Sudo must be owned by uid 0

Author: m | 2025-04-23

sudo: /etc/sudo.conf is owned by uid , should be 0 sudo: /usr/bin/sudo must be owned by uid 0 and have the setuid bit set

sudo: /usr/bin/sudo must be owned by uid 0

The daemon:and then:$ systemctl --user enable --now opentabletdriver.serviceWe'll find that tablet still doesn't recognized so we need to remove a kernel module. In our case, the hid_uclogic:$ sudo rmmod hid_uclogic$ sudo udevadm control --reload-rules && sudo udevadm trigger$ systemctl --user restart opentabletdriver.serviceIn order to make it persistent we need blacklisting the kernel module by creating a file in /etc/modprobe.d/blacklist.conf with a single line:Finally open the configuration gui tool:Mount USB sticksSimply like that:,gid=users,fmask=113,dmask=002,umask=000 /dev/ /mnt/">sudo mount -o uid=username>,gid=users,fmask=113,dmask=002,umask=000 /dev/sdbn> /mnt/usb>Where username is the name of active user, sdbn is the number assigned by kernel to the identified external drive and usb is the directory name where we want to mount the stick usb.If you recieve this error message: unknown filesystem type 'ntfs'. you must install:// @TODO: Use Udisks instead of manually mounting usb sticks CDs 12:14p. m. rotter Sandbox dd if=/dev/sr0 of=discmage.iso bs=2048 count=313305 status=progress139442176 octets (139 MB, 133 MiB) copiats, 77 s, 1,8 MB/s69104+0 registres llegits69104+0 registres escrits141524992 octets (142 MB, 135 MiB) copiats, 77,906 s, 1,8 MB/sλ 12:16p. m. rotter Sandbox lstotal 138216-rw-r--r-- 1 rotter users 141524992 6 ag. 12:16 discmage.isodrwxr-xr-x 2 rotter users 4096 6 ag. 11:49 pepehandsλ 12:16p. m. rotter Sandbox sudo losetup /dev/loop0 discmage.isoλ 12:16p. m. rotter Sandbox sudo losetup --find --show discmage.iso/dev/loop2λ 12:17p. m. rotter Sandbox sudo mount /dev/loop2 pepehandsmount: /home/rotter/Sandbox/pepehands: WARNING: source write-protected, mounted read-onlyλ 12:17p. m. rotter Sandbox umount pepehandsumount: /home/rotter/Sandbox/pepehands: must be superuser to unmount.λ 12:27p. m. rotter Sandbox sudo umount pepehands[sudo] contrasenya per a rotter:λ 12:28p. m. rotter Sandbox sudo losetup

