当在终端输入sudo XXXX 显示如下信息
sudo: /etc/sudo.conf is world writable
sudo: /etc/sudo.conf is world writable
sudo: error in /etc/sudo.conf, line 0 while loading plugin "sudoers_policy"
sudo: /usr/lib/sudo/sudoers.so must be only be writable by owner
sudo: fatal error, unable to load plugins
这是因为sudo相关的权限被改变了,接下来输入下面命令
chmod 644 /usr/lib/sudo/sudoers.so
chmod 644 /usr/lib/sudo/sudo_noexec.so
再次输入sudo命令,会显示如下信息
sudo: /etc/sudo.conf is world writable
sudo: /etc/sudo.conf is world writable
sudo: /etc/sudoers.d is world writable
usage: sudo -h | -K | -k | -V
usage: sudo -v [-AknS] [-g group] [-h host] [-p prompt] [-u user]
usage: sudo -l [-AknS] [-g group] [-h host] [-p prompt] [-U user] [-u user]
[command]
usage: sudo [-AbEHknPS] [-r role] [-t type] [-C num] [-D directory] [-g group]
[-h host] [-p prompt] [-R directory] [-T timeout] [-u user]
[VAR=value] [-i|-s] [<command>]
usage: sudo -e [-AknS] [-r role] [-t type] [-C num] [-D directory] [-g group]
[-h host] [-p prompt] [-R directory] [-T timeout] [-u user] file ...
此时,可以看到sudo可以使用了,但是有几个警告看起来很烦人,我们一个一个消除
首先消除sudo: /etc/sudo.conf is world writable这个信息查看此文件权限信息,输入
ls -l /etc/sudo.conf
显示信息如下
-rwxrwxrwx 1 root root 3975 Jun 22 2021 /etc/sudo.conf
可以看到权限为-rwxrwxrwx,而正确的权限应该为-r–r-----
在终端输入
chmod 0440 /etc/sudo.conf
执行完成后再次输入sudo,回显如下
sudo: /etc/sudoers.d is world writable
usage: sudo -h | -K | -k | -V
usage: sudo -v [-AknS] [-g group] [-h host] [-p prompt] [-u user]
usage: sudo -l [-AknS] [-g group] [-h host] [-p prompt] [-U user] [-u user]
[command]
usage: sudo [-AbEHknPS] [-r role] [-t type] [-C num] [-D directory] [-g group]
[-h host] [-p prompt] [-R directory] [-T timeout] [-u user]
[VAR=value] [-i|-s] [<command>]
usage: sudo -e [-AknS] [-r role] [-t type] [-C num] [-D directory] [-g group]
[-h host] [-p prompt] [-R directory] [-T timeout] [-u user] file ...
照猫画虎,执行
chmod 0440 /etc/sudoers.d
再次sudo测试,此时还剩下一个提示,如下
sudo: /etc/sudoers.d/README is world writable
usage: sudo -h | -K | -k | -V
usage: sudo -v [-AknS] [-g group] [-h host] [-p prompt] [-u user]
usage: sudo -l [-AknS] [-g group] [-h host] [-p prompt] [-U user] [-u user]
[command]
usage: sudo [-AbEHknPS] [-r role] [-t type] [-C num] [-D directory] [-g group]
[-h host] [-p prompt] [-R directory] [-T timeout] [-u user]
[VAR=value] [-i|-s] [<command>]
usage: sudo -e [-AknS] [-r role] [-t type] [-C num] [-D directory] [-g group]
[-h host] [-p prompt] [-R directory] [-T timeout] [-u user] file ...
再来一次,输入
chmod 0440 /etc/sudoers.d/README
再次输入sudo,显示
usage: sudo -h | -K | -k | -V
usage: sudo -v [-AknS] [-g group] [-h host] [-p prompt] [-u user]
usage: sudo -l [-AknS] [-g group] [-h host] [-p prompt] [-U user] [-u user]
[command]
usage: sudo [-AbEHknPS] [-r role] [-t type] [-C num] [-D directory] [-g group]
[-h host] [-p prompt] [-R directory] [-T timeout] [-u user]
[VAR=value] [-i|-s] [<command>]
usage: sudo -e [-AknS] [-r role] [-t type] [-C num] [-D directory] [-g group]
[-h host] [-p prompt] [-R directory] [-T timeout] [-u user] file ...
终于清静了