Gain Root Access to remote Server with sudo, su, and pkexec not working

The name of the pictureThe name of the pictureThe name of the pictureClash Royale CLAN TAG#URR8PPP











up vote
1
down vote

favorite












I'm running CentOS7 on an old dell box that I repurposed as a home server. I also ssh into it from a remote location to make sure everything is running smoothly, and to do things like rsync my laptop. In other terms, nobody is usually at home to reset the machine if anything goes wrong.



The situation:



Sometime last week, I must have broken something that allows commands like sudo, su, and pkexec to work.



Su won’t accept my root password, sudo gives the error:



sudo: /usr/bin/sudo must be owned by uid 0 and have the setuid bit set


I tried running something like pkexec /bin/bash, but I got the error:



pkexec must be setuid root


seeing that, I then did:



[crlsmdrn@server ~]$ ls -l /usr/bin/sudo 

---x--x--x. 1 root root 143248 Jun 27 13:03 /usr/bin/sudo


So, is there any way to set permissions back to 4755 on sudo so I can get a root shell back remotely without having to reboot the machine?



Thanks










share|improve this question





















  • Looks like permissions are broken. You can not fix this without root access. Boot to recovery mode and see google.com/amp/s/www.cyberciti.biz/tips/…
    – Panther
    Dec 7 at 0:27











  • A reboot won't fix those permissions. A reboot, boot of a rescue disk and changing the perms back to what they were will.
    – tink
    Dec 7 at 0:28










  • It sounds as if you have recursively removed permissions as both sudo and pkexec have had their extra permissions revoked. If your disks are not too big, you could search the entire system to see if there are and suid programs left which might give you a way into the system. Use find / -perm +2000 -type f -ls and add the output to the question.
    – icarus
    Dec 7 at 1:25










  • You were right; it looks like I did accidentally.
    – Carlos1001
    Dec 7 at 2:16















up vote
1
down vote

favorite












I'm running CentOS7 on an old dell box that I repurposed as a home server. I also ssh into it from a remote location to make sure everything is running smoothly, and to do things like rsync my laptop. In other terms, nobody is usually at home to reset the machine if anything goes wrong.



The situation:



Sometime last week, I must have broken something that allows commands like sudo, su, and pkexec to work.



Su won’t accept my root password, sudo gives the error:



sudo: /usr/bin/sudo must be owned by uid 0 and have the setuid bit set


I tried running something like pkexec /bin/bash, but I got the error:



pkexec must be setuid root


seeing that, I then did:



[crlsmdrn@server ~]$ ls -l /usr/bin/sudo 

---x--x--x. 1 root root 143248 Jun 27 13:03 /usr/bin/sudo


So, is there any way to set permissions back to 4755 on sudo so I can get a root shell back remotely without having to reboot the machine?



Thanks










share|improve this question





















  • Looks like permissions are broken. You can not fix this without root access. Boot to recovery mode and see google.com/amp/s/www.cyberciti.biz/tips/…
    – Panther
    Dec 7 at 0:27











  • A reboot won't fix those permissions. A reboot, boot of a rescue disk and changing the perms back to what they were will.
    – tink
    Dec 7 at 0:28










  • It sounds as if you have recursively removed permissions as both sudo and pkexec have had their extra permissions revoked. If your disks are not too big, you could search the entire system to see if there are and suid programs left which might give you a way into the system. Use find / -perm +2000 -type f -ls and add the output to the question.
    – icarus
    Dec 7 at 1:25










  • You were right; it looks like I did accidentally.
    – Carlos1001
    Dec 7 at 2:16













up vote
1
down vote

favorite









up vote
1
down vote

favorite











I'm running CentOS7 on an old dell box that I repurposed as a home server. I also ssh into it from a remote location to make sure everything is running smoothly, and to do things like rsync my laptop. In other terms, nobody is usually at home to reset the machine if anything goes wrong.



The situation:



Sometime last week, I must have broken something that allows commands like sudo, su, and pkexec to work.



Su won’t accept my root password, sudo gives the error:



sudo: /usr/bin/sudo must be owned by uid 0 and have the setuid bit set


I tried running something like pkexec /bin/bash, but I got the error:



pkexec must be setuid root


seeing that, I then did:



[crlsmdrn@server ~]$ ls -l /usr/bin/sudo 

---x--x--x. 1 root root 143248 Jun 27 13:03 /usr/bin/sudo


So, is there any way to set permissions back to 4755 on sudo so I can get a root shell back remotely without having to reboot the machine?



