How to modify an invalid '/etc/sudoers' file?












217















How do I edit an invalid sudoers file? It throws the below error and it's not allowing me to edit again to fix it.



Here is what happens:



$ sudo visudo
>>> /etc/sudoers: syntax error near line 28 <<<
sudo: parse error in /etc/sudoers near line 28
sudo: no valid sudoers sources found, quitting









share|improve this question




















  • 2





    great question considering this page creates that error help.ubuntu.com/community/RootSudoTimeout

    – user128334
    Sep 21 '13 at 18:14
















217















How do I edit an invalid sudoers file? It throws the below error and it's not allowing me to edit again to fix it.



Here is what happens:



$ sudo visudo
>>> /etc/sudoers: syntax error near line 28 <<<
sudo: parse error in /etc/sudoers near line 28
sudo: no valid sudoers sources found, quitting









share|improve this question




















  • 2





    great question considering this page creates that error help.ubuntu.com/community/RootSudoTimeout

    – user128334
    Sep 21 '13 at 18:14














217












217








217


89






How do I edit an invalid sudoers file? It throws the below error and it's not allowing me to edit again to fix it.



Here is what happens:



$ sudo visudo
>>> /etc/sudoers: syntax error near line 28 <<<
sudo: parse error in /etc/sudoers near line 28
sudo: no valid sudoers sources found, quitting









share|improve this question
















How do I edit an invalid sudoers file? It throws the below error and it's not allowing me to edit again to fix it.



Here is what happens:



$ sudo visudo
>>> /etc/sudoers: syntax error near line 28 <<<
sudo: parse error in /etc/sudoers near line 28
sudo: no valid sudoers sources found, quitting






sudo visudo






share|improve this question















share|improve this question













share|improve this question




share|improve this question








edited Jan 16 at 21:27









wjandrea

8,63442260




8,63442260










asked Oct 30 '11 at 19:15









YumYumYumYumYumYum

4,5023286133




4,5023286133








  • 2





    great question considering this page creates that error help.ubuntu.com/community/RootSudoTimeout

    – user128334
    Sep 21 '13 at 18:14














  • 2





    great question considering this page creates that error help.ubuntu.com/community/RootSudoTimeout

    – user128334
    Sep 21 '13 at 18:14








2




2





great question considering this page creates that error help.ubuntu.com/community/RootSudoTimeout

– user128334
Sep 21 '13 at 18:14





great question considering this page creates that error help.ubuntu.com/community/RootSudoTimeout

– user128334
Sep 21 '13 at 18:14










11 Answers
11






active

oldest

votes


















335





+50









On a modern Ubuntu system (and many other GNU/Linux distributions), fixing a corrupted sudoers file is actually quite easy, and doesn't require rebooting, using a live CD, or physical access to the machine.



To do this via SSH, log in to the machine and run the command pkexec visudo. If you have physical access to the machine, SSH is unnecessary; just open a Terminal window and run that pkexec command.



Assuming you (or some other user) are authorized to run programs as root with PolicyKit, you can enter your password, and then it will run visudo as root, and you can fix your /etc/sudoers.



If you need to edit one of the configuration files in /etc/sudoers.d (which in uncommon in this situation, but possible), use pkexec visudo -f /etc/sudoers.d/filename.



If you have a related situation where you have to perform additional system administration commands as root to fix the problem (also uncommon in this circumstance, but common in others), you can start an interactive root shell with pkexec bash. Generally speaking, any non-graphical command you'd run with sudo can be run with pkexec instead.



(If there is more than one user account on the system authorized to run programs as root with PolicyKit, then for any of those actions, you'll be asked to select which one you want to use, before being asked for your password.)





If that doesn't work--for example, if there are no users authorized to run programs as root via PolicyKit--then boot from an Ubuntu live CD (like the CD you probably used to install Ubuntu) and mount the filesystem for the installed system. You can do this by running sudo parted -l to view your partitions--there is probably just one ext4 partition, and that's the root filesystem.

Suppose the installed Ubuntu system's root filesystem is on /dev/sda1. Then you could mount it with sudo mount /dev/sda1 /mnt. Then you can edit the installed system's sudoers file with sudo nano -w /mnt/etc/sudoers. Or, even better, you can edit it with



sudo visudo -f /mnt/etc/sudoers


(which will prevent you from saving a sudoers file with incorrect syntax).






share|improve this answer





















  • 7





    pkexec /usr/sbin/visudo worked on debian 7

    – marinara
    Mar 5 '14 at 1:33






  • 10





    HOLY COW! Thanks a LOT! Saved my bacon. Added a file as suggested into etc/sudoers.d/ directory USING A REGULAR TEXT EDITOR (D-O-N-T__D-O__T-H-A-T!!!). Lost all ability to do elevated privileges, INCLUDING, editing the offending file. This helped edit the file. Weird though, I had to edit /etc/sudoers first, then it found the errors in the other file and opened that for me. EVEN WEIRDER, the directive in /etc/sudoers file 'inlcudedir /etc/sudoers.d' was commented out, and it still includes it.

    – Dennis
    Apr 5 '15 at 3:15






  • 3





    @Dennis Somewhat confusingly, #include directives in sudoers files are treated specially; the leading # does not cause the rest of the line to be interpreted as a comment, in that case. As man sudoers says: "The pound sign (‘#’) is used to indicate a comment (unless it is part of a #include directive or unless..." See also visudo: #includedir sudoers.d (archived from lzone.de/blog).

    – Eliah Kagan
    Apr 5 '15 at 3:49






  • 5





    My user is sudoer but i got this error: Error executing command as another user: Not authorized

    – SuB
    Oct 30 '16 at 10:05






  • 1





    In Ubuntu 16.04, pkexec visudo asks for a password, which does not accept the correct password. It throws an "AUTHENTICATION FAILED" error.

    – Juha Untinen
    Aug 14 '18 at 9:30



















47














Always use visudo to edit your sudoers file, never edit it directly yourself. It will prevent you saving it to disk unless it validates.






share|improve this answer





















  • 14





    hindsight is 20/20

    – code_monk
    Jan 9 '15 at 1:57






  • 4





    It won't prevent disaster. It's easy enough to validly deny yourself.

    – Joshua
    Oct 5 '15 at 22:02











  • Can visudo be used by scritps? If so, how?

    – Lukas
    Jul 7 '16 at 15:01











  • I don't have visudo installed. So I did pkexec vim. Then it shows the list of users and asks for password. When I provide password, it throws error as " Error executing command as another user: Not authorized". Please help

    – Shyamkkhadka
    May 24 '18 at 5:48



















22














Type in:



pkexec visudo


Then change last line



#includedir /etc/sudoers


To:



#includedir /etc/sudoers.d


It should solve your problem.






share|improve this answer





















  • 1





    I've noticed that removing the leading # from #includedir causes syntax errors, the # is part of the directive, at least on Ubuntu 12.10.

    – SAFX
    Apr 5 '13 at 2:46











  • That just saved me a lot of headache. Thanks a ton :)

    – Nitroware
    Jul 16 '17 at 18:29











  • I don't have visudo installed. So I did pkexec vim. Then it shows the list of users and asks for password. When I provide password, it throws error as " Error executing command as another user: Not authorized". Please help

    – Shyamkkhadka
    May 24 '18 at 5:48



















11














if anyone else like me didn't have pkexec installed, or was not able to run vi, visudo, nano or any other editor to change sudoers file you can be sure with this process.. I was saved with this:




  • reboot

  • hold shift key while booting to have option for recovery mode (enter it)

  • enter command line as root (second last option at my grub menu)


  • remount boot device for rw, and apply exec right for user, and edit file



    mount -n -o remount,rw /
    chmod u+x /etc/sudoers
    nano /etc/sudoers



fix that mistake and be happy :)






share|improve this answer


























  • While pkexec solution suggested by @eliah-kagan seems to be easier, this one is more universal. On my machine it turned out that there is no pkexec installed and of course I could not install it because sudo apt-get install pkexec somehow did not work.

    – running.t
    Oct 15 '15 at 14:06











  • Also within this approach I would use visudo instead nano /etc/sudoers.

