Permissions Troubleshooting

After connecting to an Oracle Linux instance as the opc user and you try to switch to the root user, the following error is seen:

[opc@<oracle-linux-instance-name> ~]$ sudo su - 

sudo: /usr/bin/sudo must be owned by uid 0 and have the setuid bit set

This issue occurs if someone or something has changed the ownership and permissions on the sudo binary, and since the /usr/bin/sudo file must be owned by root, the binaries cannot be executed.

To fix this issue, you must reset the user and group ownership and permissions of files within the sudo package to their original values as defined in the RPM database.

1. From a command line, using administrative privileges connect to the instance using SSH.
2. Check the current sudo owner and permissions:

   ll /usr/bin/*sudo*

   -r--------. 1 opc opc 247512 Jan 23 2023 /usr/bin/cvtsudoers
   -r--------. 1 opc opc 151424 Jan 23 2023 /usr/bin/sudo
   lrwxrwxrwx. 1 root root 4 Jun 13 2023 /usr/bin/sudoedit → sudo
   -r--------. 1 opc opc 57456 Jan 23 2023 /usr/bin/sudoreplay

3. Reset the user and group ownership of files within the sudo package to their original values:

   rpm --setugids sudo

4. Recheck sudo permissions:

   ll /usr/bin/*sudo*

   -r--------. 1 root root 247512 Jan 23 2023 /usr/bin/cvtsudoers
   -r--------. 1 root root 151424 Jan 23 2023 /usr/bin/sudo
   lrwxrwxrwx. 1 root root 4 Jun 13 2023 /usr/bin/sudoedit → sudo
   -r--------. 1 root root 57456 Jan 23 2023 /usr/bin/sudoreplay

5. Reset permissions for files within the sudo package:

   rpm --setperms sudo

6. Recheck sudo permissions:

   ll /usr/bin/*sudo*

   -rwxr-xr-x. 1 root root 247512 Jan 23 2023 /usr/bin/cvtsudoers
   ---s--x--x. 1 root root 151424 Jan 23 2023 /usr/bin/sudo
   lrwxrwxrwx. 1 root root 4 Jun 13 2023 /usr/bin/sudoedit → sudo
   ---x--x--x. 1 root root 57456 Jan 23 2023 /usr/bin/sudoreplay

7. Verify that you can switch from the opc user to the root user:

   [opc@<oracle-linux-instance-name> ~]$ sudo su -
   
   [root@<oracle-linux-instance-name> ~]$