I was trying to make my /private/etc folder and all its contents world-readable. 'Permission denied' messages from a number of internal files and folders were a recurrent theme whenever I did a find operation on that folder. But chmod -R
seems to have failed here. Can someone please explain why I get this error message and what I should do to fix it? I'm on OS X 10.8.3.
$ sudo chmod -R a+r /private/etc
sudo: /private/etc/sudoers is mode 0444, should be 0440
sudo: no valid sudoers sources found, quitting
In fact any read operation in the directory seems to fail:
$sudo stat /private/etc/raddb/sql/sqlite
sudo: /private/etc/sudoers is mode 0444, should be 0440
sudo: no valid sudoers sources found, quitting
Best Answer
Changing the permissions on
/private/etc/sudoers
is definitely a no-no. Thesudo
command will fail to work if that file's permissions are not0440
as you are noticing. This is a security measure -- the command distrusts any permission setting that is less restrictive than0440
as it allows for potential tampering with sudo permissions on the box.Normally you'd boot in to single user mode to fix this problem. This lets you log in with elevated privledges so you can do a:
and get your
sudo
command back.But I found this article that had an alternative that doesn't require a reboot and works if your account has Administrator level access. I haven't tried it, but it seems sound.
Open a Finder window a hit
Shift-Command-G
to get the "Go To" dialog. Enter/private/etc
in the dialog and hit theGo
button.Find the
sudoers
file in the Finder window, select it and pressCommand-I
to open the information window for the file and change the permissions on the file so they match:Close the information window and you should be back in business.
All this being said: I would strongly encourage you to rethink changing the permissions of everything under
/private/etc
to be world readable. This poses a serious security risk (as seen from the waysudo
locks you out when you make/private/etc/sudoers
world readable) to your machine. Maybe there's another Ask Different question here that'll help you solve a problem you think you're solving by making these unsafe changes?