Thanks










share|improve this question













I'm running CentOS7 on an old dell box that I repurposed as a home server. I also ssh into it from a remote location to make sure everything is running smoothly, and to do things like rsync my laptop. In other terms, nobody is usually at home to reset the machine if anything goes wrong.



The situation:



Sometime last week, I must have broken something that allows commands like sudo, su, and pkexec to work.



Su won’t accept my root password, sudo gives the error:



sudo: /usr/bin/sudo must be owned by uid 0 and have the setuid bit set


I tried running something like pkexec /bin/bash, but I got the error:



pkexec must be setuid root


seeing that, I then did:



[crlsmdrn@server ~]$ ls -l /usr/bin/sudo 

---x--x--x. 1 root root 143248 Jun 27 13:03 /usr/bin/sudo


So, is there any way to set permissions back to 4755 on sudo so I can get a root shell back remotely without having to reboot the machine?



Thanks







centos permissions terminal sudo root






share|improve this question













share|improve this question











share|improve this question




share|improve this question










asked Dec 6 at 23:59









Carlos1001

194




194











  • Looks like permissions are broken. You can not fix this without root access. Boot to recovery mode and see google.com/amp/s/www.cyberciti.biz/tips/…
    – Panther
    Dec 7 at 0:27











  • A reboot won't fix those permissions. A reboot, boot of a rescue disk and changing the perms back to what they were will.
    – tink
    Dec 7 at 0:28










  • It sounds as if you have recursively removed permissions as both sudo and pkexec have had their extra permissions revoked. If your disks are not too big, you could search the entire system to see if there are and suid programs left which might give you a way into the system. Use find / -perm +2000 -type f -ls and add the output to the question.
    – icarus
    Dec 7 at 1:25










  • You were right; it looks like I did accidentally.
    – Carlos1001
    Dec 7 at 2:16

















  • Looks like permissions are broken. You can not fix this without root access. Boot to recovery mode and see google.com/amp/s/www.cyberciti.biz/tips/…
    – Panther
    Dec 7 at 0:27











  • A reboot won't fix those permissions. A reboot, boot of a rescue disk and changing the perms back to what they were will.
    – tink
    Dec 7 at 0:28










  • It sounds as if you have recursively removed permissions as both sudo and pkexec have had their extra permissions revoked. If your disks are not too big, you could search the entire system to see if there are and suid programs left which might give you a way into the system. Use find / -perm +2000 -type f -ls and add the output to the question.
    – icarus
    Dec 7 at 1:25










  • You were right; it looks like I did accidentally.
    – Carlos1001
    Dec 7 at 2:16
















Looks like permissions are broken. You can not fix this without root access. Boot to recovery mode and see google.com/amp/s/www.cyberciti.biz/tips/…
– Panther
Dec 7 at 0:27





Looks like permissions are broken. You can not fix this without root access. Boot to recovery mode and see google.com/amp/s/www.cyberciti.biz/tips/…
– Panther
Dec 7 at 0:27













A reboot won't fix those permissions. A reboot, boot of a rescue disk and changing the perms back to what they were will.
– tink
Dec 7 at 0:28




A reboot won't fix those permissions. A reboot, boot of a rescue disk and changing the perms back to what they were will.
– tink
Dec 7 at 0:28












It sounds as if you have recursively removed permissions as both sudo and pkexec have had their extra permissions revoked. If your disks are not too big, you could search the entire system to see if there are and suid programs left which might give you a way into the system. Use find / -perm +2000 -type f -ls and add the output to the question.
– icarus
Dec 7 at 1:25




It sounds as if you have recursively removed permissions as both sudo and pkexec have had their extra permissions revoked. If your disks are not too big, you could search the entire system to see if there are and suid programs left which might give you a way into the system. Use find / -perm +2000 -type f -ls and add the output to the question.
– icarus
Dec 7 at 1:25












You were right; it looks like I did accidentally.
– Carlos1001
Dec 7 at 2:16





You were right; it looks like I did accidentally.
– Carlos1001
Dec 7 at 2:16











1 Answer
1






active

oldest

votes

















up vote
0
down vote













I was able to reset permissions on sudo without rebooting into rescue mode! This is what I did:



Thankfully, systemd was still allowing me to restart daemons because it was authenticating via polkit.



