FAQs
English (US) 日本語 | Japanese 中文 | Chinese (Simplified)

Incorrect permissions for the “sudo” command in 6.12.20

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
SOLVED
Jump to solution

Incorrect permissions for the “sudo” command in 6.12.20

Jump to solution
‎02-04-2026 03:30 AM
895 Views
cedric_starke
Contributor III

Hello community,

I have tried to change the user rights management of the Linux system I am using.
Instead of using root, I would like to add two new users. One as a “normal” user and one as a “sudo” user.

To solve this, I added the following lines to my local.conf:

inherit extrausers
EXTRA_USERS_PARAMS = "\
    useradd -M -N -G sudo -p 'test01' sudo_user; \
    useradd -M -N -G users -p 'test02' normal_user; \
    "

 

This seems to work, as the users are listed in /etc/passwd and /etc/shadow.

To execute root commands, I also need the sudo command. To include this in my package, I added the following to local.conf:

IMAGE_INSTALL:append = " sudo"

 

This installs the sudo command in my package, but the permissions are incorrect and result in the following output:

sudo: /usr/bin/sudo must be owned by uid 0 and have the setuid bit set

 

To solve this problem, I can change the permissions in the running system as follows:

chown root:root /usr/bin/sudo
chmod 4755 /usr/bin/sudo

 

But I need this directly as bitbake output.

 

Does anyone have any idea what I might have overlooked?

 

I am using Linux 6.12.20 for an iMX8M Mini based on the DDR4 EVK and the Bitbake image "fsl-image-machine-test".

The image “imx-image-multimedia” already includes sudo, but the permissions appear to be the same.

0 Kudos
Reply
1 Solution

Jump to solution
‎04-01-2026 01:03 AM
383 Views
cedric_starke
Contributor III

Hi @Oswalag,

Thanks for your reply, but when I run “bitbake”, with this option, I get an error.

In the end, I solved the problem by using a “bbappend” in my own layer, as shown in this example:
https://github.com/stromerbike/meta-medusa-dist/blob/master/recipes-extended/sudo/sudo_%25.bbappend

 

Maybe this will help someone else.

View solution in original post

0 Kudos
Reply
4 Replies

Jump to solution
‎02-06-2026 08:33 PM
841 Views
Oswalag
NXP TechSupport
NXP TechSupport

Hello,

Please check the link below: 

https://unix.stackexchange.com/questions/375433/etc-sudoers-vs-etc-sudoers-d-file-for-enabling-sudo-...

 

0 Kudos
Reply

Jump to solution
‎02-08-2026 10:53 PM
810 Views
cedric_starke
Contributor III

Hi @Oswalag,

Thanks for your reply, but the link has nothing to do with my problem.

I didn't mention in my question that I had already decided to change the sudoers file and comment out the line:

# %sudo ALL=(ALL) ALL

So my sudo user could run sudo IF the sudo command itself had the correct permissions.

 

However, after the YOCTO build, the sudo command shows me the following permissions:

---x--x--x 1 root root 334976 Mar  9  2018 /usr/bin/sudo

To run it as a member of the sudo group, the following is required:

-rwsr-xr-x 1 root root 334976 Mar  9  2018 /bin/sudo

 

Do you have any thoughts on this point

0 Kudos
Reply

Jump to solution
‎02-23-2026 11:20 AM
683 Views
Oswalag
NXP TechSupport
NXP TechSupport

I understand, please try to add to your local.conf

EXTRA_IMAGE_FEATURES += "allow-setuid"

0 Kudos
Reply

Jump to solution
‎04-01-2026 01:03 AM
384 Views
cedric_starke
Contributor III

Hi @Oswalag,

Thanks for your reply, but when I run “bitbake”, with this option, I get an error.

In the end, I solved the problem by using a “bbappend” in my own layer, as shown in this example:
https://github.com/stromerbike/meta-medusa-dist/blob/master/recipes-extended/sudo/sudo_%25.bbappend

 

Maybe this will help someone else.

