How to modify an invalid '/etc/sudoers' file?
How do I edit an invalid sudoers file? It throws the below error and it's not allowing me to edit again to fix it.
Here is what happens:
$ sudo visudo
>>> /etc/sudoers: syntax error near line 28 <<<
sudo: parse error in /etc/sudoers near line 28
sudo: no valid sudoers sources found, quitting
sudo visudo
add a comment |
How do I edit an invalid sudoers file? It throws the below error and it's not allowing me to edit again to fix it.
Here is what happens:
$ sudo visudo
>>> /etc/sudoers: syntax error near line 28 <<<
sudo: parse error in /etc/sudoers near line 28
sudo: no valid sudoers sources found, quitting
sudo visudo
2
great question considering this page creates that error help.ubuntu.com/community/RootSudoTimeout
– user128334
Sep 21 '13 at 18:14
add a comment |
How do I edit an invalid sudoers file? It throws the below error and it's not allowing me to edit again to fix it.
Here is what happens:
$ sudo visudo
>>> /etc/sudoers: syntax error near line 28 <<<
sudo: parse error in /etc/sudoers near line 28
sudo: no valid sudoers sources found, quitting
sudo visudo
How do I edit an invalid sudoers file? It throws the below error and it's not allowing me to edit again to fix it.
Here is what happens:
$ sudo visudo
>>> /etc/sudoers: syntax error near line 28 <<<
sudo: parse error in /etc/sudoers near line 28
sudo: no valid sudoers sources found, quitting
sudo visudo
sudo visudo
edited Jan 16 at 21:27
wjandrea
8,63442260
8,63442260
asked Oct 30 '11 at 19:15
YumYumYumYumYumYum
4,5023286133
4,5023286133
2
great question considering this page creates that error help.ubuntu.com/community/RootSudoTimeout
– user128334
Sep 21 '13 at 18:14
add a comment |
2
great question considering this page creates that error help.ubuntu.com/community/RootSudoTimeout
– user128334
Sep 21 '13 at 18:14
2
2
great question considering this page creates that error help.ubuntu.com/community/RootSudoTimeout
– user128334
Sep 21 '13 at 18:14
great question considering this page creates that error help.ubuntu.com/community/RootSudoTimeout
– user128334
Sep 21 '13 at 18:14
add a comment |
11 Answers
11
active
oldest
votes
On a modern Ubuntu system (and many other GNU/Linux distributions), fixing a corrupted sudoers
file is actually quite easy, and doesn't require rebooting, using a live CD, or physical access to the machine.
To do this via SSH, log in to the machine and run the command pkexec visudo
. If you have physical access to the machine, SSH is unnecessary; just open a Terminal window and run that pkexec
command.
Assuming you (or some other user) are authorized to run programs as root
with PolicyKit, you can enter your password, and then it will run visudo
as root
, and you can fix your /etc/sudoers
.
If you need to edit one of the configuration files in /etc/sudoers.d
(which in uncommon in this situation, but possible), use pkexec visudo -f /etc/sudoers.d/filename
.
If you have a related situation where you have to perform additional system administration commands as root to fix the problem (also uncommon in this circumstance, but common in others), you can start an interactive root shell with pkexec bash
. Generally speaking, any non-graphical command you'd run with sudo
can be run with pkexec
instead.
(If there is more than one user account on the system authorized to run programs as root
with PolicyKit, then for any of those actions, you'll be asked to select which one you want to use, before being asked for your password.)
If that doesn't work--for example, if there are no users authorized to run programs as root via PolicyKit--then boot from an Ubuntu live CD (like the CD you probably used to install Ubuntu) and mount the filesystem for the installed system. You can do this by running
sudo parted -l
to view your partitions--there is probably just one ext4 partition, and that's the root filesystem. Suppose the installed Ubuntu system's root filesystem is on /dev/sda1. Then you could mount it with sudo mount /dev/sda1 /mnt
. Then you can edit the installed system's sudoers file with sudo nano -w /mnt/etc/sudoers
. Or, even better, you can edit it with
sudo visudo -f /mnt/etc/sudoers
(which will prevent you from saving a sudoers file with incorrect syntax).