SUDO Error sudo: /usr/bin/sudo must be owned by uid 0 and

Like: dn: ou=people,dc=hive,dc=lanobjectClass: organizationalUnitobjectClass: topou: peopledn: ou=groups,dc=hive,dc=lanobjectClass: organizationalUnitobjectClass: topou: groupsMake sure to change dc=hive,dc=lan to match your domain. Save and close the file. Next, we create a file that will adjust the SLAPD database access controls with the command: nano update-mdb-acl.ldifIn that file, paste the following, (making sure to change hive and lan with your domain information): n: olcDatabase={1}mdb,cn=configchangetype: modifyreplace: olcAccessolcAccess: to attrs=userPassword,shadowLastChange,shadowExpire by self write by anonymous auth by dn.subtree="gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth" manage by dn.exact="cn=readonly,ou=people,dc=hive,dc=lan" read by * noneolcAccess: to dn.exact="cn=readonly,ou=people,dc=hive,dc=lan" bydn.subtree="gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth" manage by * noneolcAccess: to dn.subtree="dc=hive,dc=lan" by dn.subtree="gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth" manage by users read by * noneSave and close the file. Update the database access control list, using the information in the newly created update-mdb-acl.dif file, with the command: sudo ldapadd -Y EXTERNAL -H ldapi:/// -f update-mdb-acl.ldifNow we’ll update the database, using the OU information, with the command: sudo ldapadd -Y EXTERNAL -H ldapi:/// -f users-ou.ldifWe can now add a new user account. Create a new file with the command: nano user.ldifIn that file, paste the following (modifying it for the user information to be added): dn: uid=olivia,ou=people,dc=hive,dc=lanobjectClass: inetOrgPersonobjectClass: posixAccountobjectClass: shadowAccountuid: oliviacn: oliviasn: NightingaleloginShell: /bin/bashuidNumber: 10000gidNumber: 10000homeDirectory: /home/oliviashadowMax: 60shadowMin: 1shadowWarning: 7shadowInactive: 7shadowLastChange: 0dn: cn=olivia,ou=groups,dc=hive,dc=lanobjectClass: posixGroupcn: oliviagidNumber: 10000memberUid: oliviaAdd the new user with the command: sudo ldapadd -Y EXTERNAL -H ldapi:/// -f user.ldifSet the password for the user with the command (substituting the new username and your domain): sudo ldappasswd -H ldapi:/// -Y EXTERNAL -S "uid=olivia,ou=people,dc=hive,dc=lan"You will be prompted to enter and verify the new password. Finally, we have to create a read only username that will be used to query the LDAP server. Generate a password hash with the command: slappasswdYou’ll be prompted to type and verify a password. When the command completes, you’ll be presented with a hashed password. Copy the hashed password. Create a new user file with the command: nano readonly-user.ldifPaste the following into that file (substituting your domain): dn: cn=readonly,ou=people,dc=hive,dc=lanobjectClass: organizationalRoleobjectClass: simpleSecurityObjectcn: readonlyuserPassword: {SSHA}HASHdescription: Bind DN user for LDAP OperationsWhere HASH is the hashed password you copied. Add the new user to the database with the command: sudo ldapadd -Y EXTERNAL -H ldapi:/// -f readonly-user.ldif How to install phpLDAPadmin Now we can install the web-based administration tool with the command: sudo apt-get install phpldapadmin -yOpen the phpLDAPadmin configuration file with the command: sudo nano /etc/phpldapadmin/config.phpEdit the following lines (making sure to change the domain to match yours and the IP address to match your hosting server): $servers->setValue('server','name','My LDAP Server');$servers->setValue('server','host','192.168.1.30');$servers->;setValue('server','base',array('dc=hive,dc=lan'));$servers->setValue('login','auth_type','session');$servers->setValue('login','bind_id','cn=admin,dc=hive,dc=lan');$servers->setValue('auto_number','min',array('uidNumber'=>10000,'gidNumber'=>10000));Disable the Apache default site with the command: sudo a2dissite 000-default.confRestart Apache with the command: sudo systemctl restart apache2 How to access phpLDAPadmin With everything taken care of, open a web browser and point it to (where SERVER is the IP address of your hosting server). Your default username

networking - sudo: /usr/bin/sudo must be owned by uid 0 and

Steps below are showing how to mount an NFS share on Windows client.1.) Install the NFS Client (Services for NFS) what can be enabled from Windows Control Panel: Open Control Panel and search for "Turn Windows features on or off" Check the option "Services for NFS," then click OK. 2.) On the ECS side, configure the NFS share. See the ECS Administration Guide for what can be downloaded from Enable Write Permissions for the Anonymous User:With the default options, a user has read permissions when mounting an ECS NFS share using the anonymous user. We can give the anonymous user write permissions by changing the UID and GID that it uses to mount the share.To change the UID and GID we must make a simple change to the Windows registry by performing the following steps: Open regedit by typing it in the search box end pressing Enter. Browse to HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\ClientForNFS\CurrentVersion\Default. Create a new New DWORD (32-bit) Value inside the Default folder named AnonymousUid and assign the UID 0 (or another UID/GID if configured in ECS). Create a new New DWORD (32-bit) Value inside the Default folder named AnonymousGid and assign the GID 0 (or another UID/GID if configured in ECS). Restart the NFS client from Windows CMD line (nfsadmin client restart) or reboot the machine to apply the changes. 4.) Mount the NFS share on your windows CMD line: # mount -o "nolock,sec=sys" x.x.x.x:// : Example:C:\Users\bob>mount -o "nolock,sec=sys" x.x.x.x:/test-nfs-ns/test-nfs-bucket y:Note: x.x.x.x = Public IP of ECS node or load balancer.5.) Please be noted that each time when you Windows restarts, you need to re-mount the NFS share by default.There are different workarounds available but this is not ECS related by nature.One example below:. sudo: /etc/sudo.conf is owned by uid , should be 0 sudo: /usr/bin/sudo must be owned by uid 0 and have the setuid bit set sudo: /usr/bin/sudo must be owned by uid Or sudo: /usr/bin/sudo must be owned by uid 0 and have the setuid bit set. Reason :This error occurs