    – pa4080
    Dec 3 '18 at 12:38



















7














If you messed up your sudoers file, you'll need to:




  • Reboot into recovery mode (hit escape during boot, choose the recovery mode option on the grub screen)

  • Choose the 'Enable networking' option (if you don't your filesystem will be mounted as read-only. who knew)

  • Chosee the 'Drop to root shell' option

  • run visudo, fix your file

  • Reboot with normal grub option


source :- http://mario.net.au/content/recover-etcsudoers-ubuntu-1204






share|improve this answer


























  • Hi, does it removes the iptables, files of existing system ?

    – Shyamkkhadka
    May 24 '18 at 7:48



















6














There is nothing wrong #include sudoer.d
removing #include sudoer.d won't make any difference.



But please make sure you don't have any syntax errors.
I had same issue but and spent hours to fix and just figured out they are syntax errors.
Refer to manual and make them right.



For example
Say your username is : dolly
I used following which is wrong



 dolly ALL = (ALL) ALL NO PASSWD: ALL


correct syntax is



dolly ALL = (ALL) ALL //give permission to everything, not good


or



dolly ALL=(ALL) NOPASSWD:/usr/bin/thurderbird //good, give specific permission


hope this helps






share|improve this answer
























  • A better approach than making sure you don't have syntax errors is to always use visudo when editing these files, which makes sure you don't have syntax errors for you, before it modifies file. visudo is not just for editing /etc/sudoers--it will also create and edit files in /etc/sudoers.d. It will also work with whatever text editor you want. See the manpage for details.

    – Eliah Kagan
    Jul 3 '12 at 0:12













  • As for giving specific permission, please note that this is only useful for very simple commands/apps, because any sufficiently complex app (including thunderbird, which should never be run as root anyway) will effectively give the user full system access when run as root. Even seemingly simple functionality opens the door to full root access. For example, a user who can run a program that can save a file to an arbitrary location as root can gain full root access (they can install their own /etc/sudoers, or if syntax limitations prevent that, they can install their own /etc/crontab).

    – Eliah Kagan
    Jul 3 '12 at 0:16



















3














run recovery mode then type this



chown -R root:root /etc/sudoers.d
chmod u=rwx,g=rx,o=rx /etc/sudoers.d/
chmod u=r,g=r,o= /etc/sudoers.d/*


only the group and user root should have read privelege






share|improve this answer































    3














    You can also login as root on a tty console with Ctrl+Fn (Fn from 1 to 6) and run visudo.






    share|improve this answer

































      2














      You can edit your boot entry while in grub as well.



      Simply reboot your pc, and wait for grub to show. Then press "e" on the "Ubuntu" entry to edit it.



      Look for a line with "linux = " or "kernel = " and simply add an "single" to the end of that line.



      Then press F10 to boot this temporarily modified boot entry.
      This will give you a shell (without GUI) with root rights and you can edit the sudoers file with s.th. like nano /etc/sudoers back to its previous state.



      Then reboot and its done.






      share|improve this answer































        2














        pkexec visudo


        then revert your mistakes






        share|improve this answer





















        • 1





          not necessary to use pkexec

          – Braiam
          Jan 1 '14 at 12:01











        • @Braiam visudo has to be run as root. If sudo doesn't work, pkexec sometimes does. This is covered by my earlier answer... but it is a correct answer, visudo by itself (when not run as root) will not work, and there may be value in correct, brief answers even when their recommendations overlap considerably with other answers. Of course, if one goes into recovery mode, that's a root shell and then neither sudo nor visudo is necessary for commands like pkexec. Maybe that's what you mean...

          – Eliah Kagan
          Mar 29 '14 at 5:30





















        0














        In Ubuntu 16.04 running on a VirtualBox (shouldn't make a difference), the above methods didn't work for me (invalid row in the end of the file). What did work was:




        1. Restart the VirtualBox

        2. Let it boot normally, until it asks for your username & password in the console

        3. Login normally with your username

        4. Then when you end up in the console (provided your box doesn't boot into a GUI), simply give the command su - and then give your own username's password.

        5. It should now end up in root@ubuntu-xenial:~# prompt, if the /etc/sudoers isn't too broken or empty. Not sure what would happen in that case.

        6. Then you can simply run visudo and fix the file.

        7. Then Ctrl + X and it will prompt to Save modified buffer. Press Y and Enter

        8. Restart the box and it should work now.


        In case your /etc/sudoers is empty or missing something, and you can edit it, then here's the contents of mine:



        Defaults env_reset
        Defaults mail_badpass
        Defaults secure_path="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/snap/bin"

        root ALL=(ALL:ALL) ALL

        %admin ALL=(ALL) ALL

        %sudo ALL=(ALL:ALL) ALL





        share|improve this answer































          11 Answers
          11






          active

          oldest

          votes








          11 Answers
          11






          active

          oldest

          votes









          active

          oldest

          votes






          active

          oldest

          votes









          335





          +50









          On a modern Ubuntu system (and many other GNU/Linux distributions), fixing a corrupted sudoers file is actually quite easy, and doesn't require rebooting, using a live CD, or physical access to the machine.



          To do this via SSH, log in to the machine and run the command pkexec visudo. If you have physical access to the machine, SSH is unnecessary; just open a Terminal window and run that pkexec command.



          Assuming you (or some other user) are authorized to run programs as root with PolicyKit, you can enter your password, and then it will run visudo as root, and you can fix your /etc/sudoers.



          If you need to edit one of the configuration files in /etc/sudoers.d (which in uncommon in this situation, but possible), use pkexec visudo -f /etc/sudoers.d/filename.



          If you have a related situation where you have to perform additional system administration commands as root to fix the problem (also uncommon in this circumstance, but common in others), you can start an interactive root shell with pkexec bash. Generally speaking, any non-graphical command you'd run with sudo can be run with pkexec instead.



          (If there is more than one user account on the system authorized to run programs as root with PolicyKit, then for any of those actions, you'll be asked to select which one you want to use, before being asked for your password.)





          If that doesn't work--for example, if there are no users authorized to run programs as root via PolicyKit--then boot from an Ubuntu live CD (like the CD you probably used to install Ubuntu) and mount the filesystem for the installed system. You can do this by running sudo parted -l to view your partitions--there is probably just one ext4 partition, and that's the root filesystem.

          Suppose the installed Ubuntu system's root filesystem is on /dev/sda1. Then you could mount it with sudo mount /dev/sda1 /mnt. Then you can edit the installed system's sudoers file with sudo nano -w /mnt/etc/sudoers. Or, even better, you can edit it with



          sudo visudo -f /mnt/etc/sudoers


          (which will prevent you from saving a sudoers file with incorrect syntax).






          share|improve this answer





















          • 7





            pkexec /usr/sbin/visudo worked on debian 7

            – marinara
            Mar 5 '14 at 1:33






          • 10





            HOLY COW! Thanks a LOT! Saved my bacon. Added a file as suggested into etc/sudoers.d/ directory USING A REGULAR TEXT EDITOR (D-O-N-T__D-O__T-H-A-T!!!). Lost all ability to do elevated privileges, INCLUDING, editing the offending file. This helped edit the file. Weird though, I had to edit /etc/sudoers first, then it found the errors in the other file and opened that for me. EVEN WEIRDER, the directive in /etc/sudoers file 'inlcudedir /etc/sudoers.d' was commented out, and it still includes it.

            – Dennis
            Apr 5 '15 at 3:15






          • 3





            @Dennis Somewhat confusingly, #include directives in sudoers files are treated specially; the leading # does not cause the rest of the line to be interpreted as a comment, in that case. As man sudoers says: "The pound sign (‘#’) is used to indicate a comment (unless it is part of a #include directive or unless..." See also visudo: #includedir sudoers.d (archived from lzone.de/blog).

            – Eliah Kagan
            Apr 5 '15 at 3:49






          • 5





            My user is sudoer but i got this error: Error executing command as another user: Not authorized

            – SuB
            Oct 30 '16 at 10:05






          • 1





            In Ubuntu 16.04, pkexec visudo asks for a password, which does not accept the correct password. It throws an "AUTHENTICATION FAILED" error.

            – Juha Untinen
            Aug 14 '18 at 9:30
















          335





          +50









          On a modern Ubuntu system (and many other GNU/Linux distributions), fixing a corrupted sudoers file is actually quite easy, and doesn't require rebooting, using a live CD, or physical access to the machine.



          To do this via SSH, log in to the machine and run the command pkexec visudo. If you have physical access to the machine, SSH is unnecessary; just open a Terminal window and run that pkexec command.



