Sudo rule fails with error "/usr/libexec/sudoers.so must be only be writable by owner".

Solution Verified - Updated -

Environment

  • Red Hat Enterprise Linux 6
  • Red Hat Enterprise Linux 7

Issue

  • Why I am not able to list sudo rules? Listing sudo rules fails with error /usr/libexec/sudoers.so must be only be writable by owner.
[root@test]# sudo -l
sudo: /usr/libexec/sudoers.so must be only be writable by owner
sudo: fatal error, unable to load plugins
[root@test# ls -l /usr/libexec/sudoers.so
-rwxrwxrwx 1 root root 287688 Jan 23  2013 /usr/libexec/
  • Execution of sudo command fails with error sudo: /usr/libexec/sudo/sudoers.so must be only be writable by owner

Resolution

  • In Red Hat Enterprise Linux 6 check the permissions of /usr/libexec/sudoers.so and /usr/bin/sudo files and change them as :
# chmod 4111 /usr/bin/sudo
# chmod 644 /usr/libexec/sudoers.so
  • In Red Hat Enterprise Linux 7 check the permission of /usr/libexec/sudo/sudoers.so and change it as :
# chmod 644 /usr/libexec/sudo/sudoers.so

Root Cause

  • RHEL 6 Permission of /usr/libexec/sudoers.so and /usr/bin/sudo was changed.
  • RHEL 7 Permission of /usr/libexec/sudo/sudoers.so was changed.

Diagnostic Steps

  • Verify the permission,
RHEL 6 -

[root@rhel6 ~]# ls -l /usr/bin/sudo
-rwsrwxrwx. 1 root root 123832 Jun  7  2017 //usr/bin/sudo

[root@rhel6 ~]# ls -l /usr/libexec/sudoers.so 
-rwxr-xr-x. 1 root root 296072 Jun  7  2017 /usr/libexec/sudoers.so

RHEL 7 -

[root@rhel7 ~]# ls -ld /usr/libexec/sudo/sudoers.so
-rwxrwxrwx 1 root root 423088 Sep 25  2018 /usr/libexec/sudo/sudoers.so

This solution is part of Red Hat’s fast-track publication program, providing a huge library of solutions that Red Hat engineers have created while supporting our customers. To give you the knowledge you need the instant it becomes available, these articles may be presented in a raw and unedited form.

Comments