sudo: /usr/bin/sudo must be owned by uid 0 and have the

Using one of these flags: -c, --with-cwdOutput the current working directory -e, --with-egidOutput the egid -g, --with-gidOutput the gid -u, --with-euidOutput the euid Example output from the navencrypt-profile command:{"uid":"0","comm":"NetworkManager","cmdline":"NetworkManager –pid-file=/var/run/NetwrkManager/NetworkManager.pid","gid":"0""cwd":"/","fd0":"/dev/null","fd1":"/dev/null","fd2":"/dev/null"} Some distributions do not support euid and guid. Make sure that your profile file is correct by executing the following command to verify the expected IDs:ps -p -o euid,egid If cmdline parameters are variable, such as appending a process start timestamp to a file name, then the process profile will not match on subsequent restarts of the process because the current profile will have an updated timestamp and access will be denied by the ACL. You can mark those parameters as variable inside the profile file. For example, if the cmdline of a process is something like this:"cmdline":"NetworkManager –pid-file=/var/run/NetworkManager/NetworkManager.pid \-logfile=/var/log/NetworkManager/log-20130808152300.log" Where log-20130505122300.log is a variable cmdline parameter, before adding the process profile to the ACL, edit the process profile file and use ## to specify that a particular parameter is variable:"cmdline":"NetworkManager –pid-file=/var/run/NetworkManager/NetworkManager.pid -logfile=##" With the above configuration, the ACL will allow any value for the -logfile cmdline parameter. To enable a profile in the ACL, use the additional parameter --profile-file= when adding the rule to the ACL:$ sudo /usr/sbin/navencrypt acl --add --rule="ALLOW @mysql * /usr/sbin/mysqld" \–-profile-file=/path/to/profile/file To display the profile portion of the rules, use the --all parameter with navencrypt acl --list:$ sudo /usr/sbin/navencrypt acl --list --allType MASTER passphrase:# - Type Category Path Profile Process1 ALLOW @mysql * YES /usr/sbin/mysqldPROFILE:{"uid":"120","comm":"mysqld","cmdline":"mysqld"}

permissions - sudo: /usr/bin/sudo must be owned by uid 0 and

Android can be max 255 characters due to ext4 filesystem limit as per NAME_MAX that is defined by POSIX. (1, 2, 3)The user_id refers to the id for the user in which an app is installed and running. The default/primary user id is 0. The ids for secondary users and profiles start at id 10. A user_id can have a max 1000 value. (1, 2), but only 1-10 users are allowed to be created normally, based on the fw.max_users property or config_multiuserMaximumUsers config (pm get-max-users). (1, 2, 3)The volume_uuid for an /mnt/expand path is the volume partition UUID equal to 36 characters in the format VVVVVVVV-VVVV-VVVV-VVVV-VVVVVVVVVVVV.The partitions for the app data directory paths are normally formatted as ext4 or f2fs filesystem, which supports symlinks and other file attributes.For Termux installed on primary user 0, the private app data directory paths assigned by Android are /data/data/com.termux and /data/user/0/com.termux, and Termux app can only be installed in the primary user and not secondary users/profiles as Termux packages are specifically compiled for the Termux rootfs directory /data/data/com.termux/files ($TERMUX__ROOTFS) that exists under it, at least until Dynamic Variables is implemented.The uid (id -u) assigned to the app for its private app data directory and processes is calculated as per user_id * AID_USER_OFFSET + AID_APP_START + app_id, where AID_USER_OFFSET=100000 (offset for uid ranges for each user), AID_APP_START=10000 (first app user) and AID_APP_END=19999 (last app user). The app_id is the unique id assigned to an app which gets incremented for each new app during its install session. (1, 2, 3, 4, 5) If the same app is installed in secondary users, it will be assigned the same app_id, but uid will have a different user_id to distinguish them and the categories in the SeLinux contexts assigned to the processes and files of the apps as part of Multi-Category Security (MCS) will be different too. (1, 2, 3, 4, 5). The user names (id -un) for app processes are in the format u_a for normal app processes, like u0_a160 and in the format u_i for isolated app processes, like u0_i160. For example, for normal app processes with the app_id=160:- user_id=0: (0 * 100000 + 10000 + 160) -> 10160/u0_a160- user_id=10: (10 * 100000 + 10000 + 160) -> 1010160/u10_a160- user_id=256: (256 * 100000 + 10000 + 160) -> 25610160/u256_a160- user_id=1000: (1000 * 100000 + 10000 + 160) -> 100010160/u1000_a160This private app data directory assigned to the app is not accessible to any other app by default and is safe to use to store private files. This is done with 3 different security mechanisms.UID-based DAC security ensures that private app data directory has the same ownership as the app uid and the permissions (read, write and execute) are not granted to other group by Android by default, so each app can only access files owned by its own uid. (1, 2)SeLinux Multi-Category Security (MCS) prevents an app to Isolate the app data from access by another app and Isolate the app data from one physical user to another.