          Assuming you (or some other user) are authorized to run programs as root with PolicyKit, you can enter your password, and then it will run visudo as root, and you can fix your /etc/sudoers.



          If you need to edit one of the configuration files in /etc/sudoers.d (which in uncommon in this situation, but possible), use pkexec visudo -f /etc/sudoers.d/filename.



          If you have a related situation where you have to perform additional system administration commands as root to fix the problem (also uncommon in this circumstance, but common in others), you can start an interactive root shell with pkexec bash. Generally speaking, any non-graphical command you'd run with sudo can be run with pkexec instead.



          (If there is more than one user account on the system authorized to run programs as root with PolicyKit, then for any of those actions, you'll be asked to select which one you want to use, before being asked for your password.)





          If that doesn't work--for example, if there are no users authorized to run programs as root via PolicyKit--then boot from an Ubuntu live CD (like the CD you probably used to install Ubuntu) and mount the filesystem for the installed system. You can do this by running sudo parted -l to view your partitions--there is probably just one ext4 partition, and that's the root filesystem.

          Suppose the installed Ubuntu system's root filesystem is on /dev/sda1. Then you could mount it with sudo mount /dev/sda1 /mnt. Then you can edit the installed system's sudoers file with sudo nano -w /mnt/etc/sudoers. Or, even better, you can edit it with



          sudo visudo -f /mnt/etc/sudoers


          (which will prevent you from saving a sudoers file with incorrect syntax).






          share|improve this answer





















          • 7





            pkexec /usr/sbin/visudo worked on debian 7

            – marinara
            Mar 5 '14 at 1:33






          • 10





            HOLY COW! Thanks a LOT! Saved my bacon. Added a file as suggested into etc/sudoers.d/ directory USING A REGULAR TEXT EDITOR (D-O-N-T__D-O__T-H-A-T!!!). Lost all ability to do elevated privileges, INCLUDING, editing the offending file. This helped edit the file. Weird though, I had to edit /etc/sudoers first, then it found the errors in the other file and opened that for me. EVEN WEIRDER, the directive in /etc/sudoers file 'inlcudedir /etc/sudoers.d' was commented out, and it still includes it.

            – Dennis
            Apr 5 '15 at 3:15






          • 3





            @Dennis Somewhat confusingly, #include directives in sudoers files are treated specially; the leading # does not cause the rest of the line to be interpreted as a comment, in that case. As man sudoers says: "The pound sign (‘#’) is used to indicate a comment (unless it is part of a #include directive or unless..." See also visudo: #includedir sudoers.d (archived from lzone.de/blog).

            – Eliah Kagan
            Apr 5 '15 at 3:49






          • 5





            My user is sudoer but i got this error: Error executing command as another user: Not authorized

            – SuB
            Oct 30 '16 at 10:05






          • 1





            In Ubuntu 16.04, pkexec visudo asks for a password, which does not accept the correct password. It throws an "AUTHENTICATION FAILED" error.

            – Juha Untinen
            Aug 14 '18 at 9:30














          335





          +50







          335





          +50



          335




          +50





          On a modern Ubuntu system (and many other GNU/Linux distributions), fixing a corrupted sudoers file is actually quite easy, and doesn't require rebooting, using a live CD, or physical access to the machine.



          To do this via SSH, log in to the machine and run the command pkexec visudo. If you have physical access to the machine, SSH is unnecessary; just open a Terminal window and run that pkexec command.



          Assuming you (or some other user) are authorized to run programs as root with PolicyKit, you can enter your password, and then it will run visudo as root, and you can fix your /etc/sudoers.



          If you need to edit one of the configuration files in /etc/sudoers.d (which in uncommon in this situation, but possible), use pkexec visudo -f /etc/sudoers.d/filename.



          If you have a related situation where you have to perform additional system administration commands as root to fix the problem (also uncommon in this circumstance, but common in others), you can start an interactive root shell with pkexec bash. Generally speaking, any non-graphical command you'd run with sudo can be run with pkexec instead.



          (If there is more than one user account on the system authorized to run programs as root with PolicyKit, then for any of those actions, you'll be asked to select which one you want to use, before being asked for your password.)





          If that doesn't work--for example, if there are no users authorized to run programs as root via PolicyKit--then boot from an Ubuntu live CD (like the CD you probably used to install Ubuntu) and mount the filesystem for the installed system. You can do this by running sudo parted -l to view your partitions--there is probably just one ext4 partition, and that's the root filesystem.

          Suppose the installed Ubuntu system's root filesystem is on /dev/sda1. Then you could mount it with sudo mount /dev/sda1 /mnt. Then you can edit the installed system's sudoers file with sudo nano -w /mnt/etc/sudoers. Or, even better, you can edit it with



          sudo visudo -f /mnt/etc/sudoers


          (which will prevent you from saving a sudoers file with incorrect syntax).






          share|improve this answer















          On a modern Ubuntu system (and many other GNU/Linux distributions), fixing a corrupted sudoers file is actually quite easy, and doesn't require rebooting, using a live CD, or physical access to the machine.



          To do this via SSH, log in to the machine and run the command pkexec visudo. If you have physical access to the machine, SSH is unnecessary; just open a Terminal window and run that pkexec command.



          Assuming you (or some other user) are authorized to run programs as root with PolicyKit, you can enter your password, and then it will run visudo as root, and you can fix your /etc/sudoers.



          If you need to edit one of the configuration files in /etc/sudoers.d (which in uncommon in this situation, but possible), use pkexec visudo -f /etc/sudoers.d/filename.



          If you have a related situation where you have to perform additional system administration commands as root to fix the problem (also uncommon in this circumstance, but common in others), you can start an interactive root shell with pkexec bash. Generally speaking, any non-graphical command you'd run with sudo can be run with pkexec instead.



          (If there is more than one user account on the system authorized to run programs as root with PolicyKit, then for any of those actions, you'll be asked to select which one you want to use, before being asked for your password.)





          If that doesn't work--for example, if there are no users authorized to run programs as root via PolicyKit--then boot from an Ubuntu live CD (like the CD you probably used to install Ubuntu) and mount the filesystem for the installed system. You can do this by running sudo parted -l to view your partitions--there is probably just one ext4 partition, and that's the root filesystem.

          Suppose the installed Ubuntu system's root filesystem is on /dev/sda1. Then you could mount it with sudo mount /dev/sda1 /mnt. Then you can edit the installed system's sudoers file with sudo nano -w /mnt/etc/sudoers. Or, even better, you can edit it with



          sudo visudo -f /mnt/etc/sudoers


          (which will prevent you from saving a sudoers file with incorrect syntax).







          share|improve this answer














          share|improve this answer



          share|improve this answer








          edited Aug 16 '13 at 6:30

























          answered Oct 30 '11 at 19:45









          Eliah KaganEliah Kagan

          81.9k21227364




          81.9k21227364








          • 7





            pkexec /usr/sbin/visudo worked on debian 7

            – marinara
            Mar 5 '14 at 1:33






          • 10





            HOLY COW! Thanks a LOT! Saved my bacon. Added a file as suggested into etc/sudoers.d/ directory USING A REGULAR TEXT EDITOR (D-O-N-T__D-O__T-H-A-T!!!). Lost all ability to do elevated privileges, INCLUDING, editing the offending file. This helped edit the file. Weird though, I had to edit /etc/sudoers first, then it found the errors in the other file and opened that for me. EVEN WEIRDER, the directive in /etc/sudoers file 'inlcudedir /etc/sudoers.d' was commented out, and it still includes it.

            – Dennis
            Apr 5 '15 at 3:15






          • 3





            @Dennis Somewhat confusingly, #include directives in sudoers files are treated specially; the leading # does not cause the rest of the line to be interpreted as a comment, in that case. As man sudoers says: "The pound sign (‘#’) is used to indicate a comment (unless it is part of a #include directive or unless..." See also visudo: #includedir sudoers.d (archived from lzone.de/blog).

            – Eliah Kagan
            Apr 5 '15 at 3:49






          • 5





            My user is sudoer but i got this error: Error executing command as another user: Not authorized

            – SuB
            Oct 30 '16 at 10:05






          • 1





            In Ubuntu 16.04, pkexec visudo asks for a password, which does not accept the correct password. It throws an "AUTHENTICATION FAILED" error.