7
pkexec /usr/sbin/visudo worked on debian 7
– marinara
Mar 5 '14 at 1:33
10
HOLY COW! Thanks a LOT! Saved my bacon. Added a file as suggested into etc/sudoers.d/ directory USING A REGULAR TEXT EDITOR (D-O-N-T__D-O__T-H-A-T!!!). Lost all ability to do elevated privileges, INCLUDING, editing the offending file. This helped edit the file. Weird though, I had to edit /etc/sudoers first, then it found the errors in the other file and opened that for me. EVEN WEIRDER, the directive in /etc/sudoers file 'inlcudedir /etc/sudoers.d' was commented out, and it still includes it.
– Dennis
Apr 5 '15 at 3:15
3
@Dennis Somewhat confusingly,#include
directives insudoers
files are treated specially; the leading#
does not cause the rest of the line to be interpreted as a comment, in that case. Asman sudoers
says: "The pound sign (‘#’) is used to indicate a comment (unless it is part of a #include directive or unless..." See also visudo: #includedir sudoers.d (archived from lzone.de/blog).
– Eliah Kagan
Apr 5 '15 at 3:49
5
My user is sudoer but i got this error: Error executing command as another user: Not authorized
– SuB
Oct 30 '16 at 10:05
1
In Ubuntu 16.04,pkexec visudo
asks for a password, which does not accept the correct password. It throws an "AUTHENTICATION FAILED" error.
– Juha Untinen
Aug 14 '18 at 9:30
|
show 8 more comments
Always use visudo
to edit your sudoers file, never edit it directly yourself. It will prevent you saving it to disk unless it validates.
14
hindsight is 20/20
– code_monk
Jan 9 '15 at 1:57
4
It won't prevent disaster. It's easy enough to validly deny yourself.
– Joshua
Oct 5 '15 at 22:02
Can visudo be used by scritps? If so, how?
– Lukas
Jul 7 '16 at 15:01
I don't have visudo installed. So I did pkexec vim. Then it shows the list of users and asks for password. When I provide password, it throws error as " Error executing command as another user: Not authorized". Please help
– Shyamkkhadka
May 24 '18 at 5:48
add a comment |
Type in:
pkexec visudo
Then change last line
#includedir /etc/sudoers
To:
#includedir /etc/sudoers.d
It should solve your problem.
1
I've noticed that removing the leading#
from#includedir
causes syntax errors, the#
is part of the directive, at least on Ubuntu 12.10.
– SAFX
Apr 5 '13 at 2:46
That just saved me a lot of headache. Thanks a ton :)
– Nitroware
Jul 16 '17 at 18:29
I don't have visudo installed. So I did pkexec vim. Then it shows the list of users and asks for password. When I provide password, it throws error as " Error executing command as another user: Not authorized". Please help
– Shyamkkhadka
May 24 '18 at 5:48
add a comment |
if anyone else like me didn't have pkexec installed, or was not able to run vi, visudo, nano or any other editor to change sudoers file you can be sure with this process.. I was saved with this:
- reboot
- hold shift key while booting to have option for recovery mode (enter it)
- enter command line as root (second last option at my grub menu)
remount boot device for rw, and apply exec right for user, and edit file
mount -n -o remount,rw /
chmod u+x /etc/sudoers
nano /etc/sudoers
fix that mistake and be happy :)
While pkexec solution suggested by @eliah-kagan seems to be easier, this one is more universal. On my machine it turned out that there is no pkexec installed and of course I could not install it because sudo apt-get install pkexec somehow did not work.
– running.t
Oct 15 '15 at 14:06
Also within this approach I would usevisudo
insteadnano /etc/sudoers
.
