 10:18 dogtag
drwxrwxrwx 4 root root 4096 Apr 6 10:18 dpkg
-rwxrwxrwx 1 root root 34 Apr 6 10:29 e2fsck.conf
drwxrwxrwx 3 root root 4096 Apr 6 10:16 emacs
-rwxrwxrwx 1 root root 0 Apr 6 10:13 environment
drwxrwxrwx 2 root root 4096 Apr 6 10:28 environment.d
-rwxrwxrwx 1 root root 20 Jul 22 18:32 fake-hwclock.data
drwxrwxrwx 4 root root 4096 Apr 6 10:17 fonts
-rwxrwxrwx 1 root root 236 Apr 6 14:04 fstab
-rwxrwxrwx 1 root root 2584 Aug 1 2018 gai.conf
drwxrwxrwx 3 root root 4096 Apr 6 10:24 ghostscript
drwxrwxrwx 3 root root 4096 Jun 25 17:13 glvnd
drwxrwxrwx 2 root root 4096 Apr 6 10:28 groff
-rw-rw-r-- 1 root root 1106 Jul 22 19:10 group
-rw-rw-r-- 1 root root 1100 Apr 6 10:17 group-
-rw-rw-r-- 1 root shadow 938 Jul 22 19:10 gshadow
-rw-rw-r-- 1 root shadow 932 Apr 6 10:17 gshadow-
drwxrwxrwx 3 root root 4096 Apr 6 10:16 gss
drwxrwxrwx 2 root root 4096 Jul 10 18:16 gtk-2.0
drwxrwxrwx 2 root root 4096 Apr 6 10:28 gtk-3.0
drwxrwxrwx 2 root root 4096 Jun 19 17:00 hostapd
-rwxrwxrwx 1 root root 9 Aug 7 2006 host.conf
-rwxrwxrwx 1 root root 11 Apr 6 14:04 hostname
-rwxrwxrwx 1 root root 213 Apr 6 14:04 hosts
-rwxrwxrwx 1 root root 436 Jul 21 23:08 hosts.allow
-rwxrwxrwx 1 root root 711 Apr 6 10:17 hosts.deny
drwxrwxrwx 3 root root 4096 Apr 6 10:17 ifplugd
drwxrwxrwx 2 root root 4096 Jul 21 16:12 init.d
drwxrwxrwx 5 root root 4096 Apr 6 10:17 initramfs-tools
-rwxrwxrwx 1 root root 1748 May 5 2018 inputrc
drwxrwxrwx 2 root root 4096 Apr 6 10:18 insserv.conf.d
drwxrwxrwx 4 root root 4096 Apr 6 10:17 iproute2
-rwxrwxrwx 1 root root 194 Apr 6 10:29 issue
-rwxrwxrwx 1 root root 188 Apr 6 10:29 issue.net
drwxrwxrwx 7 root root 4096 Apr 6 10:26 kernel
drwxrwxrwx 2 root root 4096 Jun 19 17:00 ldap
-rw-r–r-- 1 root root 130229 Jul 22 18:23 ld.so.cache
-rwxrwxrwx 1 root root 34 Mar 2 2018 ld.so.conf
drwxrwxrwx 2 root root 4096 Jun 25 17:53 ld.so.conf.d
-rwxrwxrwx 1 root root 191 Apr 25 2019 libaudit.conf
drwxrwxrwx 2 root root 4096 Apr 6 10:27 libibverbs.d
drwxrwxrwx 2 root root 4096 Apr 6 10:17 libnl-3
drwxrwxrwx 4 root root 4096 Apr 6 10:27 lighttpd
-rwxrwxrwx 1 root root 2995 May 1 2019 locale.alias
-rwxrwxrwx 1 root root 9356 Apr 6 10:29 locale.gen
lrwxrwxrwx 1 root root 27 Jun 19 17:00 localtime → /usr/share/zoneinfo/Etc/UTC
drwxrwxrwx 3 root root 4096 Apr 6 10:16 logcheck
-rwxrwxrwx 1 root root 10477 Jul 27 2018 login.defs
-rwxrwxrwx 1 root root 435 Aug 22 2018 logrotate.conf