            – Juha Untinen
            Aug 14 '18 at 9:30














          • 7





            pkexec /usr/sbin/visudo worked on debian 7

            – marinara
            Mar 5 '14 at 1:33






          • 10





            HOLY COW! Thanks a LOT! Saved my bacon. Added a file as suggested into etc/sudoers.d/ directory USING A REGULAR TEXT EDITOR (D-O-N-T__D-O__T-H-A-T!!!). Lost all ability to do elevated privileges, INCLUDING, editing the offending file. This helped edit the file. Weird though, I had to edit /etc/sudoers first, then it found the errors in the other file and opened that for me. EVEN WEIRDER, the directive in /etc/sudoers file 'inlcudedir /etc/sudoers.d' was commented out, and it still includes it.

            – Dennis
            Apr 5 '15 at 3:15






          • 3





            @Dennis Somewhat confusingly, #include directives in sudoers files are treated specially; the leading # does not cause the rest of the line to be interpreted as a comment, in that case. As man sudoers says: "The pound sign (‘#’) is used to indicate a comment (unless it is part of a #include directive or unless..." See also visudo: #includedir sudoers.d (archived from lzone.de/blog).

            – Eliah Kagan
            Apr 5 '15 at 3:49






          • 5





            My user is sudoer but i got this error: Error executing command as another user: Not authorized

            – SuB
            Oct 30 '16 at 10:05






          • 1





            In Ubuntu 16.04, pkexec visudo asks for a password, which does not accept the correct password. It throws an "AUTHENTICATION FAILED" error.

            – Juha Untinen
            Aug 14 '18 at 9:30








          7




          7





          pkexec /usr/sbin/visudo worked on debian 7

          – marinara
          Mar 5 '14 at 1:33





          pkexec /usr/sbin/visudo worked on debian 7

          – marinara
          Mar 5 '14 at 1:33




          10




          10





          HOLY COW! Thanks a LOT! Saved my bacon. Added a file as suggested into etc/sudoers.d/ directory USING A REGULAR TEXT EDITOR (D-O-N-T__D-O__T-H-A-T!!!). Lost all ability to do elevated privileges, INCLUDING, editing the offending file. This helped edit the file. Weird though, I had to edit /etc/sudoers first, then it found the errors in the other file and opened that for me. EVEN WEIRDER, the directive in /etc/sudoers file 'inlcudedir /etc/sudoers.d' was commented out, and it still includes it.

          – Dennis
          Apr 5 '15 at 3:15





          HOLY COW! Thanks a LOT! Saved my bacon. Added a file as suggested into etc/sudoers.d/ directory USING A REGULAR TEXT EDITOR (D-O-N-T__D-O__T-H-A-T!!!). Lost all ability to do elevated privileges, INCLUDING, editing the offending file. This helped edit the file. Weird though, I had to edit /etc/sudoers first, then it found the errors in the other file and opened that for me. EVEN WEIRDER, the directive in /etc/sudoers file 'inlcudedir /etc/sudoers.d' was commented out, and it still includes it.

          – Dennis
          Apr 5 '15 at 3:15




          3




          3





          @Dennis Somewhat confusingly, #include directives in sudoers files are treated specially; the leading # does not cause the rest of the line to be interpreted as a comment, in that case. As man sudoers says: "The pound sign (‘#’) is used to indicate a comment (unless it is part of a #include directive or unless..." See also visudo: #includedir sudoers.d (archived from lzone.de/blog).

          – Eliah Kagan
          Apr 5 '15 at 3:49





          @Dennis Somewhat confusingly, #include directives in sudoers files are treated specially; the leading # does not cause the rest of the line to be interpreted as a comment, in that case. As man sudoers says: "The pound sign (‘#’) is used to indicate a comment (unless it is part of a #include directive or unless..." See also visudo: #includedir sudoers.d (archived from lzone.de/blog).

          – Eliah Kagan
          Apr 5 '15 at 3:49




          5




          5





          My user is sudoer but i got this error: Error executing command as another user: Not authorized

          – SuB
          Oct 30 '16 at 10:05





          My user is sudoer but i got this error: Error executing command as another user: Not authorized

          – SuB
          Oct 30 '16 at 10:05




          1




          1





          In Ubuntu 16.04, pkexec visudo asks for a password, which does not accept the correct password. It throws an "AUTHENTICATION FAILED" error.

          – Juha Untinen
          Aug 14 '18 at 9:30





          In Ubuntu 16.04, pkexec visudo asks for a password, which does not accept the correct password. It throws an "AUTHENTICATION FAILED" error.

          – Juha Untinen
          Aug 14 '18 at 9:30













          47














          Always use visudo to edit your sudoers file, never edit it directly yourself. It will prevent you saving it to disk unless it validates.






          share|improve this answer





















          • 14





            hindsight is 20/20

            – code_monk
            Jan 9 '15 at 1:57






          • 4





            It won't prevent disaster. It's easy enough to validly deny yourself.

            – Joshua
            Oct 5 '15 at 22:02











          • Can visudo be used by scritps? If so, how?

            – Lukas
            Jul 7 '16 at 15:01











          • I don't have visudo installed. So I did pkexec vim. Then it shows the list of users and asks for password. When I provide password, it throws error as " Error executing command as another user: Not authorized". Please help

            – Shyamkkhadka
            May 24 '18 at 5:48
















          47














          Always use visudo to edit your sudoers file, never edit it directly yourself. It will prevent you saving it to disk unless it validates.






          share|improve this answer





















          • 14





            hindsight is 20/20

            – code_monk
            Jan 9 '15 at 1:57






          • 4





            It won't prevent disaster. It's easy enough to validly deny yourself.

            – Joshua
            Oct 5 '15 at 22:02











          • Can visudo be used by scritps? If so, how?

            – Lukas
            Jul 7 '16 at 15:01











          • I don't have visudo installed. So I did pkexec vim. Then it shows the list of users and asks for password. When I provide password, it throws error as " Error executing command as another user: Not authorized". Please help

            – Shyamkkhadka
            May 24 '18 at 5:48














          47












          47








          47







          Always use visudo to edit your sudoers file, never edit it directly yourself. It will prevent you saving it to disk unless it validates.






          share|improve this answer















          Always use visudo to edit your sudoers file, never edit it directly yourself. It will prevent you saving it to disk unless it validates.







          share|improve this answer














          share|improve this answer



          share|improve this answer








          edited Apr 19 '12 at 1:55









          tantrix

          1032




          1032










          answered Nov 20 '11 at 17:08









          CaesiumCaesium

          11.5k33147




          11.5k33147








          • 14





            hindsight is 20/20

            – code_monk
            Jan 9 '15 at 1:57






          • 4





            It won't prevent disaster. It's easy enough to validly deny yourself.

            – Joshua
            Oct 5 '15 at 22:02











          • Can visudo be used by scritps? If so, how?

            – Lukas
            Jul 7 '16 at 15:01











          • I don't have visudo installed. So I did pkexec vim. Then it shows the list of users and asks for password. When I provide password, it throws error as " Error executing command as another user: Not authorized". Please help

            – Shyamkkhadka
            May 24 '18 at 5:48














          • 14





            hindsight is 20/20

            – code_monk
            Jan 9 '15 at 1:57






          • 4





            It won't prevent disaster. It's easy enough to validly deny yourself.

            – Joshua
            Oct 5 '15 at 22:02











          • Can visudo be used by scritps? If so, how?

            – Lukas
            Jul 7 '16 at 15:01











          • I don't have visudo installed. So I did pkexec vim. Then it shows the list of users and asks for password. When I provide password, it throws error as " Error executing command as another user: Not authorized". Please help

            – Shyamkkhadka
            May 24 '18 at 5:48








          14




          14





          hindsight is 20/20

          – code_monk
          Jan 9 '15 at 1:57





          hindsight is 20/20

          – code_monk
          Jan 9 '15 at 1:57




          4




          4





          It won't prevent disaster. It's easy enough to validly deny yourself.

          – Joshua
          Oct 5 '15 at 22:02





          It won't prevent disaster. It's easy enough to validly deny yourself.

          – Joshua
          Oct 5 '15 at 22:02













          Can visudo be used by scritps? If so, how?

          – Lukas
          Jul 7 '16 at 15:01





          Can visudo be used by scritps? If so, how?