Troubleshooting sudo: /usr/bin/sudo must be owned by uid 0 and

背景本文介绍了如何在 Linux 和 Windows 操作系统下，使用 sshfs 命令将远程 UNIX 服务器目录挂载到本地机器之后，便可以把远程文件当作本地文件用，这尤其适合服务版操作系统无桌面环境，无显示器，或者云原生的场景。Linuxsudo apt install sshfssudo sshfs $remote_user@$remote_host:/$remote_dir/ /$local_dir/ \# SSH 连接配置：用户权限-o default_permissions,allow_other,uid=$(id -u),gid=$(id -g),idmap=user,\# 连接保活ServerAliveInterval=15,ServerAliveCountMax=10,# SSH 端口，SSH 连接私钥port=$remote_port,identityfile=$local_identity_file上面的命令中有几个必要元素：$remote_user: 远程的连接用户；🚨 敬告请注意以下文件或目录的权限：.ssh 应为 `700``authorized_keys 则为 600用户主目录 /home/remote_user/ 默认为 755 ，建议改为 750 或 700，过于宽泛的权限会导致 SSHD 报安全隐患而无法使用公钥连接。mkdir -p ~/.ssh && touch ~/.ssh/authorized_keyschmod 700 ~/.ssh && chmod 600 ~/.ssh/authorized_keyschmod 700 /home/$USERremote_host: 远程服务器的 IP 或 域名；remote_dir: 远程目录，如原始数据目录，输出结果目录等；local_dir：想要把远程目录挂载到哪里，Linux 建议是 /mnt/ 下的目录；remote_port: 远程端口，某些服务器可能修改了默认端口；local_identity_file: 私钥地址；🔔 注意请确保已经把本地私钥所搭配的公钥放到远程用户的 .ssh/authorized_keys 文件中。命令行配置开机自动连接修改 /etc/fstab 文件，在开机启动时，文件系统根据以下配置自动连接远程目录：$ sudo vim /etc/fstab# /etc/fstab: static file system information.## Use 'blkid' to print the universally unique identifier for a# device; this may be used with UUID= as a more robust way to name devices# that works even if disks are added and removed. See fstab(5).## # / was on /dev/sda2 during installationUUID=1b815bb1-f6ae-4a94-a466-886e3fa52aa2 / ext4 errors=remount-ro 0 1# /boot/efi was on /dev/sda1 during installationUUID=D4B0-9498 /boot/efi vfat umask=0077 0 1/swapfile none swap sw 0 0# 下面这行为新增项，请替换以下变量，包括 uid 和 gid。remote_user@remote_host:/remote_dir/ /local_dir/ fuse.sshfs default_permissions,user,delay_connect,reconnect,allow_other,uid=1000,gid=1000,idmap=user,ServerAliveInterval=15,ServerAliveCountMax=10,identityfile=local_identity_file,port=remote_port 0 0挂载后，可用 mount 命令查看当前的挂载项：$ sudo sshfs [email protected]:/media/datum /mnt/datum -o default_permissions,allow_other,uid=$(id -u),gid=$(id -g),idmap=user,ServerAliveInterval=15,ServerAliveCountMax=10,port=22,identityfile=$local_identity_file$ ls -al /mnt/datum/total 64drwxrwxrwx 1 muwaii muwaii 4096 Mar 29 13:44 .drwxr-xr-x 3 root root 4096 Apr 18 11:10 ..drwxrwxr-x 1 muwaii muwaii 4096 Aug 3 2022 project_datum$ sudo mount | grep "192.168.123.123"[email protected]:/media/datum on /mnt/datum type fuse.sshfs (rw,nosuid,nodev,relatime,user_id=0,group_id=0,default_permissions,allow_other)Windows在 Windows 下，用 SSH 协议挂载 Linux 下主机目录，可使用 sshfs-win。安装最新版本的 WinFsp用途：可以简单理解成一个中间层，将 Linux 文件系统（比如 ext4）抽象成 Windows NTFS 文件系统的盘符，以支持复制，拷贝，粘贴，删除文件，查看文件元信息，查看磁盘容量等操作。安装最新版本的 SSHFS-Win用途：sshfs 命令的 Windows 版实现，负责通信协议。安装最新版本的 SSHFS-Win-Manager用途：图形界面，操作直观，支持公钥，一键连接/断开。挂载后就可以在资源管理器中看到新的盘符：界面配置开启自动连接总结通过 sshfs 命令，我们可以很方便地将远程路径挂载到本地的目录或盘符，所见即所得，所操作文件的变更自动同步到远程机器，不用手动通过 sftp 或 scp，rsync 回传，特别适合查看远程服务器的图片或视频输出，本地编辑远程调试/运行，临时挂载大数据集等场景。