– pa4080
Dec 3 '18 at 12:38
add a comment |
If you messed up your sudoers
file, you'll need to:
- Reboot into recovery mode (hit escape during boot, choose the recovery mode option on the grub screen)
- Choose the 'Enable networking' option (if you don't your filesystem will be mounted as read-only. who knew)
- Chosee the 'Drop to root shell' option
- run
visudo
, fix your file - Reboot with normal grub option
source :- http://mario.net.au/content/recover-etcsudoers-ubuntu-1204
Hi, does it removes the iptables, files of existing system ?
– Shyamkkhadka
May 24 '18 at 7:48
add a comment |
There is nothing wrong #include sudoer.d
removing #include sudoer.d won't make any difference.
But please make sure you don't have any syntax errors.
I had same issue but and spent hours to fix and just figured out they are syntax errors.
Refer to manual and make them right.
For example
Say your username is : dolly
I used following which is wrong
dolly ALL = (ALL) ALL NO PASSWD: ALL
correct syntax is
dolly ALL = (ALL) ALL //give permission to everything, not good
or
dolly ALL=(ALL) NOPASSWD:/usr/bin/thurderbird //good, give specific permission
hope this helps
A better approach than making sure you don't have syntax errors is to always usevisudo
when editing these files, which makes sure you don't have syntax errors for you, before it modifies file.visudo
is not just for editing/etc/sudoers
--it will also create and edit files in/etc/sudoers.d
. It will also work with whatever text editor you want. See the manpage for details.
– Eliah Kagan
Jul 3 '12 at 0:12
As for giving specific permission, please note that this is only useful for very simple commands/apps, because any sufficiently complex app (includingthunderbird
, which should never be run as root anyway) will effectively give the user full system access when run as root. Even seemingly simple functionality opens the door to full root access. For example, a user who can run a program that can save a file to an arbitrary location as root can gain full root access (they can install their own/etc/sudoers
, or if syntax limitations prevent that, they can install their own/etc/crontab
).
– Eliah Kagan
Jul 3 '12 at 0:16
add a comment |
run recovery mode then type this
chown -R root:root /etc/sudoers.d
chmod u=rwx,g=rx,o=rx /etc/sudoers.d/
chmod u=r,g=r,o= /etc/sudoers.d/*
only the group and user root should have read privelege
add a comment |
You can also login as root on a tty
console with Ctrl+Fn (Fn from 1 to 6) and run visudo
.
add a comment |
You can edit your boot entry while in grub as well.
Simply reboot your pc, and wait for grub to show. Then press "e" on the "Ubuntu" entry to edit it.
Look for a line with "linux = " or "kernel = " and simply add an "single" to the end of that line.
Then press F10 to boot this temporarily modified boot entry.
This will give you a shell (without GUI) with root rights and you can edit the sudoers file with s.th. like nano /etc/sudoers back to its previous state.
Then reboot and its done.
add a comment |
pkexec visudo
then revert your mistakes
1
not necessary to use pkexec
– Braiam
Jan 1 '14 at 12:01
@Braiamvisudo
has to be run as root. Ifsudo
doesn't work,pkexec
sometimes does. This is covered by my earlier answer... but it is a correct answer,visudo
by itself (when not run as root) will not work, and there may be value in correct, brief answers even when their recommendations overlap considerably with other answers. Of course, if one goes into recovery mode, that's a root shell and then neithersudo
norvisudo
is necessary for commands likepkexec
. Maybe that's what you mean...
– Eliah Kagan
Mar 29 '14 at 5:30
add a comment |
In Ubuntu 16.04 running on a VirtualBox (shouldn't make a difference), the above methods didn't work for me (invalid row in the end of the file). What did work was:
- Restart the VirtualBox
- Let it boot normally, until it asks for your username & password in the console
- Login normally with your username
- Then when you end up in the console (provided your box doesn't boot into a GUI), simply give the command
su -
and then give your own username's password. - It should now end up in
root@ubuntu-xenial:~#
prompt, if the/etc/sudoers
isn't too broken or empty. Not sure what would happen in that case. - Then you can simply run
visudo
and fix the file. - Then
Ctrl + X
and it will prompt to Save modified buffer. PressY
andEnter
- Restart the box and it should work now.