          – Lukas
          Jul 7 '16 at 15:01













          I don't have visudo installed. So I did pkexec vim. Then it shows the list of users and asks for password. When I provide password, it throws error as " Error executing command as another user: Not authorized". Please help

          – Shyamkkhadka
          May 24 '18 at 5:48





          I don't have visudo installed. So I did pkexec vim. Then it shows the list of users and asks for password. When I provide password, it throws error as " Error executing command as another user: Not authorized". Please help

          – Shyamkkhadka
          May 24 '18 at 5:48











          22














          Type in:



          pkexec visudo


          Then change last line



          #includedir /etc/sudoers


          To:



          #includedir /etc/sudoers.d


          It should solve your problem.






          share|improve this answer





















          • 1





            I've noticed that removing the leading # from #includedir causes syntax errors, the # is part of the directive, at least on Ubuntu 12.10.

            – SAFX
            Apr 5 '13 at 2:46











          • That just saved me a lot of headache. Thanks a ton :)

            – Nitroware
            Jul 16 '17 at 18:29











          • I don't have visudo installed. So I did pkexec vim. Then it shows the list of users and asks for password. When I provide password, it throws error as " Error executing command as another user: Not authorized". Please help

            – Shyamkkhadka
            May 24 '18 at 5:48
















          22














          Type in:



          pkexec visudo


          Then change last line



          #includedir /etc/sudoers


          To:



          #includedir /etc/sudoers.d


          It should solve your problem.






          share|improve this answer





















          • 1





            I've noticed that removing the leading # from #includedir causes syntax errors, the # is part of the directive, at least on Ubuntu 12.10.

            – SAFX
            Apr 5 '13 at 2:46











          • That just saved me a lot of headache. Thanks a ton :)

            – Nitroware
            Jul 16 '17 at 18:29











          • I don't have visudo installed. So I did pkexec vim. Then it shows the list of users and asks for password. When I provide password, it throws error as " Error executing command as another user: Not authorized". Please help

            – Shyamkkhadka
            May 24 '18 at 5:48














          22












          22








          22







          Type in:



          pkexec visudo


          Then change last line



          #includedir /etc/sudoers


          To:



          #includedir /etc/sudoers.d


          It should solve your problem.






          share|improve this answer















          Type in:



          pkexec visudo


          Then change last line



          #includedir /etc/sudoers


          To:



          #includedir /etc/sudoers.d


          It should solve your problem.







          share|improve this answer














          share|improve this answer



          share|improve this answer








          edited Apr 8 '16 at 9:58









          muru

          1




          1










          answered Feb 21 '13 at 18:23









          Andrej BurcevAndrej Burcev

          32122




          32122








          • 1





            I've noticed that removing the leading # from #includedir causes syntax errors, the # is part of the directive, at least on Ubuntu 12.10.

            – SAFX
            Apr 5 '13 at 2:46











          • That just saved me a lot of headache. Thanks a ton :)

            – Nitroware
            Jul 16 '17 at 18:29











          • I don't have visudo installed. So I did pkexec vim. Then it shows the list of users and asks for password. When I provide password, it throws error as " Error executing command as another user: Not authorized". Please help

            – Shyamkkhadka
            May 24 '18 at 5:48














          • 1





            I've noticed that removing the leading # from #includedir causes syntax errors, the # is part of the directive, at least on Ubuntu 12.10.

            – SAFX
            Apr 5 '13 at 2:46











          • That just saved me a lot of headache. Thanks a ton :)

            – Nitroware
            Jul 16 '17 at 18:29











          • I don't have visudo installed. So I did pkexec vim. Then it shows the list of users and asks for password. When I provide password, it throws error as " Error executing command as another user: Not authorized". Please help

            – Shyamkkhadka
            May 24 '18 at 5:48








          1




          1





          I've noticed that removing the leading # from #includedir causes syntax errors, the # is part of the directive, at least on Ubuntu 12.10.

          – SAFX
          Apr 5 '13 at 2:46





          I've noticed that removing the leading # from #includedir causes syntax errors, the # is part of the directive, at least on Ubuntu 12.10.

          – SAFX
          Apr 5 '13 at 2:46













          That just saved me a lot of headache. Thanks a ton :)

          – Nitroware
          Jul 16 '17 at 18:29





          That just saved me a lot of headache. Thanks a ton :)

          – Nitroware
          Jul 16 '17 at 18:29













          I don't have visudo installed. So I did pkexec vim. Then it shows the list of users and asks for password. When I provide password, it throws error as " Error executing command as another user: Not authorized". Please help

          – Shyamkkhadka
          May 24 '18 at 5:48





          I don't have visudo installed. So I did pkexec vim. Then it shows the list of users and asks for password. When I provide password, it throws error as " Error executing command as another user: Not authorized". Please help

          – Shyamkkhadka
          May 24 '18 at 5:48











          11














          if anyone else like me didn't have pkexec installed, or was not able to run vi, visudo, nano or any other editor to change sudoers file you can be sure with this process.. I was saved with this:




          • reboot

          • hold shift key while booting to have option for recovery mode (enter it)

          • enter command line as root (second last option at my grub menu)


          • remount boot device for rw, and apply exec right for user, and edit file



            mount -n -o remount,rw /
            chmod u+x /etc/sudoers
            nano /etc/sudoers



          fix that mistake and be happy :)






          share|improve this answer


























          • While pkexec solution suggested by @eliah-kagan seems to be easier, this one is more universal. On my machine it turned out that there is no pkexec installed and of course I could not install it because sudo apt-get install pkexec somehow did not work.

            – running.t
            Oct 15 '15 at 14:06











          • Also within this approach I would use visudo instead nano /etc/sudoers.

            – pa4080
            Dec 3 '18 at 12:38
















          11














          if anyone else like me didn't have pkexec installed, or was not able to run vi, visudo, nano or any other editor to change sudoers file you can be sure with this process.. I was saved with this:




          • reboot

          • hold shift key while booting to have option for recovery mode (enter it)

          • enter command line as root (second last option at my grub menu)


          • remount boot device for rw, and apply exec right for user, and edit file



            mount -n -o remount,rw /
            chmod u+x /etc/sudoers
            nano /etc/sudoers



          fix that mistake and be happy :)






          share|improve this answer


























          • While pkexec solution suggested by @eliah-kagan seems to be easier, this one is more universal. On my machine it turned out that there is no pkexec installed and of course I could not install it because sudo apt-get install pkexec somehow did not work.

            – running.t
            Oct 15 '15 at 14:06











          • Also within this approach I would use visudo instead nano /etc/sudoers.

            – pa4080
            Dec 3 '18 at 12:38














          11












          11








          11







          if anyone else like me didn't have pkexec installed, or was not able to run vi, visudo, nano or any other editor to change sudoers file you can be sure with this process.. I was saved with this:




          • reboot

          • hold shift key while booting to have option for recovery mode (enter it)

          • enter command line as root (second last option at my grub menu)


          • remount boot device for rw, and apply exec right for user, and edit file



            mount -n -o remount,rw /
            chmod u+x /etc/sudoers
            nano /etc/sudoers



          fix that mistake and be happy :)






          share|improve this answer















          if anyone else like me didn't have pkexec installed, or was not able to run vi, visudo, nano or any other editor to change sudoers file you can be sure with this process.. I was saved with this:




          • reboot

          • hold shift key while booting to have option for recovery mode (enter it)

          • enter command line as root (second last option at my grub menu)


          • remount boot device for rw, and apply exec right for user, and edit file



            mount -n -o remount,rw /
            chmod u+x /etc/sudoers
            nano /etc/sudoers



          fix that mistake and be happy :)







          share|improve this answer














          share|improve this answer



          share|improve this answer








          edited May 23 '17 at 19:25









          muru

          1




          1










          answered Oct 20 '14 at 21:40









          Kresimir PendicKresimir Pendic

          82679




          82679













          • While pkexec solution suggested by @eliah-kagan seems to be easier, this one is more universal. On my machine it turned out that there is no pkexec installed and of course I could not install it because sudo apt-get install pkexec somehow did not work.

            – running.t
            Oct 15 '15 at 14:06











          • Also within this approach I would use visudo instead nano /etc/sudoers.

            – pa4080
            Dec 3 '18 at 12:38



















          • While pkexec solution suggested by @eliah-kagan seems to be easier, this one is more universal. On my machine it turned out that there is no pkexec installed and of course I could not install it because sudo apt-get install pkexec somehow did not work.

            – running.t
            Oct 15 '15 at 14:06











          • Also within this approach I would use visudo instead nano /etc/sudoers.