So, I made a unit file in my home directory containing:



/home/crlsmdrn/sudo-reset.service:



[Unit]
Description=reset sudo

[Service]
Type=oneshot
ExecStart=/home/crlsmdrn/sudo-reset.sh

[Install]
WantedBy=multi-user.target


I then made a file named sudo-reset.sh.



/home/crlsmdrn/sudo-reset.sh:



#!/bin/sh
chmod 4755 /usr/bin/sudo


Then:



[crlsmdrn@server ~]$ chmod +x /home/crlsmdrn/sudo-reset.sh


Followed by enabling and running the service:



[crlsmdrn@server ~]$ systemctl enable /home/crlsmdrn/sudo-reset.service
[crlsmdrn@server ~]$ systemctl start sudo-reset-service

[crlsmdrn@server ~]$ sudo
usage: sudo -h | -K | -k | -V
usage: sudo -v [-AknS] [-g group] [-h host] [-p prompt] [-u user]
usage: sudo -l [-AknS] [-g group] [-h host] [-p prompt] [-U user] [-u user] [command]
usage: sudo [-AbEHknPS] [-r role] [-t type] [-C num] [-g group] [-h host] [-p prompt] [-u user] [VAR=value] [-i|-s]
[<command>]
usage: sudo -e [-AknS] [-r role] [-t type] [-C num] [-g group] [-h host] [-p prompt] [-u user] file ...


I then was able to do sudo -s, then see what permissions were broken by looking back at the bash history; it looks like only /usr/bin got borked, so I ran rpm --setperms -a, which appeared to fix the permissions.



Don't forget to disable the service after doing this.



Moral of the story here: never run chown -R root:root on /usr/bin without expecting things to work the same.






share|improve this answer




















    Your Answer








    StackExchange.ready(function()
    var channelOptions =
    tags: "".split(" "),
    id: "106"
    ;
    initTagRenderer("".split(" "), "".split(" "), channelOptions);

    StackExchange.using("externalEditor", function()
    // Have to fire editor after snippets, if snippets enabled
    if (StackExchange.settings.snippets.snippetsEnabled)
    StackExchange.using("snippets", function()
    createEditor();
    );

    else
    createEditor();

    );

    function createEditor()
    StackExchange.prepareEditor(
    heartbeatType: 'answer',
    convertImagesToLinks: false,
    noModals: true,
    showLowRepImageUploadWarning: true,
    reputationToPostImages: null,
    bindNavPrevention: true,
    postfix: "",
    imageUploader:
    brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
    contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
    allowUrls: true
    ,
    onDemand: true,
    discardSelector: ".discard-answer"
    ,immediatelyShowMarkdownHelp:true
    );



    );













    draft saved

    draft discarded


















    StackExchange.ready(
    function ()
    StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2funix.stackexchange.com%2fquestions%2f486482%2fgain-root-access-to-remote-server-with-sudo-su-and-pkexec-not-working%23new-answer', 'question_page');

    );

    Post as a guest















    Required, but never shown

























    1 Answer
    1






    active

    oldest

    votes








    1 Answer
    1






    active

    oldest

    votes









    active

    oldest

    votes






    active

    oldest

    votes








    up vote
    0
    down vote













    I was able to reset permissions on sudo without rebooting into rescue mode! This is what I did:



    Thankfully, systemd was still allowing me to restart daemons because it was authenticating via polkit.



    So, I made a unit file in my home directory containing:



    /home/crlsmdrn/sudo-reset.service:



    [Unit]
    Description=reset sudo

    [Service]
    Type=oneshot
    ExecStart=/home/crlsmdrn/sudo-reset.sh

    [Install]
    WantedBy=multi-user.target


    I then made a file named sudo-reset.sh.