In case your /etc/sudoers
is empty or missing something, and you can edit it, then here's the contents of mine:
Defaults env_reset
Defaults mail_badpass
Defaults secure_path="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/snap/bin"
root ALL=(ALL:ALL) ALL
%admin ALL=(ALL) ALL
%sudo ALL=(ALL:ALL) ALL
add a comment |
11 Answers
11
active
oldest
votes
11 Answers
11
active
oldest
votes
active
oldest
votes
active
oldest
votes
On a modern Ubuntu system (and many other GNU/Linux distributions), fixing a corrupted sudoers
file is actually quite easy, and doesn't require rebooting, using a live CD, or physical access to the machine.
To do this via SSH, log in to the machine and run the command pkexec visudo
. If you have physical access to the machine, SSH is unnecessary; just open a Terminal window and run that pkexec
command.
Assuming you (or some other user) are authorized to run programs as root
with PolicyKit, you can enter your password, and then it will run visudo
as root
, and you can fix your /etc/sudoers
.
If you need to edit one of the configuration files in /etc/sudoers.d
(which in uncommon in this situation, but possible), use pkexec visudo -f /etc/sudoers.d/filename
.
If you have a related situation where you have to perform additional system administration commands as root to fix the problem (also uncommon in this circumstance, but common in others), you can start an interactive root shell with pkexec bash
. Generally speaking, any non-graphical command you'd run with sudo
can be run with pkexec
instead.
(If there is more than one user account on the system authorized to run programs as root
with PolicyKit, then for any of those actions, you'll be asked to select which one you want to use, before being asked for your password.)
If that doesn't work--for example, if there are no users authorized to run programs as root via PolicyKit--then boot from an Ubuntu live CD (like the CD you probably used to install Ubuntu) and mount the filesystem for the installed system. You can do this by running
sudo parted -l
to view your partitions--there is probably just one ext4 partition, and that's the root filesystem. Suppose the installed Ubuntu system's root filesystem is on /dev/sda1. Then you could mount it with sudo mount /dev/sda1 /mnt
. Then you can edit the installed system's sudoers file with sudo nano -w /mnt/etc/sudoers
. Or, even better, you can edit it with
sudo visudo -f /mnt/etc/sudoers
(which will prevent you from saving a sudoers file with incorrect syntax).
7
pkexec /usr/sbin/visudo worked on debian 7
– marinara
Mar 5 '14 at 1:33
10
HOLY COW! Thanks a LOT! Saved my bacon. Added a file as suggested into etc/sudoers.d/ directory USING A REGULAR TEXT EDITOR (D-O-N-T__D-O__T-H-A-T!!!). Lost all ability to do elevated privileges, INCLUDING, editing the offending file. This helped edit the file. Weird though, I had to edit /etc/sudoers first, then it found the errors in the other file and opened that for me. EVEN WEIRDER, the directive in /etc/sudoers file 'inlcudedir /etc/sudoers.d' was commented out, and it still includes it.
– Dennis
Apr 5 '15 at 3:15
3
@Dennis Somewhat confusingly,#include
directives insudoers
files are treated specially; the leading#
does not cause the rest of the line to be interpreted as a comment, in that case. Asman sudoers
says: "The pound sign (‘#’) is used to indicate a comment (unless it is part of a #include directive or unless..." See also visudo: #includedir sudoers.d (archived from lzone.de/blog).
– Eliah Kagan
Apr 5 '15 at 3:49
5
My user is sudoer but i got this error: Error executing command as another user: Not authorized
– SuB
Oct 30 '16 at 10:05
1
In Ubuntu 16.04,pkexec visudo
asks for a password, which does not accept the correct password. It throws an "AUTHENTICATION FAILED" error.