            – pa4080
            Dec 3 '18 at 12:38

















          While pkexec solution suggested by @eliah-kagan seems to be easier, this one is more universal. On my machine it turned out that there is no pkexec installed and of course I could not install it because sudo apt-get install pkexec somehow did not work.

          – running.t
          Oct 15 '15 at 14:06





          While pkexec solution suggested by @eliah-kagan seems to be easier, this one is more universal. On my machine it turned out that there is no pkexec installed and of course I could not install it because sudo apt-get install pkexec somehow did not work.

          – running.t
          Oct 15 '15 at 14:06













          Also within this approach I would use visudo instead nano /etc/sudoers.

          – pa4080
          Dec 3 '18 at 12:38





          Also within this approach I would use visudo instead nano /etc/sudoers.

          – pa4080
          Dec 3 '18 at 12:38











          7














          If you messed up your sudoers file, you'll need to:




          • Reboot into recovery mode (hit escape during boot, choose the recovery mode option on the grub screen)

          • Choose the 'Enable networking' option (if you don't your filesystem will be mounted as read-only. who knew)

          • Chosee the 'Drop to root shell' option

          • run visudo, fix your file

          • Reboot with normal grub option


          source :- http://mario.net.au/content/recover-etcsudoers-ubuntu-1204






          share|improve this answer


























          • Hi, does it removes the iptables, files of existing system ?

            – Shyamkkhadka
            May 24 '18 at 7:48
















          7














          If you messed up your sudoers file, you'll need to:




          • Reboot into recovery mode (hit escape during boot, choose the recovery mode option on the grub screen)

          • Choose the 'Enable networking' option (if you don't your filesystem will be mounted as read-only. who knew)

          • Chosee the 'Drop to root shell' option

          • run visudo, fix your file

          • Reboot with normal grub option


          source :- http://mario.net.au/content/recover-etcsudoers-ubuntu-1204






          share|improve this answer


























          • Hi, does it removes the iptables, files of existing system ?

            – Shyamkkhadka
            May 24 '18 at 7:48














          7












          7








          7







          If you messed up your sudoers file, you'll need to:




          • Reboot into recovery mode (hit escape during boot, choose the recovery mode option on the grub screen)

          • Choose the 'Enable networking' option (if you don't your filesystem will be mounted as read-only. who knew)

          • Chosee the 'Drop to root shell' option

          • run visudo, fix your file

          • Reboot with normal grub option


          source :- http://mario.net.au/content/recover-etcsudoers-ubuntu-1204






          share|improve this answer















          If you messed up your sudoers file, you'll need to:




          • Reboot into recovery mode (hit escape during boot, choose the recovery mode option on the grub screen)

          • Choose the 'Enable networking' option (if you don't your filesystem will be mounted as read-only. who knew)

          • Chosee the 'Drop to root shell' option

          • run visudo, fix your file

          • Reboot with normal grub option


          source :- http://mario.net.au/content/recover-etcsudoers-ubuntu-1204







          share|improve this answer














          share|improve this answer



          share|improve this answer








          edited Sep 18 '18 at 9:50









          Melebius

          4,59651839




          4,59651839










          answered Dec 14 '12 at 10:59









          streakstreak

          21124




          21124













          • Hi, does it removes the iptables, files of existing system ?

            – Shyamkkhadka
            May 24 '18 at 7:48



















          • Hi, does it removes the iptables, files of existing system ?

            – Shyamkkhadka
            May 24 '18 at 7:48

















          Hi, does it removes the iptables, files of existing system ?

          – Shyamkkhadka
          May 24 '18 at 7:48





          Hi, does it removes the iptables, files of existing system ?

          – Shyamkkhadka
          May 24 '18 at 7:48











          6














          There is nothing wrong #include sudoer.d
          removing #include sudoer.d won't make any difference.



          But please make sure you don't have any syntax errors.
          I had same issue but and spent hours to fix and just figured out they are syntax errors.
          Refer to manual and make them right.



          For example
          Say your username is : dolly
          I used following which is wrong



           dolly ALL = (ALL) ALL NO PASSWD: ALL


          correct syntax is



          dolly ALL = (ALL) ALL //give permission to everything, not good


          or



          dolly ALL=(ALL) NOPASSWD:/usr/bin/thurderbird //good, give specific permission


          hope this helps






          share|improve this answer
























          • A better approach than making sure you don't have syntax errors is to always use visudo when editing these files, which makes sure you don't have syntax errors for you, before it modifies file. visudo is not just for editing /etc/sudoers--it will also create and edit files in /etc/sudoers.d. It will also work with whatever text editor you want. See the manpage for details.

            – Eliah Kagan
            Jul 3 '12 at 0:12













          • As for giving specific permission, please note that this is only useful for very simple commands/apps, because any sufficiently complex app (including thunderbird, which should never be run as root anyway) will effectively give the user full system access when run as root. Even seemingly simple functionality opens the door to full root access. For example, a user who can run a program that can save a file to an arbitrary location as root can gain full root access (they can install their own /etc/sudoers, or if syntax limitations prevent that, they can install their own /etc/crontab).

            – Eliah Kagan
            Jul 3 '12 at 0:16
















          6














          There is nothing wrong #include sudoer.d
          removing #include sudoer.d won't make any difference.



          But please make sure you don't have any syntax errors.
          I had same issue but and spent hours to fix and just figured out they are syntax errors.
          Refer to manual and make them right.



          For example
          Say your username is : dolly
          I used following which is wrong



           dolly ALL = (ALL) ALL NO PASSWD: ALL


          correct syntax is



          dolly ALL = (ALL) ALL //give permission to everything, not good


          or



          dolly ALL=(ALL) NOPASSWD:/usr/bin/thurderbird //good, give specific permission


          hope this helps






          share|improve this answer
























          • A better approach than making sure you don't have syntax errors is to always use visudo when editing these files, which makes sure you don't have syntax errors for you, before it modifies file. visudo is not just for editing /etc/sudoers--it will also create and edit files in /etc/sudoers.d. It will also work with whatever text editor you want. See the manpage for details.

            – Eliah Kagan
            Jul 3 '12 at 0:12













          • As for giving specific permission, please note that this is only useful for very simple commands/apps, because any sufficiently complex app (including thunderbird, which should never be run as root anyway) will effectively give the user full system access when run as root. Even seemingly simple functionality opens the door to full root access. For example, a user who can run a program that can save a file to an arbitrary location as root can gain full root access (they can install their own /etc/sudoers, or if syntax limitations prevent that, they can install their own /etc/crontab).

            – Eliah Kagan
            Jul 3 '12 at 0:16














          6












          6








          6







          There is nothing wrong #include sudoer.d
          removing #include sudoer.d won't make any difference.



          But please make sure you don't have any syntax errors.
          I had same issue but and spent hours to fix and just figured out they are syntax errors.
          Refer to manual and make them right.



          For example
          Say your username is : dolly
          I used following which is wrong



           dolly ALL = (ALL) ALL NO PASSWD: ALL


          correct syntax is



          dolly ALL = (ALL) ALL //give permission to everything, not good


          or



          dolly ALL=(ALL) NOPASSWD:/usr/bin/thurderbird //good, give specific permission


          hope this helps






          share|improve this answer













          There is nothing wrong #include sudoer.d
          removing #include sudoer.d won't make any difference.



          But please make sure you don't have any syntax errors.
          I had same issue but and spent hours to fix and just figured out they are syntax errors.
          Refer to manual and make them right.



          For example
          Say your username is : dolly
          I used following which is wrong



           dolly ALL = (ALL) ALL NO PASSWD: ALL


          correct syntax is



          dolly ALL = (ALL) ALL //give permission to everything, not good


          or



          dolly ALL=(ALL) NOPASSWD:/usr/bin/thurderbird //good, give specific permission


          hope this helps







          share|improve this answer












          share|improve this answer



          share|improve this answer










          answered Jul 2 '12 at 23:15









          Thusitha NuwanThusitha Nuwan

          6111




          6111













          • A better approach than making sure you don't have syntax errors is to always use visudo when editing these files, which makes sure you don't have syntax errors for you, before it modifies file. visudo is not just for editing /etc/sudoers--it will also create and edit files in /etc/sudoers.d. It will also work with whatever text editor you want. See the manpage for details.