    /home/crlsmdrn/sudo-reset.sh:



    #!/bin/sh
    chmod 4755 /usr/bin/sudo


    Then:



    [crlsmdrn@server ~]$ chmod +x /home/crlsmdrn/sudo-reset.sh


    Followed by enabling and running the service:



    [crlsmdrn@server ~]$ systemctl enable /home/crlsmdrn/sudo-reset.service
    [crlsmdrn@server ~]$ systemctl start sudo-reset-service

    [crlsmdrn@server ~]$ sudo
    usage: sudo -h | -K | -k | -V
    usage: sudo -v [-AknS] [-g group] [-h host] [-p prompt] [-u user]
    usage: sudo -l [-AknS] [-g group] [-h host] [-p prompt] [-U user] [-u user] [command]
    usage: sudo [-AbEHknPS] [-r role] [-t type] [-C num] [-g group] [-h host] [-p prompt] [-u user] [VAR=value] [-i|-s]
    [<command>]
    usage: sudo -e [-AknS] [-r role] [-t type] [-C num] [-g group] [-h host] [-p prompt] [-u user] file ...


    I then was able to do sudo -s, then see what permissions were broken by looking back at the bash history; it looks like only /usr/bin got borked, so I ran rpm --setperms -a, which appeared to fix the permissions.



    Don't forget to disable the service after doing this.



    Moral of the story here: never run chown -R root:root on /usr/bin without expecting things to work the same.






    share|improve this answer
























      up vote
      0
      down vote













      I was able to reset permissions on sudo without rebooting into rescue mode! This is what I did:



      Thankfully, systemd was still allowing me to restart daemons because it was authenticating via polkit.



      So, I made a unit file in my home directory containing:



      /home/crlsmdrn/sudo-reset.service:



      [Unit]
      Description=reset sudo

      [Service]
      Type=oneshot
      ExecStart=/home/crlsmdrn/sudo-reset.sh

      [Install]
      WantedBy=multi-user.target


      I then made a file named sudo-reset.sh.



      /home/crlsmdrn/sudo-reset.sh:



      #!/bin/sh
      chmod 4755 /usr/bin/sudo


      Then:



      [crlsmdrn@server ~]$ chmod +x /home/crlsmdrn/sudo-reset.sh


      Followed by enabling and running the service:



      [crlsmdrn@server ~]$ systemctl enable /home/crlsmdrn/sudo-reset.service
      [crlsmdrn@server ~]$ systemctl start sudo-reset-service

      [crlsmdrn@server ~]$ sudo
      usage: sudo -h | -K | -k | -V
      usage: sudo -v [-AknS] [-g group] [-h host] [-p prompt] [-u user]
      usage: sudo -l [-AknS] [-g group] [-h host] [-p prompt] [-U user] [-u user] [command]
      usage: sudo [-AbEHknPS] [-r role] [-t type] [-C num] [-g group] [-h host] [-p prompt] [-u user] [VAR=value] [-i|-s]
      [<command>]
      usage: sudo -e [-AknS] [-r role] [-t type] [-C num] [-g group] [-h host] [-p prompt] [-u user] file ...


      I then was able to do sudo -s, then see what permissions were broken by looking back at the bash history; it looks like only /usr/bin got borked, so I ran rpm --setperms -a, which appeared to fix the permissions.



      Don't forget to disable the service after doing this.



      Moral of the story here: never run chown -R root:root on /usr/bin without expecting things to work the same.






      share|improve this answer






















        up vote
        0
        down vote










        up vote
        0
        down vote









        I was able to reset permissions on sudo without rebooting into rescue mode! This is what I did:



        Thankfully, systemd was still allowing me to restart daemons because it was authenticating via polkit.



        So, I made a unit file in my home directory containing:



        /home/crlsmdrn/sudo-reset.service:



        [Unit]
        Description=reset sudo

        [Service]
        Type=oneshot
        ExecStart=/home/crlsmdrn/sudo-reset.sh

        [Install]
        WantedBy=multi-user.target


        I then made a file named sudo-reset.sh.



        /home/crlsmdrn/sudo-reset.sh:



        #!/bin/sh
        chmod 4755 /usr/bin/sudo


        Then:



        [crlsmdrn@server ~]$ chmod +x /home/crlsmdrn/sudo-reset.sh


        Followed by enabling and running the service:



        [crlsmdrn@server ~]$ systemctl enable /home/crlsmdrn/sudo-reset.service
        [crlsmdrn@server ~]$ systemctl start sudo-reset-service

        [crlsmdrn@server ~]$ sudo
        usage: sudo -h | -K | -k | -V
        usage: sudo -v [-AknS] [-g group] [-h host] [-p prompt] [-u user]
        usage: sudo -l [-AknS] [-g group] [-h host] [-p prompt] [-U user] [-u user] [command]
        usage: sudo [-AbEHknPS] [-r role] [-t type] [-C num] [-g group] [-h host] [-p prompt] [-u user] [VAR=value] [-i|-s]
        [<command>]
        usage: sudo -e [-AknS] [-r role] [-t type] [-C num] [-g group] [-h host] [-p prompt] [-u user] file ...