Solution: sudo /usr/bin/sudo must be owned by uid 0

/var/lib/gvm/scap-data/nvdcve-2.0-2020.xmlmd manage: INFO:2022-07-07 05h06.32 UTC:37327: Updating /var/lib/gvm/scap-data/nvdcve-2.0-2022.xml...Creating Systemd Service units for GSA servicesWhen run, the installer creates GSA daemon service unit, /lib/systemd/system/gsad.service.Let us modify this service unit file;cp /lib/systemd/system/gsad.service{,.bak}cat > /lib/systemd/system/gsad.service The option, -k /var/lib/gvm/private/CA/clientkey.pem -c /var/lib/gvm/CA/clientcert.pem, is as per the certificates path generated by running the gvm-manage-certs command above.Enable GVM user to run gsad with sudo rights;echo "gvm ALL = NOPASSWD: $(which gsad)" >> /etc/sudoers.d/gvmReload system unit configs and start the services;systemctl daemon-reloadsystemctl enable --now gsadChecking the status;systemctl status gsad● gsad.service - Greenbone Security Assistant daemon (gsad) Loaded: loaded (/lib/systemd/system/gsad.service; enabled; vendor preset: enabled) Active: active (exited) since Thu 2022-07-07 18:56:01 UTC; 33s ago Docs: man:gsad(8) Process: 36900 ExecStart=/usr/bin/sudo /usr/local/sbin/gsad -k /var/lib/gvm/private/CA/clientkey.pem -c /var/lib/gvm/CA/clientcert.pem (code=exited, status=0/SUCCESS) Main PID: 36900 (code=exited, status=0/SUCCESS) Tasks: 4 (limit: 2281) Memory: 3.4M CGroup: /system.slice/gsad.service ├─36915 /usr/local/sbin/gsad -k /var/lib/gvm/private/CA/clientkey.pem -c /var/lib/gvm/CA/clientcert.pem └─36916 /usr/local/sbin/gsad -k /var/lib/gvm/private/CA/clientkey.pem -c /var/lib/gvm/CA/clientcert.pemJul 07 18:56:01 ubuntu20 systemd[1]: Started Greenbone Security Assistant daemon (gsad).Jul 07 18:56:01 ubuntu20 sudo[36900]: gvm : TTY=unknown ; PWD=/ ; USER=root ; COMMAND=/usr/local/sbin/gsad -k /var/lib/gvm/private/CA/clientkey.pem -c /var/lib/gvm/CA>Jul 07 18:56:01 ubuntu20 sudo[36900]: pam_unix(sudo:session): session opened for user root by (uid=0)Jul 07 18:56:04 ubuntu20 sudo[36912]: Oops, secure memory pool already initializedJul 07 18:56:04 ubuntu20 sudo[36900]: pam_unix(sudo:session): session closed for user rootCheck the logs;tail -f /var/log/gvm/gsad.logCreate GVM ScannerSince we launched the scanner and set it to use our non-standard scanner host path (/run/gvm/ospd-openvas.sock), we need to create and register our scanner;sudo -Hiu gvm gvmd --create-scanner="Kifarunix-demo OpenVAS Scanner" \--scanner-type="OpenVAS" --scanner-host=/run/gvm/ospd-openvas.sockcommand output;Scanner created.Next, you need to verify your scanner. For this, you first need to get the scanner identifier;sudo -Hiu gvm gvmd --get-scanners08b69003-5fc2-4037-a479-93b440211c73 OpenVAS /run/ospd/ospd-openvas.sock 0 OpenVAS Default6acd0832-df90-11e4-b9d5-28d24461215b CVE 0 CVE17597043-78cb-492c-b7b4-3b4b36406ed1 OpenVAS /run/gvm/ospd-openvas.sock 9390 Kifarunix-demo OpenVAS ScannerBased on the output above, our scanner UUID is, 17597043-78cb-492c-b7b4-3b4b36406ed1.Verify the scanner;sudo -Hiu gvm gvmd --verify-scanner=17597043-78cb-492c-b7b4-3b4b36406ed1Command output;Scanner version: OpenVAS 21.4.5~dev1~git-773a6537-stable.Create GVM Admin UserCreate GVM administrative user by running the command below;sudo -Hiu gvm gvmd --create-user adminThis command generates a random password for the user. See sample output below;User created with password '3ae45864-0d6a-4a53-938f-730a1bb5d959'.If you want to create a user and at the same time create your own password;sudo -Hiu gvm gvmd --create-user USERNAME --password=PASSWORDOtherwise, you can reset the. sudo: /etc/sudo.conf is owned by uid , should be 0 sudo: /usr/bin/sudo must be owned by uid 0 and have the setuid bit set

