/etc/sudoers file with permissions set to 640 instead of 0440: what does it mean?

Question

So I'm still new to GNU/Linux: recently I installed Debian 9.1 with KDE. Now after executing:

stat --format '%a' /etc/sudoers

I found out that my sudoers file has the 640 permissions instead 0440 set. I changed this by running pkexec chmod 0440 /etc/sudoers and inspected the file's contents which seem to be fine.

Now I'd like to know what could have caused these permissions to change and how problematic that is. I only read that this is a security risk.
And what does it mean: does that happen often? How to best prevent these permissions from changing? Continous monitoring of the file's permissions with immediate warnings of any change maybe? Is there a tool for this?

^{I'm not sure whether this question would be more appropriate here or at the Unix & Linux Stack Exchange. I'm more interested in the security-implications.}

score 1 · Answer 1 · answered Jul 31 '17 at 07:40

1

As long as the file is owned by root:root, there's no security risk.
And your changes don't even matter.

You specified that root is not allowed to write to the file.

If not root, who else...?
root can change the permission back

answered Jul 31 '17 at 07:40

user155462

421
2
3

/etc/sudoers file with permissions set to 640 instead of 0440: what does it mean?

1 Answers1