drwxrwxrwx 2 root root 4096 Jul 21 16:12 logrotate.d
-rwxrwxrwx 1 root root 33 Apr 6 10:18 machine-id
-rwxrwxrwx 1 root root 111 Oct 22 2019 magic
-rwxrwxrwx 1 root root 111 Oct 22 2019 magic.mime
-rwxrwxrwx 1 root root 3332 Apr 6 10:28 mailcap
-rwxrwxrwx 1 root root 449 Feb 9 2019 mailcap.order
-rwxrwxrwx 1 root root 5174 Feb 10 2019 manpath.config
-rwxrwxrwx 1 root root 24512 Feb 9 2019 mime.types
-rwxrwxrwx 1 root root 812 Jan 10 2020 mke2fs.conf
drwxrwxrwx 2 root root 4096 Jun 19 17:00 modprobe.d
-rwxrwxrwx 1 root root 195 Apr 6 10:17 modules
drwxrwxrwx 2 root root 4096 Jun 19 16:56 modules-load.d
-rwxrwxrwx 1 root root 286 Feb 1 17:09 motd
lrwxrwxrwx 1 root root 19 Apr 6 10:17 mtab → …/proc/self/mounts
drwxrwxrwx 4 root root 4096 Apr 6 10:27 mysql
-rwxrwxrwx 1 root root 9278 Jun 12 2019 nanorc
drwxrwxrwx 7 root root 4096 Jul 21 20:14 network
-rwxrwxrwx 1 root root 60 Apr 6 10:17 networks
drwxrwxrwx 8 root root 4096 Apr 6 10:17 nginx
-rwxrwxrwx 1 root root 542 Apr 6 10:27 nsswitch.conf
drwxrwxrwx 2 root root 4096 May 9 2018 ODBCDataSources
-rwxrwxrwx 1 root root 0 May 9 2018 odbc.ini
drwxrwxrwx 3 root root 4096 Apr 6 10:26 OpenCL
drwxrwxrwx 2 root root 4096 Apr 6 10:28 openmpi
drwxrwxrwx 2 root root 4096 Apr 6 10:13 opt
lrwxrwxrwx 1 root root 21 May 2 16:39 os-release → …/usr/lib/os-release
-rwxrwxrwx 1 root root 552 Feb 14 2019 pam.conf
drwxrwxrwx 2 root root 4096 Jul 22 18:23 pam.d
-rwxrwxrwx 1 root root 1600 Apr 6 10:17 passwd
-rwxrwxrwx 1 root root 1533 Apr 6 10:29 passwd-
drwxrwxrwx 4 root root 4096 Apr 6 10:16 perl
-rwxrwxrwx 1 root root 57 Apr 6 10:29 pip.conf
drwxr-xr-x 5 root root 4096 Jul 22 18:23 polkit-1
-rwxrwxrwx 1 root root 799 Apr 6 10:29 profile
drwxrwxrwx 2 root root 4096 Apr 6 10:27 profile.d
-rwxrwxrwx 1 root root 2932 Feb 10 2019 protocols
drwxrwxrwx 2 root root 4096 Apr 6 10:18 python
drwxrwxrwx 2 root root 4096 Apr 6 10:15 python2.7
drwxrwxrwx 2 root root 4096 Apr 6 10:17 python3
drwxrwxrwx 2 root root 4096 Apr 6 10:15 python3.7
drwxrwxrwx 2 root root 4096 Apr 6 10:28 rc0.d
drwxrwxrwx 2 root root 4096 Jul 21 16:12 rc1.d
drwxrwxrwx 2 root root 4096 Apr 6 10:29 rc2.d
drwxrwxrwx 2 root root 4096 Apr 6 10:29 rc3.d
drwxrwxrwx 2 root root 4096 Apr 6 10:29 rc4.d
drwxrwxrwx 2 root root 4096 Apr 6 10:29 rc5.d
drwxrwxrwx 2 root root 4096 Apr 6 10:28 rc6.d
-rwxrwxrwx 1 root root 126 Apr 6 10:18 rcn-ee.conf
drwxrwxrwx 2 root root 4096 Jul 21 16:12 rcS.d
