sudo: /etc/sudoers is world writable El Capitan

In all honesty, this problem was easy to fix for me. I went to etc/sudoers, right clicked it, hit Get info, and set it to "System : Read and write" and read only for everyone else. Then I did the same for sudoers.d. That fixed my issue.

Start with trying

diskutil verifyPermissions /

See if that clears up the problem.

If not, then here are the correct ownership and permissions for the path to that file

drwxr-xr-x 37 root wheel 1326 Oct 14 09:50 /

drwxr-xr-x 6 root wheel 204 Oct 31 2014 /private

drwxr-xr-x 26 root wheel 884 Jun 13 15:42 /private/var

drwxr-xr-x 80 root wheel 2720 Oct 14 11:28 /private/var/db

drwx------ 3 root wheel 102 Nov 5 2014 /private/var/db/sudo

sudo chown root:wheel /private/var/db/sudo

sudo chmod 700 /private/var/db/sudo

Bob,

In El Capitan, the ability to verify and repair permissions has been removed from diskutil and from Disk Utility. One can only verify/repair volumes now.

VikingOSX wrote:

Bob,

In El Capitan, the ability to verify and repair permissions has been removed from diskutil and from Disk Utility. One can only verify/repair volumes now.

I was hoping that they just removed it from the Disk Utility GUI.

At least I provided Terminal commands to set the correct permissions, and it did appear that giwrgos was able to get sudo to work, it just issued some annoying messages.

Unless you know what caused the permissions to be corrupted, the only safe course of action is to back up all data and then reinstall the OS. You won't need your backup unless something goes wrong.

You must have wrecked the permissions of every file on the startup volume. If possible, recover from a backup that predates the damage:

OS X El Capitan: Recover your entire system

Otherwise see below.

Back up all data to at least two different storage devices, if you haven't already done so. One backup is not enough to be safe. The backups can be made with Time Machine or with Disk Utility. Preferably both.

Erase and install OS X. This operation will destroy all data on the startup volume, so you had be better be sure of the backups. If you upgraded from an older version of OS X, you'll need the Apple ID and password that you used, so make a note of those before you begin.

When you restart, you'll be prompted to go through the initial setup process. That’s when you transfer the data from a backup.

Select only users in the Setup Assistant dialog—not Applications, Computer & Network Settings, or Other files and folders. Don't transfer the Guest account, if it was enabled.

Then reinstall third-party software.

You can safely chmod the /etc/sudoers file providing you duplicate it first.

Because sudo won't work until you change the permissions on the file, you'll need to use su to enable root user. Take extreme care as you will be at the root of the drive and NOT your User folder, so check you're in the correct location by using the command pwd first. So, type su and after the prompt, your password where the ~username$ will change to a #

Check the current permissions with ls -l /etc/sudoe* which should now list sudoers & sudoers copy with permissions of -rwxrwxrwx which we now need to change to -r--r----- by using the command chmod 440 /etc/sudoers

Recheck the permissions with the ls -l /etc/sudoe* and you should see the two files with these perms

-r--r----- 1 root wheel 2299

-rwxrwxrwx 1 user wheel 2299

type exit to get out of Super User (the prompt will change from a # to $)

now confirm sudo is working by typing

sudo ls -l /etc/sudoe*

Where you should be prompted for your SuperUser password and the same results as above should be listed.

Yes, yes, yes! Thank you!