0 Kudos
Reply
%3CLINGO-SUB%20id%3D%22lingo-sub-2306097%22%20slang%3D%22en-US%22%20mode%3D%22CREATE%22%3EIncorrect%20permissions%20for%20the%20%E2%80%9Csudo%E2%80%9D%20command%20in%206.12.20%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2306097%22%20slang%3D%22en-US%22%20mode%3D%22CREATE%22%3E%3CP%3EHello%20community%2C%3C%2FP%3E%3CP%3EI%20have%20tried%20to%20change%20the%20user%20rights%20management%20of%20the%20Linux%20system%20I%20am%20using.%3CBR%20%2F%3EInstead%20of%20using%20root%2C%20I%20would%20like%20to%20add%20two%20new%20users.%20One%20as%20a%20%E2%80%9Cnormal%E2%80%9D%20user%20and%20one%20as%20a%20%E2%80%9Csudo%E2%80%9D%20user.%3C%2FP%3E%3CP%3ETo%20solve%20this%2C%20I%20added%20the%20following%20lines%20to%20my%20local.conf%3A%3C%2FP%3E%3CPRE%20class%3D%22lia-code-sample%20language-markup%22%3E%3CCODE%3Einherit%20extrausers%0AEXTRA_USERS_PARAMS%20%3D%20%22%5C%0A%20%20%20%20useradd%20-M%20-N%20-G%20sudo%20-p%20'test01'%20sudo_user%3B%20%5C%0A%20%20%20%20useradd%20-M%20-N%20-G%20users%20-p%20'test02'%20normal_user%3B%20%5C%0A%20%20%20%20%22%3C%2FCODE%3E%3C%2FPRE%3E%3CBR%20%2F%3E%3CP%3EThis%20seems%20to%20work%2C%20as%20the%20users%20are%20listed%20in%20%2Fetc%2Fpasswd%20and%20%2Fetc%2Fshadow.%3C%2FP%3E%3CP%3ETo%20execute%20root%20commands%2C%20I%20also%20need%20the%20sudo%20command.%20To%20include%20this%20in%20my%20package%2C%20I%20added%20the%20following%20to%20local.conf%3A%3C%2FP%3E%3CPRE%20class%3D%22lia-code-sample%20language-markup%22%3E%3CCODE%3EIMAGE_INSTALL%3Aappend%20%3D%20%22%20sudo%22%3C%2FCODE%3E%3C%2FPRE%3E%3CBR%20%2F%3E%3CP%3EThis%20installs%20the%20sudo%20command%20in%20my%20package%2C%20but%20the%20permissions%20are%20incorrect%20and%20result%20in%20the%20following%20output%3A%3C%2FP%3E%3CPRE%20class%3D%22lia-code-sample%20language-markup%22%3E%3CCODE%3Esudo%3A%20%2Fusr%2Fbin%2Fsudo%20must%20be%20owned%20by%20uid%200%20and%20have%20the%20setuid%20bit%20set%3C%2FCODE%3E%3C%2FPRE%3E%3CBR%20%2F%3E%3CP%3ETo%20solve%20this%20problem%2C%20I%20can%20change%20the%20permissions%20in%20the%20running%20system%20as%20follows%3A%3C%2FP%3E%3CPRE%20class%3D%22lia-code-sample%20language-markup%22%3E%3CCODE%3Echown%20root%3Aroot%20%2Fusr%2Fbin%2Fsudo%0Achmod%204755%20%2Fusr%2Fbin%2Fsudo%3C%2FCODE%3E%3C%2FPRE%3E%3CBR%20%2F%3E%3CP%3EBut%20I%20need%20this%20directly%20as%20bitbake%20output.%3C%2FP%3E%3CBR%20%2F%3E%3CP%3EDoes%20anyone%20have%20any%20idea%20what%20I%20might%20have%20overlooked%3F%3C%2FP%3E%3CBR%20%2F%3E%3CP%3EI%20am%20using%20Linux%206.12.20%20for%20an%20iMX8M%20Mini%20based%20on%20the%20DDR4%20EVK%20and%20the%20Bitbake%20image%20%22fsl-image-machine-test%22.%3C%2FP%3E%3CP%3EThe%20image%20%E2%80%9Cimx-image-multimedia%E2%80%9D%20already%20includes%20sudo%2C%20but%20the%20permissions%20appear%20to%20be%20the%20same.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-LABS%20id%3D%22lingo-labs-2306097%22%20slang%3D%22en-US%22%20mode%3D%22CREATE%22%3E%3CLINGO-LABEL%3Ei.MX%208M%20%7C%20i.MX%208M%20Mini%20%7C%20i.MX%208M%20Nano%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3ELinux%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3EYocto%20Project%3C%2FLINGO-LABEL%3E%3C%2FLINGO-LABS%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2314045%22%20slang%3D%22en-US%22%20mode%3D%22CREATE%22%20translate%3D%22no%22%3ERe%3A%20Incorrect%20permissions%20for%20the%20%E2%80%9Csudo%E2%80%9D%20command%20in%206.12.20%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2314045%22%20slang%3D%22en-US%22%20mode%3D%22CREATE%22%3E%3CP%3EHello%2C%3C%2FP%3E%0A%3CP%3EPlease%20check%20the%20link%20below%3A%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%3CA%20href%3D%22https%3A%2F%2Funix.stackexchange.com%2Fquestions%2F375433%2Fetc-sudoers-vs-etc-sudoers-d-file-for-enabling-sudo-for-a-user%22%20target%3D%22_blank%22%20rel%3D%22nofollow%20noopener%20noreferrer%22%3Ehttps%3A%2F%2Funix.stackexchange.com%2Fquestions%2F375433%2Fetc-sudoers-vs-etc-sudoers-d-file-for-enabling-sudo-for-a-user%3C%2FA%3E%3C%2FP%3E%0A%3CBR%20%2F%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2314370%22%20slang%3D%22en-US%22%20mode%3D%22CREATE%22%20translate%3D%22no%22%3ERe%3A%20Incorrect%20permissions%20for%20the%20%E2%80%9Csudo%E2%80%9D%20command%20in%206.12.20%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2314370%22%20slang%3D%22en-US%22%20mode%3D%22CREATE%22%3E%3CP%3EHi%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Fcommunity.nxp.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F199933%22%20target%3D%22_blank%22%3E%40Oswalag%3C%2FA%3E%2C%3C%2FP%3E%3CP%3EThanks%20for%20your%20reply%2C%20but%20the%20link%20has%20nothing%20to%20do%20with%20my%20problem.%3C%2FP%3E%3CP%3EI%20didn't%20mention%20in%20my%20question%20that%20I%20had%20already%20decided%20to%20change%20the%20sudoers%20file%20and%20comment%20out%20the%20line%3A%3C%2FP%3E%3CPRE%20class%3D%22lia-code-sample%20language-markup%22%3E%3CCODE%3E%23%20%25sudo%20ALL%3D(ALL)%20ALL%3C%2FCODE%3E%3C%2FPRE%3E%3CP%3ESo%20my%20sudo%20user%20could%20run%20sudo%20IF%20the%20sudo%20command%20itself%20had%20the%20correct%20permissions.%3C%2FP%3E%3CBR%20%2F%3E%3CP%3EHowever%2C%20after%20the%20YOCTO%20build%2C%20the%20sudo%20command%20shows%20me%20the%20following%20permissions%3A%3C%2FP%3E%3CPRE%20class%3D%22lia-code-sample%20language-markup%22%3E%3CCODE%3E---x--x--x%201%20root%20root%20334976%20Mar%20%209%20%202018%20%2Fusr%2Fbin%2Fsudo%3C%2FCODE%3E%3C%2FPRE%3E%3CP%3ETo%20run%20it%20as%20a%20member%20of%20the%20sudo%20group%2C%20the%20following%20is%20required%3A%3C%2FP%3E%3CPRE%20class%3D%22lia-code-sample%20language-markup%22%3E%3CCODE%3E-rwsr-xr-x%201%20root%20root%20334976%20Mar%20%209%20%202018%20%2Fbin%2Fsudo%3C%2FCODE%3E%3C%2FPRE%3E%3CBR%20%2F%3E%3CP%3EDo%20you%20have%20any%20thoughts%20on%20this%20point%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2321433%22%20slang%3D%22en-US%22%20mode%3D%22CREATE%22%20translate%3D%22no%22%3ERe%3A%20Incorrect%20permissions%20for%20the%20%E2%80%9Csudo%E2%80%9D%20command%20in%206.12.20%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2321433%22%20slang%3D%22en-US%22%20mode%3D%22CREATE%22%3E%3CP%3EI%20understand%2C%20please%20try%20to%20add%20to%20your%20local.conf%3C%2FP%3E%0A%3CP%3E%3CSPAN%3EEXTRA_IMAGE_FEATURES%20%2B%3D%20%22allow-setuid%22%3C%2FSPAN%3E%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2343496%22%20slang%3D%22en-US%22%20mode%3D%22CREATE%22%20translate%3D%22no%22%3ERe%3A%20Incorrect%20permissions%20for%20the%20%E2%80%9Csudo%E2%80%9D%20command%20in%206.12.20%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2343496%22%20slang%3D%22en-US%22%20mode%3D%22CREATE%22%3E%3CP%3EHi%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Fcommunity.nxp.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F199933%22%20target%3D%22_blank%22%3E%40Oswalag%3C%2FA%3E%2C%3C%2FP%3E%3CP%3EThanks%20for%20your%20reply%2C%20but%20when%20I%20run%20%E2%80%9Cbitbake%E2%80%9D%2C%20with%20this%20option%2C%20I%20get%20an%20error.%3C%2FP%3E%3CP%3EIn%20the%20end%2C%20I%20solved%20the%20problem%20by%20using%20a%20%E2%80%9Cbbappend%E2%80%9D%20in%20my%20own%20layer%2C%20as%20shown%20in%20this%20example%3A%3CBR%20%2F%3E%3CA%20href%3D%22https%3A%2F%2Fgithub.com%2Fstromerbike%2Fmeta-medusa-dist%2Fblob%2Fmaster%2Frecipes-extended%2Fsudo%2Fsudo_%2525.bbappend%22%20target%3D%22_blank%22%20rel%3D%22nofollow%20noopener%20noreferrer%22%3Ehttps%3A%2F%2Fgithub.com%2Fstromerbike%2Fmeta-medusa-dist%2Fblob%2Fmaster%2Frecipes-extended%2Fsudo%2Fsudo_%2525.bbappend%3C%2FA%3E%3C%2FP%3E%3CBR%20%2F%3E%3CP%3EMaybe%20this%20will%20help%20someone%20else.%3C%2FP%3E%3C%2FLINGO-BODY%3E