lrwxrwxrwx 1 root root 24 Apr 6 10:30 resolv.conf → /run/connman/resolv.conf
drwxrwxrwx 4 root root 4096 Apr 6 10:16 resolvconf
lrwxrwxrwx 1 root root 13 Apr 23 2019 rmt → /usr/sbin/rmt
drwxrwxrwx 2 root root 4096 Mar 27 2019 robotcontrol
-rwxrwxrwx 1 root root 887 Feb 10 2019 rpc
-rwxrwxrwx 1 root root 1988 Feb 26 2019 rsyslog.conf
drwxrwxrwx 2 root root 4096 Jul 21 16:12 rsyslog.d
-rwxrwxrwx 1 root root 3663 Jun 9 2015 screenrc
-rwxrwxrwx 1 root root 4173 Apr 6 10:29 securetty
drwxrwxrwx 4 root root 4096 Apr 6 10:13 security
drwxrwxrwx 2 root root 4096 Apr 6 10:13 selinux
-rwxrwxrwx 1 root root 10593 Dec 19 2018 sensors3.conf
drwxrwxrwx 2 root root 4096 Apr 6 10:27 sensors.d
-rwxrwxrwx 1 root root 18774 Feb 10 2019 services
-rwxrwxrwx 1 root shadow 934 Apr 6 10:17 shadow
-rwxrwxrwx 1 root shadow 902 Apr 6 10:29 shadow-
-rwxrwxrwx 1 root root 103 Apr 6 10:17 shells
drwxrwxrwx 2 root root 4096 Apr 6 10:13 skel
drwxrwxrwx 2 root root 4096 Jul 21 23:18 ssh
drwxrwxrwx 4 root root 4096 Jun 19 17:00 ssl
-rwxrwxrwx 1 root root 20 Apr 6 10:29 subgid
-rwxrwxrwx 1 root root 0 Apr 6 10:13 subgid-
-rwxrwxrwx 1 root root 20 Apr 6 10:29 subuid
-rwxrwxrwx 1 root root 0 Apr 6 10:13 subuid-
-r-xr-xr-x 1 root root 692 Jul 22 19:14 sudoers
-r–r----- 1 debian debian 0 Jul 22 05:30 sudoers.c
drwxrwxrwx 2 root root 4096 Jul 22 16:22 sudoers.d
-rwxrwxrwx 1 root root 2351 May 31 2018 sysctl.conf
drwxrwxrwx 2 root root 4096 Jun 19 16:56 sysctl.d
drwxrwxrwx 5 root root 4096 Jun 19 16:56 systemd
drwxrwxrwx 2 root root 4096 Apr 6 10:13 terminfo
drwxrwxrwx 2 root root 4096 Apr 6 10:28 ti-mctd
-rwxrwxrwx 1 root root 13 Apr 6 10:18 timestamp
-rwxrwxrwx 1 root root 8 Jun 19 17:00 timezone
drwxrwxrwx 2 root root 4096 Apr 6 10:17 tmpfiles.d
-rwxrwxrwx 1 root root 1260 Dec 14 2018 ucf.conf
drwxrwxrwx 4 root root 4096 Jun 19 17:00 udev
drwxrwxrwx 3 root root 4096 Jul 21 16:12 ufw
drwxrwxrwx 2 root root 4096 Jun 19 16:56 update-motd.d
-rwxrwxrwx 1 root root 1523 Feb 23 2018 usb_modeswitch.conf
drwxrwxrwx 2 root root 4096 Feb 23 2018 usb_modeswitch.d
-rwxrwxrwx 1 root root 51 Jan 20 2019 vdpau_wrapper.cfg
drwxrwxrwx 2 root root 4096 Apr 6 10:17 vim
-rwxrwxrwx 1 root root 4942 Apr 5 2019 wgetrc
drwxrwxrwx 2 root root 4096 Jun 19 17:00 wpa_supplicant
drwxrwxrwx 6 root root 4096 Apr 6 10:29 X11
-rwxrwxrwx 1 root root 642 Mar 1 2019 xattr.conf
drwxrwxrwx 4 root root 4096 Apr 6 10:24 xdg