– Juha Untinen
Aug 14 '18 at 9:30
|
show 8 more comments
On a modern Ubuntu system (and many other GNU/Linux distributions), fixing a corrupted sudoers
file is actually quite easy, and doesn't require rebooting, using a live CD, or physical access to the machine.
To do this via SSH, log in to the machine and run the command pkexec visudo
. If you have physical access to the machine, SSH is unnecessary; just open a Terminal window and run that pkexec
command.
Assuming you (or some other user) are authorized to run programs as root
with PolicyKit, you can enter your password, and then it will run visudo
as root
, and you can fix your /etc/sudoers
.
If you need to edit one of the configuration files in /etc/sudoers.d
(which in uncommon in this situation, but possible), use pkexec visudo -f /etc/sudoers.d/filename
.
If you have a related situation where you have to perform additional system administration commands as root to fix the problem (also uncommon in this circumstance, but common in others), you can start an interactive root shell with pkexec bash
. Generally speaking, any non-graphical command you'd run with sudo
can be run with pkexec
instead.
(If there is more than one user account on the system authorized to run programs as root
with PolicyKit, then for any of those actions, you'll be asked to select which one you want to use, before being asked for your password.)
If that doesn't work--for example, if there are no users authorized to run programs as root via PolicyKit--then boot from an Ubuntu live CD (like the CD you probably used to install Ubuntu) and mount the filesystem for the installed system. You can do this by running
sudo parted -l
to view your partitions--there is probably just one ext4 partition, and that's the root filesystem. Suppose the installed Ubuntu system's root filesystem is on /dev/sda1. Then you could mount it with sudo mount /dev/sda1 /mnt
. Then you can edit the installed system's sudoers file with sudo nano -w /mnt/etc/sudoers
. Or, even better, you can edit it with
sudo visudo -f /mnt/etc/sudoers
(which will prevent you from saving a sudoers file with incorrect syntax).
7
pkexec /usr/sbin/visudo worked on debian 7
– marinara
Mar 5 '14 at 1:33
10
HOLY COW! Thanks a LOT! Saved my bacon. Added a file as suggested into etc/sudoers.d/ directory USING A REGULAR TEXT EDITOR (D-O-N-T__D-O__T-H-A-T!!!). Lost all ability to do elevated privileges, INCLUDING, editing the offending file. This helped edit the file. Weird though, I had to edit /etc/sudoers first, then it found the errors in the other file and opened that for me. EVEN WEIRDER, the directive in /etc/sudoers file 'inlcudedir /etc/sudoers.d' was commented out, and it still includes it.
– Dennis
Apr 5 '15 at 3:15
3
@Dennis Somewhat confusingly,#include
directives insudoers
files are treated specially; the leading#
does not cause the rest of the line to be interpreted as a comment, in that case. Asman sudoers
says: "The pound sign (‘#’) is used to indicate a comment (unless it is part of a #include directive or unless..." See also visudo: #includedir sudoers.d (archived from lzone.de/blog).
– Eliah Kagan
Apr 5 '15 at 3:49
5
My user is sudoer but i got this error: Error executing command as another user: Not authorized
– SuB
Oct 30 '16 at 10:05
1
In Ubuntu 16.04,pkexec visudo
asks for a password, which does not accept the correct password. It throws an "AUTHENTICATION FAILED" error.
– Juha Untinen
Aug 14 '18 at 9:30
|
show 8 more comments
On a modern Ubuntu system (and many other GNU/Linux distributions), fixing a corrupted sudoers
file is actually quite easy, and doesn't require rebooting, using a live CD, or physical access to the machine.
To do this via SSH, log in to the machine and run the command pkexec visudo
. If you have physical access to the machine, SSH is unnecessary; just open a Terminal window and run that pkexec
command.