sudo: /usr/bin/sudo must be owned by uid 0 and have

0 packagekitd /system.slice/packagekit.service# 26993 2038 91 91 0 1000 S 3935 1256 0 firefox-esr /user.slice/user-1000.slice/session-7.scope# 27275 26993 121 121 0 1000 S 3957 1684 0 Web Content /user.slice/user-1000.slice/session-7.scope# 30374 1 1 1 0 1000 S 167 14 0 VBoxXPCOMIPCD /user.slice/user-1000.slice/session-7.scope# 30380 1 2 2 0 1000 S 958 27 0 VBoxSVC /user.slice/user-1000.slice/session-7.scope# 30549 30380 86 86 0 1000 S 5332 1192 0 VirtualBox /user.slice/user-1000.slice/session-7.scope# 30875 1 1 1 0 1000 S 345 26 0 leafpad /user.slice/user-1000.slice/session-7.scope# 32689 1 7 7 0 1000 S 896 99 0 dolphin /user.slice/user-1000.slice/session-7.scope###################################################################################################################Process with highest badness (found in 55 ms): PID: 27275, Name: Web Content, badness: 121LoggingTo view the latest entries in the log (for systemd users):sudo journalctl -eu nohang.service#### orsudo journalctl -eu nohang-desktop.serviceYou can also enable separate_log in the config to logging in /var/log/nohang/nohang.log.oom-sortoom-sort is an additional diagnostic tool that will be installed with nohang package. It sorts the processes in descending order of their oom_score and also displays oom_score_adj, Uid, Pid, Name, VmRSS, VmSwap and optionally cmdline. Run oom-sort --help for more info. Man page: oom-sort.manpage.md.Usage: Output exampleoom_score oom_score_adj UID PID Name VmRSS VmSwap cmdline--------- ------------- ---- ----- --------------- ------- -------- ------- 23 0 0 964 Xorg 58 M 22 M /usr/libexec/Xorg -background none :0 vt01 -nolisten tcp -novtswitch -auth /var/run/lxdm/lxdm-:0.auth 13 0 1000 1365 pcmanfm 38 M 10 M pcmanfm --desktop --profile LXDE 10 0 1000 1408 dnfdragora-upda 9 M 27 M /usr/bin/python3 /bin/dnfdragora-updater 5 0 0 822 firewalld 0 M 19 M /usr/bin/python3 /usr/sbin/firewalld --nofork --nopid 5 0 1000 1364 lxpanel 18 M 2 M lxpanel --profile LXDE 5 0 1000 1685 nm-applet 6 M 12 M nm-applet 5 0 1000 1862 lxterminal 16 M 2 M lxterminal 4 0 996 890 polkitd 8 M 6 M /usr/lib/polkit-1/polkitd --no-debug 4 0 1000 1703 pnmixer 6 M 11 M pnmixer 3 0