            – Eliah Kagan
            Jul 3 '12 at 0:12













          • As for giving specific permission, please note that this is only useful for very simple commands/apps, because any sufficiently complex app (including thunderbird, which should never be run as root anyway) will effectively give the user full system access when run as root. Even seemingly simple functionality opens the door to full root access. For example, a user who can run a program that can save a file to an arbitrary location as root can gain full root access (they can install their own /etc/sudoers, or if syntax limitations prevent that, they can install their own /etc/crontab).

            – Eliah Kagan
            Jul 3 '12 at 0:16



















          • A better approach than making sure you don't have syntax errors is to always use visudo when editing these files, which makes sure you don't have syntax errors for you, before it modifies file. visudo is not just for editing /etc/sudoers--it will also create and edit files in /etc/sudoers.d. It will also work with whatever text editor you want. See the manpage for details.

            – Eliah Kagan
            Jul 3 '12 at 0:12













          • As for giving specific permission, please note that this is only useful for very simple commands/apps, because any sufficiently complex app (including thunderbird, which should never be run as root anyway) will effectively give the user full system access when run as root. Even seemingly simple functionality opens the door to full root access. For example, a user who can run a program that can save a file to an arbitrary location as root can gain full root access (they can install their own /etc/sudoers, or if syntax limitations prevent that, they can install their own /etc/crontab).

            – Eliah Kagan
            Jul 3 '12 at 0:16

















          A better approach than making sure you don't have syntax errors is to always use visudo when editing these files, which makes sure you don't have syntax errors for you, before it modifies file. visudo is not just for editing /etc/sudoers--it will also create and edit files in /etc/sudoers.d. It will also work with whatever text editor you want. See the manpage for details.

          – Eliah Kagan
          Jul 3 '12 at 0:12







          A better approach than making sure you don't have syntax errors is to always use visudo when editing these files, which makes sure you don't have syntax errors for you, before it modifies file. visudo is not just for editing /etc/sudoers--it will also create and edit files in /etc/sudoers.d. It will also work with whatever text editor you want. See the manpage for details.

          – Eliah Kagan
          Jul 3 '12 at 0:12















          As for giving specific permission, please note that this is only useful for very simple commands/apps, because any sufficiently complex app (including thunderbird, which should never be run as root anyway) will effectively give the user full system access when run as root. Even seemingly simple functionality opens the door to full root access. For example, a user who can run a program that can save a file to an arbitrary location as root can gain full root access (they can install their own /etc/sudoers, or if syntax limitations prevent that, they can install their own /etc/crontab).

          – Eliah Kagan
          Jul 3 '12 at 0:16





          As for giving specific permission, please note that this is only useful for very simple commands/apps, because any sufficiently complex app (including thunderbird, which should never be run as root anyway) will effectively give the user full system access when run as root. Even seemingly simple functionality opens the door to full root access. For example, a user who can run a program that can save a file to an arbitrary location as root can gain full root access (they can install their own /etc/sudoers, or if syntax limitations prevent that, they can install their own /etc/crontab).

          – Eliah Kagan
          Jul 3 '12 at 0:16











          3














          run recovery mode then type this



          chown -R root:root /etc/sudoers.d
          chmod u=rwx,g=rx,o=rx /etc/sudoers.d/
          chmod u=r,g=r,o= /etc/sudoers.d/*


          only the group and user root should have read privelege






          share|improve this answer




























            3














            run recovery mode then type this



            chown -R root:root /etc/sudoers.d
            chmod u=rwx,g=rx,o=rx /etc/sudoers.d/
            chmod u=r,g=r,o= /etc/sudoers.d/*


            only the group and user root should have read privelege






            share|improve this answer


























              3












              3








              3







              run recovery mode then type this



              chown -R root:root /etc/sudoers.d
              chmod u=rwx,g=rx,o=rx /etc/sudoers.d/
              chmod u=r,g=r,o= /etc/sudoers.d/*


              only the group and user root should have read privelege






              share|improve this answer













              run recovery mode then type this



              chown -R root:root /etc/sudoers.d
              chmod u=rwx,g=rx,o=rx /etc/sudoers.d/
              chmod u=r,g=r,o= /etc/sudoers.d/*


              only the group and user root should have read privelege







              share|improve this answer












              share|improve this answer



              share|improve this answer










              answered Nov 20 '11 at 17:11









              kosaidpokosaidpo

              21913




              21913























                  3














                  You can also login as root on a tty console with Ctrl+Fn (Fn from 1 to 6) and run visudo.






                  share|improve this answer






























                    3














                    You can also login as root on a tty console with Ctrl+Fn (Fn from 1 to 6) and run visudo.






                    share|improve this answer




























                      3












                      3








                      3







                      You can also login as root on a tty console with Ctrl+Fn (Fn from 1 to 6) and run visudo.






                      share|improve this answer















                      You can also login as root on a tty console with Ctrl+Fn (Fn from 1 to 6) and run visudo.







                      share|improve this answer














                      share|improve this answer



                      share|improve this answer








                      edited Mar 9 '13 at 8:16









                      BuZZ-dEE

                      9,225115169




                      9,225115169










                      answered Mar 9 '13 at 7:12









                      magisterludimagisterludi

                      311




                      311























                          2














                          You can edit your boot entry while in grub as well.



                          Simply reboot your pc, and wait for grub to show. Then press "e" on the "Ubuntu" entry to edit it.



                          Look for a line with "linux = " or "kernel = " and simply add an "single" to the end of that line.



                          Then press F10 to boot this temporarily modified boot entry.
                          This will give you a shell (without GUI) with root rights and you can edit the sudoers file with s.th. like nano /etc/sudoers back to its previous state.



                          Then reboot and its done.






                          share|improve this answer




























                            2














                            You can edit your boot entry while in grub as well.



                            Simply reboot your pc, and wait for grub to show. Then press "e" on the "Ubuntu" entry to edit it.



                            Look for a line with "linux = " or "kernel = " and simply add an "single" to the end of that line.



                            Then press F10 to boot this temporarily modified boot entry.
                            This will give you a shell (without GUI) with root rights and you can edit the sudoers file with s.th. like nano /etc/sudoers back to its previous state.



                            Then reboot and its done.






                            share|improve this answer


























                              2












                              2








                              2







                              You can edit your boot entry while in grub as well.



                              Simply reboot your pc, and wait for grub to show. Then press "e" on the "Ubuntu" entry to edit it.



                              Look for a line with "linux = " or "kernel = " and simply add an "single" to the end of that line.



                              Then press F10 to boot this temporarily modified boot entry.
                              This will give you a shell (without GUI) with root rights and you can edit the sudoers file with s.th. like nano /etc/sudoers back to its previous state.



                              Then reboot and its done.






                              share|improve this answer













                              You can edit your boot entry while in grub as well.



                              Simply reboot your pc, and wait for grub to show. Then press "e" on the "Ubuntu" entry to edit it.



                              Look for a line with "linux = " or "kernel = " and simply add an "single" to the end of that line.



                              Then press F10 to boot this temporarily modified boot entry.
                              This will give you a shell (without GUI) with root rights and you can edit the sudoers file with s.th. like nano /etc/sudoers back to its previous state.



                              Then reboot and its done.







                              share|improve this answer












                              share|improve this answer



                              share|improve this answer










                              answered Jan 13 '13 at 4:41









                              Markus ResselMarkus Ressel

                              211




                              211























                                  2














                                  pkexec visudo


                                  then revert your mistakes






                                  share|improve this answer





















                                  • 1





                                    not necessary to use pkexec

                                    – Braiam
                                    Jan 1 '14 at 12:01











                                  • @Braiam visudo has to be run as root. If sudo doesn't work, pkexec sometimes does. This is covered by my earlier answer... but it is a correct answer, visudo by itself (when not run as root) will not work, and there may be value in correct, brief answers even when their recommendations overlap considerably with other answers. Of course, if one goes into recovery mode, that's a root shell and then neither sudo nor visudo is necessary for commands like pkexec. Maybe that's what you mean...

                                    – Eliah Kagan
                                    Mar 29 '14 at 5:30


















                                  2














                                  pkexec visudo


                                  then revert your mistakes






                                  share|improve this answer





















                                  • 1





                                    not necessary to use pkexec

                                    – Braiam
                                    Jan 1 '14 at 12:01











                                  • @Braiam visudo has to be run as root. If sudo doesn't work, pkexec sometimes does. This is covered by my earlier answer... but it is a correct answer, visudo by itself (when not run as root) will not work, and there may be value in correct, brief answers even when their recommendations overlap considerably with other answers. Of course, if one goes into recovery mode, that's a root shell and then neither sudo nor visudo is necessary for commands like pkexec. Maybe that's what you mean...