Assuming you (or some other user) are authorized to run programs as root
with PolicyKit, you can enter your password, and then it will run visudo
as root
, and you can fix your /etc/sudoers
.
If you need to edit one of the configuration files in /etc/sudoers.d
(which in uncommon in this situation, but possible), use pkexec visudo -f /etc/sudoers.d/filename
.
If you have a related situation where you have to perform additional system administration commands as root to fix the problem (also uncommon in this circumstance, but common in others), you can start an interactive root shell with pkexec bash
. Generally speaking, any non-graphical command you'd run with sudo
can be run with pkexec
instead.
(If there is more than one user account on the system authorized to run programs as root
with PolicyKit, then for any of those actions, you'll be asked to select which one you want to use, before being asked for your password.)
If that doesn't work--for example, if there are no users authorized to run programs as root via PolicyKit--then boot from an Ubuntu live CD (like the CD you probably used to install Ubuntu) and mount the filesystem for the installed system. You can do this by running
sudo parted -l
to view your partitions--there is probably just one ext4 partition, and that's the root filesystem. Suppose the installed Ubuntu system's root filesystem is on /dev/sda1. Then you could mount it with sudo mount /dev/sda1 /mnt
. Then you can edit the installed system's sudoers file with sudo nano -w /mnt/etc/sudoers
. Or, even better, you can edit it with
sudo visudo -f /mnt/etc/sudoers
(which will prevent you from saving a sudoers file with incorrect syntax).
On a modern Ubuntu system (and many other GNU/Linux distributions), fixing a corrupted sudoers
file is actually quite easy, and doesn't require rebooting, using a live CD, or physical access to the machine.
To do this via SSH, log in to the machine and run the command pkexec visudo
. If you have physical access to the machine, SSH is unnecessary; just open a Terminal window and run that pkexec
command.
Assuming you (or some other user) are authorized to run programs as root
with PolicyKit, you can enter your password, and then it will run visudo
as root
, and you can fix your /etc/sudoers
.
If you need to edit one of the configuration files in /etc/sudoers.d
(which in uncommon in this situation, but possible), use pkexec visudo -f /etc/sudoers.d/filename
.
If you have a related situation where you have to perform additional system administration commands as root to fix the problem (also uncommon in this circumstance, but common in others), you can start an interactive root shell with pkexec bash
. Generally speaking, any non-graphical command you'd run with sudo
can be run with pkexec
instead.
(If there is more than one user account on the system authorized to run programs as root
with PolicyKit, then for any of those actions, you'll be asked to select which one you want to use, before being asked for your password.)
If that doesn't work--for example, if there are no users authorized to run programs as root via PolicyKit--then boot from an Ubuntu live CD (like the CD you probably used to install Ubuntu) and mount the filesystem for the installed system. You can do this by running
sudo parted -l
to view your partitions--there is probably just one ext4 partition, and that's the root filesystem. Suppose the installed Ubuntu system's root filesystem is on /dev/sda1. Then you could mount it with sudo mount /dev/sda1 /mnt
. Then you can edit the installed system's sudoers file with sudo nano -w /mnt/etc/sudoers
. Or, even better, you can edit it with
sudo visudo -f /mnt/etc/sudoers
(which will prevent you from saving a sudoers file with incorrect syntax).
edited Aug 16 '13 at 6:30
answered Oct 30 '11 at 19:45
Eliah KaganEliah Kagan
81.9k21227364
81.9k21227364
7
pkexec /usr/sbin/visudo worked on debian 7
– marinara
Mar 5 '14 at 1:33
10
HOLY COW! Thanks a LOT! Saved my bacon. Added a file as suggested into etc/sudoers.d/ directory USING A REGULAR TEXT EDITOR (D-O-N-T__D-O__T-H-A-T!!!). Lost all ability to do elevated privileges, INCLUDING, editing the offending file. This helped edit the file. Weird though, I had to edit /etc/sudoers first, then it found the errors in the other file and opened that for me. EVEN WEIRDER, the directive in /etc/sudoers file 'inlcudedir /etc/sudoers.d' was commented out, and it still includes it.