        I then was able to do sudo -s, then see what permissions were broken by looking back at the bash history; it looks like only /usr/bin got borked, so I ran rpm --setperms -a, which appeared to fix the permissions.



        Don't forget to disable the service after doing this.



        Moral of the story here: never run chown -R root:root on /usr/bin without expecting things to work the same.






        share|improve this answer












        I was able to reset permissions on sudo without rebooting into rescue mode! This is what I did:



        Thankfully, systemd was still allowing me to restart daemons because it was authenticating via polkit.



        So, I made a unit file in my home directory containing:



        /home/crlsmdrn/sudo-reset.service:



        [Unit]
        Description=reset sudo

        [Service]
        Type=oneshot
        ExecStart=/home/crlsmdrn/sudo-reset.sh

        [Install]
        WantedBy=multi-user.target


        I then made a file named sudo-reset.sh.



        /home/crlsmdrn/sudo-reset.sh:



        #!/bin/sh
        chmod 4755 /usr/bin/sudo


        Then:



        [crlsmdrn@server ~]$ chmod +x /home/crlsmdrn/sudo-reset.sh


        Followed by enabling and running the service:



        [crlsmdrn@server ~]$ systemctl enable /home/crlsmdrn/sudo-reset.service
        [crlsmdrn@server ~]$ systemctl start sudo-reset-service

        [crlsmdrn@server ~]$ sudo
        usage: sudo -h | -K | -k | -V
        usage: sudo -v [-AknS] [-g group] [-h host] [-p prompt] [-u user]
        usage: sudo -l [-AknS] [-g group] [-h host] [-p prompt] [-U user] [-u user] [command]
        usage: sudo [-AbEHknPS] [-r role] [-t type] [-C num] [-g group] [-h host] [-p prompt] [-u user] [VAR=value] [-i|-s]
        [<command>]
        usage: sudo -e [-AknS] [-r role] [-t type] [-C num] [-g group] [-h host] [-p prompt] [-u user] file ...


        I then was able to do sudo -s, then see what permissions were broken by looking back at the bash history; it looks like only /usr/bin got borked, so I ran rpm --setperms -a, which appeared to fix the permissions.



        Don't forget to disable the service after doing this.



        Moral of the story here: never run chown -R root:root on /usr/bin without expecting things to work the same.







        share|improve this answer












        share|improve this answer



        share|improve this answer










        answered Dec 7 at 1:49









        Carlos1001

        194




        194



























            draft saved

            draft discarded
















































            Thanks for contributing an answer to Unix & Linux Stack Exchange!


            • Please be sure to answer the question. Provide details and share your research!

            But avoid


            • Asking for help, clarification, or responding to other answers.

            • Making statements based on opinion; back them up with references or personal experience.

            To learn more, see our tips on writing great answers.





            Some of your past answers have not been well-received, and you're in danger of being blocked from answering.


            Please pay close attention to the following guidance:


            • Please be sure to answer the question. Provide details and share your research!

            But avoid


            • Asking for help, clarification, or responding to other answers.

            • Making statements based on opinion; back them up with references or personal experience.

            To learn more, see our tips on writing great answers.




            draft saved


            draft discarded














            StackExchange.ready(
            function ()
            StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2funix.stackexchange.com%2fquestions%2f486482%2fgain-root-access-to-remote-server-with-sudo-su-and-pkexec-not-working%23new-answer', 'question_page');

            );

            Post as a guest















            Required, but never shown





















































            Required, but never shown














            Required, but never shown












            Required, but never shown







            Required, but never shown

































            Required, but never shown














            Required, but never shown












            Required, but never shown







            Required, but never shown






            Popular posts from this blog

            How to check contact read email or not when send email to Individual?

            Displaying single band from multi-band raster using QGIS

            How many registers does an x86_64 CPU actually have?