You have a lot of permission problems in /etc…it looks like /etc/sudoers doesn’t have write permission set (despite the error message) but far too many of the other files and directories are 0777 (rwxrwxrwx). Perhaps /etc is also 0777, which I guess would be another reason for the error message.

Even if you’re able to fix the sudo problem, you’ll probably have other persistent trouble until you fix the rest of the permissions. Do you have any idea how this could have happened? (Were you adjusting permissions of some other file, and accidentally got all of /etc?)

If you don’t have a lot of customization and precious data on the system, the easiest thing would be to re-flash the OS and start over. I don’t know of a way to check and set permissions correctly over a whole system, other than maybe setting a fairly restrictive permission and then relaxing as problems come up.

Here’s some of my /etc:

user:~$ ls -al /etc
total 864
drwxr-xr-x 92 root root 4096 Jul 19 11:39 ./
drwxr-xr-x 21 root root 4096 Jul 16 18:52 …/
-rw-r–r-- 1 root root 2987 Apr 6 06:33 adduser.conf
drwxr-xr-x 3 root root 4096 Jul 15 13:52 alsa/
drwxr-xr-x 2 root root 4096 Jul 19 11:14 alternatives/
drwxr-xr-x 8 root root 4096 Jul 18 19:53 apache2/
[…]
-rw-r–r-- 1 root root 103 Apr 6 06:26 shells
drwxr-xr-x 2 root root 4096 Jul 16 19:10 skel/
drwxr-xr-x 2 root root 4096 Jul 15 13:43 ssh/
drwxr-xr-x 4 root root 4096 Jul 15 13:52 ssl/
-rw-r–r-- 1 root root 37 Jul 15 14:00 subgid
-rw-r–r-- 1 root root 20 Apr 6 06:33 subgid-
-rw-r–r-- 1 root root 37 Jul 15 14:00 subuid
-rw-r–r-- 1 root root 20 Apr 6 06:33 subuid-
-r–r----- 1 root root 669 Feb 1 23:41 sudoers
drwxr-xr-x 2 root root 4096 Apr 6 06:33 sudoers.d/
-rw-r–r-- 1 root root 2351 May 31 2018 sysctl.conf
drwxr-xr-x 2 root root 4096 Jul 15 13:47 sysctl.d/
drwxr-xr-x 5 root root 4096 Jul 15 13:47 systemd/

i wanted to login to BBAI through SSH from windows 10 using ethernet.
i had created a static ip and was able to ping this ip in windows.
but in power shell when i did → ssh debian@ip.address , it said connection refused
so i changed default port from 22 to 2222 .
it didnt work
then i was changing firewalll settings in BB , thats when this happened.

Wow, your system is hosed.. Someone made /etc/ word edible/etc...

debian@beaglebone:~$ sudo ls -lha /etc/adduser.conf
-rw-r--r-- 1 root root 3.0K Jul 21 21:48 /etc/adduser.conf
debian@beaglebone:~$ sudo ls -lha /etc/sudoers
-r--r----- 1 root root 669 Feb 2 07:41 /etc/sudoers

Re-Install..

Regards,

Whoever ran `chmod -R 777 /etc` on your BeagleBoard… send them on a Unix
Administration 101 course and ban them from use of your hardware until
they pass the exams.

Permissions are set a particular way for a reason. This isn't MS-DOS.

However it's doubtful if one wants or needs serious security on a BBB
which will probably only ever have one user. OK, the normal/default
permissions will prevent you (as a user) doing things that only root
(which presumably will be you, on purpose) should be able to do, by
mistake, but that's about all.

As a temporary fix

su root

Then

chmod 440 /etc/sudoers

exit

Try sudo again.

You just need to remove lock-frontend file for unlocking the installation of new module

kindly try this line:

sudo rm /var/lib/dpkg/lock-frontend

If it does not succeed, got to /var/lib/dpkg directory, and try manually removing all lock files as it would stop the new installation of packages of libraries.
Hope it helps.

Regards,
Sagar Patel

I would suspect this is of no help to the OP... They have a corrupted
file system and are unable to execute any "sudo" command, and hence will
not have privileges to remove any lock files.

Well, in some cases yes, you will be just running as a single user, you
might consider running everything you need as 'root', however this is
still not good practice and should not be encouraged.

I'd advise against doing so in any sort of production environment.

It's one of the overheads of a full-blown operating system, if you want
to skip the privilege separation, consider a RTOS.

Do a `ps ax | grep dpkg` to check nothing actually _is_ running before
doing that!

If it shows something other than `grep dpkg` as running at the time,
removing the lock file and running a second instance could make a mess
of your package database.

> However it's doubtful if one wants or needs serious security on a BBB
> which will probably only ever have one user. OK, the normal/default
> permissions will prevent you (as a user) doing things that only root
> (which presumably will be you, on purpose) should be able to do, by
> mistake, but that's about all.

Well, in some cases yes, you will be just running as a single user, you
might consider running everything you need as 'root', however this is
still not good practice and should not be encouraged.

No, I agree, I certainly don't do everything as root, as I said, apart
from anything else, it protects one to some extent from one's own
errors. That # prompt makes me check twice (or more!) before hitting
return. (I tend to do 'sudo -i' so I *do' get a # prompt).

I'd advise against doing so in any sort of production environment.

A home/domestic system is hardly a "production environment"! :slight_smile: