root@kuiper ~ # sudo echo help sudo: can't open /etc/sudoers: Permission denied root@kuiper ~ # chmod 444 /etc/sudoers root@kuiper ~ # sudo echo help sudo: /etc/sudoers is mode 0444, should be 0440 root@kuiper ~ # chmod 440 /etc/sudoers root@kuiper ~ # sudo echo help sudo: can't open /etc/sudoers: Permission denied root@kuiper ~ # extract from: strace sudo echo help lstat64("/etc/sudoers", {st_mode=S_IFREG|0440, st_size=1663, ...}) = 0 setresgid32(-1, 0, -1) = 0 setresuid32(0, 1, 0) = 0 open("/etc/sudoers", O_RDONLY) = -1 EACCES (Permission denied) geteuid32() = 1 setresuid32(0, 0, 0) = 0 write(2, "sudo: ", 6sudo: ) = 6nd write(2, "can\'t open /etc/sudoers", 23can't open /etc/sudoers) = 23 write(2, ": ", 2: ) = 2 write(2, "Permission denied\n", 18Permission denied ) = 18 root@kuiper ~ # emerge --info sudo Portage 2.0.54 (default-linux/x86/2005.1, gcc-3.4.5, glibc-2.3.5-r2, 2.6.15-gentoo-r1 i686) ================================================================= System uname: 2.6.15-gentoo-r1 i686 Mobile AMD Sempron(tm) Processor 3000+ Gentoo Base System version 1.6.14 dev-lang/python: 2.3.5, 2.4.2 sys-apps/sandbox: 1.2.12 sys-devel/autoconf: 2.13, 2.59-r6 sys-devel/automake: 1.4_p6, 1.5, 1.6.3, 1.7.9-r1, 1.8.5-r3, 1.9.6-r1 sys-devel/binutils: 2.16.1 sys-devel/libtool: 1.5.22 virtual/os-headers: 2.6.11-r2 ACCEPT_KEYWORDS="x86" AUTOCLEAN="yes" CBUILD="i686-pc-linux-gnu" CFLAGS="-O2 -march=athlon-xp" CHOST="i686-pc-linux-gnu" CONFIG_PROTECT="/etc /usr/kde/2/share/config /usr/kde/3.4/env /usr/kde/3.4/share/config /usr/kde/3.4/shutdown /usr/kde/3/share/config /usr/lib/X11/xkb /usr/share/config /usr/share/texmf/dvipdfm/config/ /usr/share/texmf/dvips/config/ /usr/share/texmf/tex/generic/config/ /usr/share/texmf/tex/platex/config/ /usr/share/texmf/xdvi/ /var/qmail/control" CONFIG_PROTECT_MASK="/etc/gconf /etc/terminfo /etc/env.d" CXXFLAGS="-O2 -march=athlon-xp" DISTDIR="/usr/portage/distfiles" FEATURES="autoconfig distlocks sandbox sfperms strict" GENTOO_MIRRORS="http://distfiles.gentoo.org http://distro.ibiblio.org/pub/linux/distributions/gentoo" PKGDIR="/usr/portage/packages" PORTAGE_TMPDIR="/var/tmp" PORTDIR="/usr/portage" SYNC="rsync://rsync.gentoo.org/gentoo-portage" USE="x86 3dnow X Xaw3d a52 aac aalib accessibility acpi aim alsa apm arts audiofile avi bash-completion bcmath berkdb bidi bitmap-fonts blas bluetooth bzip2 calendar cdb cdparanoia cdr cpdflib crypt cscope ctype cups curl curlwrappers dba dbase dbm dbmaker dbx dedicated dga dio directfb divx4linux dv dvb dvd dvdr dvdread eds emacs emacs-w3 emboss encode esd examples exif expat fam fastcgi fbcon fdftk ffmpeg fftw flac flatfile foomaticdb fortran ftp gcj gd gd-external gdbm gif ginac glut gmp gnome gnustep gnutls gphoto2 gpm gstreamer gtk gtk2 guile hal iconv icq ieee1394 imagemagick imap imlib inifile innodb iodbc ipv6 jabber jack java javascript jikes jpeg junit kde ladcca lapack lcms ldap leim lesstif libcaca libedit libg++ libgda libwww lirc lm_sensors m17n-lib mad maildir mailwrapper mcal mhash mikmod mime mmap mmx mng mnogosearch motif mozilla mp3 mpeg mpi msession msn mule mysql mysqli nas ncurses netboot netcdf nls nneXt nocd nptl objc oci8 odbc offensive ofx ogg oggvorbis openal opengl oracle osc oscar oss pam pcmcia pcntl pcre pda pdflib perl php pic plotutils png portaudio posix postgres ppds prelude profile python qdbm qt quicktime readline recode ruby samba sasl sdl session sharedext sharedmem shorten simplexml skey slang slp smartcard sndfile snmp soap sockets source sox speex spell spl sse ssl svg svga symlink sysvipc szip tcltk tcpd test tetex theora threads tidy tiff tokenizer truetype truetype-fonts type1-fonts udev unicode usb v4l vcd vhosts videos vorbis wifi win32codecs wmf wxwindows xface xine xinerama xml xml2 xmlrpc xmms xosd xpm xprint xsl xv xvid yahoo zlib userland_GNU kernel_linux elibc_glibc" Unset: ASFLAGS, CTARGET, LANG, LC_ALL, LDFLAGS, LINGUAS, MAKEOPTS, PORTDIR_OVERLAY root@kuiper ~ #
This shouldn't be restricted.
Reopen with 'ls -ld /' output.