                                    – Eliah Kagan
                                    Mar 29 '14 at 5:30
















                                  2












                                  2








                                  2







                                  pkexec visudo


                                  then revert your mistakes






                                  share|improve this answer















                                  pkexec visudo


                                  then revert your mistakes







                                  share|improve this answer














                                  share|improve this answer



                                  share|improve this answer








                                  edited Jan 1 '14 at 8:39









                                  kiri

                                  19k1259104




                                  19k1259104










                                  answered Jan 1 '14 at 8:23









                                  Bhavesh GabaniBhavesh Gabani

                                  411




                                  411








                                  • 1





                                    not necessary to use pkexec

                                    – Braiam
                                    Jan 1 '14 at 12:01











                                  • @Braiam visudo has to be run as root. If sudo doesn't work, pkexec sometimes does. This is covered by my earlier answer... but it is a correct answer, visudo by itself (when not run as root) will not work, and there may be value in correct, brief answers even when their recommendations overlap considerably with other answers. Of course, if one goes into recovery mode, that's a root shell and then neither sudo nor visudo is necessary for commands like pkexec. Maybe that's what you mean...

                                    – Eliah Kagan
                                    Mar 29 '14 at 5:30
















                                  • 1





                                    not necessary to use pkexec

                                    – Braiam
                                    Jan 1 '14 at 12:01











                                  • @Braiam visudo has to be run as root. If sudo doesn't work, pkexec sometimes does. This is covered by my earlier answer... but it is a correct answer, visudo by itself (when not run as root) will not work, and there may be value in correct, brief answers even when their recommendations overlap considerably with other answers. Of course, if one goes into recovery mode, that's a root shell and then neither sudo nor visudo is necessary for commands like pkexec. Maybe that's what you mean...

                                    – Eliah Kagan
                                    Mar 29 '14 at 5:30










                                  1




                                  1





                                  not necessary to use pkexec

                                  – Braiam
                                  Jan 1 '14 at 12:01





                                  not necessary to use pkexec

                                  – Braiam
                                  Jan 1 '14 at 12:01













                                  @Braiam visudo has to be run as root. If sudo doesn't work, pkexec sometimes does. This is covered by my earlier answer... but it is a correct answer, visudo by itself (when not run as root) will not work, and there may be value in correct, brief answers even when their recommendations overlap considerably with other answers. Of course, if one goes into recovery mode, that's a root shell and then neither sudo nor visudo is necessary for commands like pkexec. Maybe that's what you mean...

                                  – Eliah Kagan
                                  Mar 29 '14 at 5:30







                                  @Braiam visudo has to be run as root. If sudo doesn't work, pkexec sometimes does. This is covered by my earlier answer... but it is a correct answer, visudo by itself (when not run as root) will not work, and there may be value in correct, brief answers even when their recommendations overlap considerably with other answers. Of course, if one goes into recovery mode, that's a root shell and then neither sudo nor visudo is necessary for commands like pkexec. Maybe that's what you mean...

                                  – Eliah Kagan
                                  Mar 29 '14 at 5:30













                                  0














                                  In Ubuntu 16.04 running on a VirtualBox (shouldn't make a difference), the above methods didn't work for me (invalid row in the end of the file). What did work was:




                                  1. Restart the VirtualBox

                                  2. Let it boot normally, until it asks for your username & password in the console

                                  3. Login normally with your username

                                  4. Then when you end up in the console (provided your box doesn't boot into a GUI), simply give the command su - and then give your own username's password.

                                  5. It should now end up in root@ubuntu-xenial:~# prompt, if the /etc/sudoers isn't too broken or empty. Not sure what would happen in that case.

                                  6. Then you can simply run visudo and fix the file.

                                  7. Then Ctrl + X and it will prompt to Save modified buffer. Press Y and Enter

                                  8. Restart the box and it should work now.


                                  In case your /etc/sudoers is empty or missing something, and you can edit it, then here's the contents of mine:



                                  Defaults env_reset
                                  Defaults mail_badpass
                                  Defaults secure_path="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/snap/bin"

                                  root ALL=(ALL:ALL) ALL

                                  %admin ALL=(ALL) ALL

                                  %sudo ALL=(ALL:ALL) ALL





                                  share|improve this answer




























                                    0














                                    In Ubuntu 16.04 running on a VirtualBox (shouldn't make a difference), the above methods didn't work for me (invalid row in the end of the file). What did work was:




                                    1. Restart the VirtualBox

                                    2. Let it boot normally, until it asks for your username & password in the console

                                    3. Login normally with your username

                                    4. Then when you end up in the console (provided your box doesn't boot into a GUI), simply give the command su - and then give your own username's password.

                                    5. It should now end up in root@ubuntu-xenial:~# prompt, if the /etc/sudoers isn't too broken or empty. Not sure what would happen in that case.

                                    6. Then you can simply run visudo and fix the file.

                                    7. Then Ctrl + X and it will prompt to Save modified buffer. Press Y and Enter

                                    8. Restart the box and it should work now.


                                    In case your /etc/sudoers is empty or missing something, and you can edit it, then here's the contents of mine:



                                    Defaults env_reset
                                    Defaults mail_badpass
                                    Defaults secure_path="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/snap/bin"

                                    root ALL=(ALL:ALL) ALL

                                    %admin ALL=(ALL) ALL

                                    %sudo ALL=(ALL:ALL) ALL





                                    share|improve this answer


























                                      0












                                      0








                                      0







                                      In Ubuntu 16.04 running on a VirtualBox (shouldn't make a difference), the above methods didn't work for me (invalid row in the end of the file). What did work was:




                                      1. Restart the VirtualBox

                                      2. Let it boot normally, until it asks for your username & password in the console

                                      3. Login normally with your username

                                      4. Then when you end up in the console (provided your box doesn't boot into a GUI), simply give the command su - and then give your own username's password.

                                      5. It should now end up in root@ubuntu-xenial:~# prompt, if the /etc/sudoers isn't too broken or empty. Not sure what would happen in that case.

                                      6. Then you can simply run visudo and fix the file.

                                      7. Then Ctrl + X and it will prompt to Save modified buffer. Press Y and Enter

                                      8. Restart the box and it should work now.


                                      In case your /etc/sudoers is empty or missing something, and you can edit it, then here's the contents of mine:



                                      Defaults env_reset
                                      Defaults mail_badpass
                                      Defaults secure_path="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/snap/bin"

                                      root ALL=(ALL:ALL) ALL

                                      %admin ALL=(ALL) ALL

                                      %sudo ALL=(ALL:ALL) ALL





                                      share|improve this answer













                                      In Ubuntu 16.04 running on a VirtualBox (shouldn't make a difference), the above methods didn't work for me (invalid row in the end of the file). What did work was:




                                      1. Restart the VirtualBox

                                      2. Let it boot normally, until it asks for your username & password in the console

                                      3. Login normally with your username

                                      4. Then when you end up in the console (provided your box doesn't boot into a GUI), simply give the command su - and then give your own username's password.

                                      5. It should now end up in root@ubuntu-xenial:~# prompt, if the /etc/sudoers isn't too broken or empty. Not sure what would happen in that case.

                                      6. Then you can simply run visudo and fix the file.

                                      7. Then Ctrl + X and it will prompt to Save modified buffer. Press Y and Enter

                                      8. Restart the box and it should work now.


                                      In case your /etc/sudoers is empty or missing something, and you can edit it, then here's the contents of mine:



                                      Defaults env_reset
                                      Defaults mail_badpass
                                      Defaults secure_path="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/snap/bin"

                                      root ALL=(ALL:ALL) ALL

                                      %admin ALL=(ALL) ALL

                                      %sudo ALL=(ALL:ALL) ALL






                                      share|improve this answer












                                      share|improve this answer



                                      share|improve this answer










                                      answered Aug 14 '18 at 9:40









                                      Juha UntinenJuha Untinen

                                      1135




                                      1135















                                          Popular posts from this blog

                                          How to make a Squid Proxy server?

                                          Is this a new Fibonacci Identity?

                                          19世紀