How to Solve the sudo: /usr/bin/sudo must be owned by uid 0

/var/ is probably the most complicated ownership setup in the entire operating system. It's not all root-owned and doing that is about as harmful as letting your user own it all. Some things won't work if you leave it like that, namely the desktop.If you want to see the array of users and owners you're dealing with, look at the following command on a working system:sudo ls -lR /var | awk '/^[^/]/ {print $3 " " $4}' | sort -uOn my system, 59 distinct user/owner combinations in /var/. This is the point where I expect most people give up and reinstall. Let's be honest, if you haven't gone that far with your computer, there isn't going to be much lost from a nice install-over-the-top. It's almost certainly going to be quicker.If you're still reading, you're completely mad but you're in good company. Let's start by owning everything to root:root.sudo chown -R root: /varAnd now we have to correct for the things that aren't and can't be root. I have written short command that shows me the files and directories that aren't owned by root:root.In the output I have trimmed out some things that aren't going to be relevant to a lot of people (nginx, rabbitmq, schroot stuff, lxc, and a lot more). This is all specialist stuff. If you've borked those permissions, ask me for the output and I'll include it. I have also broken down some big directories that are owned by the same user/group all the way through with wildcards.I'm including this output so you can see how things are supposed to be owned. You can manually chown things to approximately the right user/group. oli is my $USER.$ sudo find /var/ -not \( -user 0 -group 0 \) -not -path "/var/lib/schroot/*" -not -path "/var/cache/*" -not -path "/var/tmp/*" -printf "%p,%u:%g\n" | grep -viE "(squeeze|rabbitmq|nginx|lxc|postfix)" | sort -u | column -t -c 80 -s ,/var/backups/gshadow.bak root:shadow/var/backups/shadow.bak root:shadow/var/crash/* root:whoopsie/var/lib/avahi-autoipd/6c:f0:49:54:0b:80 avahi-autoipd:avahi-autoipd/var/lib/avahi-autoipd avahi-autoipd:avahi-autoipd/var/lib/colord/* colord:colord/var/lib/libuuid libuuid:libuuid/var/lib/mlocate/mlocate.db root:mlocate/var/lib/nfs/sm.bak statd:nogroup/var/lib/nfs/sm statd:nogroup/var/lib/nfs statd:nogroup/var/lib/nfs/state statd:root/var/lib/samba/usershares/films oli:oli/var/lib/samba/usershares/incoming oli:oli/var/lib/samba/usershares root:sambashare/var/lib/samba/usershares/tv oli:oli/var/lib/sudo/oli/0 root:oli/var/lib/sudo/oli/10 root:oli/var/lib/sudo/oli/11 root:oli/var/lib/sudo/oli/12 root:oli/var/lib/sudo/oli/13 root:oli/var/lib/sudo/oli/14 root:oli/var/lib/sudo/oli/1 root:oli/var/lib/sudo/oli/2 root:oli/var/lib/sudo/oli/3 root:oli/var/lib/sudo/oli/4 root:oli/var/lib/sudo/oli/5 root:oli/var/lib/sudo/oli/6 root:oli/var/lib/sudo/oli/7 root:oli/var/lib/sudo/oli/8 root:oli/var/lib/sudo/oli/9 root:oli/var/lib/sudo/oli/console root:oli/var/lib/sudo/oli root:oli/var/lib/sudo/oli/tty1 root:oli/var/lib/sudo/oli/tty2 root:oli/var/lib/lightdm/* lightdm:lightdm/var/local root:staff/var/log/apport.log.1 root:adm/var/log/apport.log.2.gz root:adm/var/log/apport.log.3.gz root:adm/var/log/apport.log.4.gz root:adm/var/log/apport.log.5.gz root:adm/var/log/apport.log.6.gz root:adm/var/log/apport.log.7.gz root:adm/var/log/apport.log root:adm/var/log/apt/term.log.1.gz root:adm/var/log/apt/term.log.2.gz root:adm/var/log/apt/term.log.3.gz root:adm/var/log/apt/term.log.4.gz root:adm/var/log/apt/term.log.5.gz root:adm/var/log/apt/term.log.6.gz root:adm/var/log/apt/term.log.7.gz root:adm/var/log/apt/term.log root:adm/var/log/auth.log.1 syslog:adm/var/log/auth.log.2.gz syslog:adm/var/log/auth.log.3.gz syslog:adm/var/log/auth.log.4.gz syslog:adm/var/log/auth.log syslog:adm/var/log/boot root:adm/var/log/btmp.1 root:utmp/var/log/btmp root:utmp/var/log/cups/access_log.1.gz root:adm/var/log/cups/access_log.2.gz root:adm/var/log/cups/access_log.3.gz root:adm/var/log/cups/access_log.4.gz root:adm/var/log/cups/access_log.5.gz root:adm/var/log/cups/access_log.6.gz root:adm/var/log/cups/access_log.7.gz root:adm/var/log/cups/access_log root:adm/var/log/cups/error_log.1.gz root:adm/var/log/cups/error_log.2.gz root:adm/var/log/cups/error_log.3.gz root:adm/var/log/cups/error_log.4.gz root:adm/var/log/cups/error_log.5.gz root:adm/var/log/cups/error_log.6.gz root:adm/var/log/cups/error_log.7.gz root:adm/var/log/cups/error_log root:adm/var/log/cups/page_log.1.gz root:adm/var/log/cups/page_log.2.gz root:adm/var/log/cups/page_log.3.gz root:adm/var/log/cups/page_log.4.gz root:adm/var/log/cups/page_log.5.gz root:adm/var/log/cups/page_log.6.gz root:adm/var/log/cups/page_log.7.gz root:lpadmin/var/log/cups/page_log root:adm/var/log/cups root:lpadmin/var/log/dist-upgrade/20121107-0129/apt-term.log root:adm/var/log/dist-upgrade/20130426-1402/apt-term.log root:adm/var/log/dist-upgrade/apt-term.log root:adm/var/log/dmesg.0 root:adm/var/log/dmesg.1.gz root:adm/var/log/dmesg.2.gz root:adm/var/log/dmesg.3.gz root:adm/var/log/dmesg.4.gz root:adm/var/log/dmesg root:adm/var/log/fail2ban.log.1 root:adm/var/log/fail2ban.log.2.gz root:adm/var/log/fail2ban.log.3.gz root:adm/var/log/fail2ban.log.4.gz root:adm/var/log/fail2ban.log root:adm/var/log/fsck/checkfs root:adm/var/log/fsck/checkroot root:adm/var/log/hp/hp-upgrade.log oli:oli/var/log/hp root:lp/var/log/hp/tmp root:lp/var/log/installer/syslog syslog:adm/var/log/kern.log.1 syslog:adm/var/log/kern.log.2.gz syslog:adm/var/log/kern.log.3.gz syslog:adm/var/log/kern.log.4.gz syslog:adm/var/log/kern.log syslog:adm/var/log/lastlog root:utmp/var/log/mail.err.1 syslog:adm/var/log/mail.err.2.gz syslog:adm/var/log/mail.err.3.gz syslog:adm/var/log/mail.err.4.gz syslog:adm/var/log/mail.err syslog:adm/var/log/mail.log.1 syslog:adm/var/log/mail.log.2.gz syslog:adm/var/log/mail.log.3.gz syslog:adm/var/log/mail.log.4.gz syslog:adm/var/log/mail.log syslog:adm/var/log/news/news.crit syslog:adm/var/log/news/news.err syslog:adm/var/log/news/news.notice syslog:adm/var/log/speech-dispatcher speech-dispatcher:root/var/log/syslog.1 syslog:adm/var/log/syslog.2.gz syslog:adm/var/log/syslog.3.gz syslog:adm/var/log/syslog.4.gz syslog:adm/var/log/syslog.5.gz syslog:adm/var/log/syslog.6.gz syslog:adm/var/log/syslog.7.gz syslog:adm/var/log/syslog syslog:adm/var/log/ufw.log.1 syslog:adm/var/log/ufw.log. sudo: /etc/sudo.conf is owned by uid , should be 0 sudo: /usr/bin/sudo must be owned by uid 0 and have the setuid bit set sudo: /usr/bin/sudo must be owned by uid Or sudo: /usr/bin/sudo must be owned by uid 0 and have the setuid bit set. Reason :This error occurs

sudo: /usr/bin/sudo must be owned by uid 0 and have the setuid

KDE Plasma Desktop and setup a directory share for myIdeaProjects directory. I left all other settings with their default values.I mentioned in the previous section that I started by using QEMU. This is thedefault and requires no additional configuration.I went through the normal install process and waited for it to complete. Afterinstallation, I had to shut the VM down to remove the virtual device for theISO. I started the system and set out to set up a basic development environment: Install any package updates Install the Snap backend for Discovery Install the JetBrains Toolbox Install IntelliJ IDEA Mount the shared directory Open a project from the shared directoryI crossed out that last one because of the issue I alluded to earlier.Arguably, I should have started by trying to mount the shared directory rightafter installation, but hindsight is 20/20. I could mount the share withoutissue by following the documentation:mkdir $HOME/IdeaProjectssudo mount -t 9p -o trans=virtio share $HOME/IdeaProjects -oversion=9p2000.LListing the contents of $HOME/IdeaProjects listed all my projects just as Iexpected! With one exception, they were owned by 501:games. Obviously this wasa UID and GID mismatch between the host and the guest. The documentationsuggested I should be able to run sudo chown -R $USER $HOME/IdeaProjects, butthis led to a permission denied error for every file and directory. A quicksearch showed that this was not an isolated issue which led others to use theSPICE agent with WebDAV over the default of VirtFS and the 9p filesystem.At this point I realized that my CPU fan had been running on high the entiretime the VM had been up. I had also noticed that the system did have somedelayed response times, especially when moving windows. I opted to shut down theVM and try AVF; perhaps the purported performance improvement would be areality.Once more, with feelingFor my second