– Dennis
Apr 5 '15 at 3:15
3
@Dennis Somewhat confusingly,#include
directives insudoers
files are treated specially; the leading#
does not cause the rest of the line to be interpreted as a comment, in that case. Asman sudoers
says: "The pound sign (‘#’) is used to indicate a comment (unless it is part of a #include directive or unless..." See also visudo: #includedir sudoers.d (archived from lzone.de/blog).
– Eliah Kagan
Apr 5 '15 at 3:49
5
My user is sudoer but i got this error: Error executing command as another user: Not authorized
– SuB
Oct 30 '16 at 10:05
1
In Ubuntu 16.04,pkexec visudo
asks for a password, which does not accept the correct password. It throws an "AUTHENTICATION FAILED" error.
– Juha Untinen
Aug 14 '18 at 9:30
|
show 8 more comments
7
pkexec /usr/sbin/visudo worked on debian 7
– marinara
Mar 5 '14 at 1:33
10
HOLY COW! Thanks a LOT! Saved my bacon. Added a file as suggested into etc/sudoers.d/ directory USING A REGULAR TEXT EDITOR (D-O-N-T__D-O__T-H-A-T!!!). Lost all ability to do elevated privileges, INCLUDING, editing the offending file. This helped edit the file. Weird though, I had to edit /etc/sudoers first, then it found the errors in the other file and opened that for me. EVEN WEIRDER, the directive in /etc/sudoers file 'inlcudedir /etc/sudoers.d' was commented out, and it still includes it.
– Dennis
Apr 5 '15 at 3:15
3
@Dennis Somewhat confusingly,#include
directives insudoers
files are treated specially; the leading#
does not cause the rest of the line to be interpreted as a comment, in that case. Asman sudoers
says: "The pound sign (‘#’) is used to indicate a comment (unless it is part of a #include directive or unless..." See also visudo: #includedir sudoers.d (archived from lzone.de/blog).
– Eliah Kagan
Apr 5 '15 at 3:49
5
My user is sudoer but i got this error: Error executing command as another user: Not authorized
– SuB
Oct 30 '16 at 10:05
1
In Ubuntu 16.04,pkexec visudo
asks for a password, which does not accept the correct password. It throws an "AUTHENTICATION FAILED" error.
– Juha Untinen
Aug 14 '18 at 9:30
7
7
pkexec /usr/sbin/visudo worked on debian 7
– marinara
Mar 5 '14 at 1:33
pkexec /usr/sbin/visudo worked on debian 7
– marinara
Mar 5 '14 at 1:33
10
10
HOLY COW! Thanks a LOT! Saved my bacon. Added a file as suggested into etc/sudoers.d/ directory USING A REGULAR TEXT EDITOR (D-O-N-T__D-O__T-H-A-T!!!). Lost all ability to do elevated privileges, INCLUDING, editing the offending file. This helped edit the file. Weird though, I had to edit /etc/sudoers first, then it found the errors in the other file and opened that for me. EVEN WEIRDER, the directive in /etc/sudoers file 'inlcudedir /etc/sudoers.d' was commented out, and it still includes it.
– Dennis
Apr 5 '15 at 3:15
HOLY COW! Thanks a LOT! Saved my bacon. Added a file as suggested into etc/sudoers.d/ directory USING A REGULAR TEXT EDITOR (D-O-N-T__D-O__T-H-A-T!!!). Lost all ability to do elevated privileges, INCLUDING, editing the offending file. This helped edit the file. Weird though, I had to edit /etc/sudoers first, then it found the errors in the other file and opened that for me. EVEN WEIRDER, the directive in /etc/sudoers file 'inlcudedir /etc/sudoers.d' was commented out, and it still includes it.
– Dennis
Apr 5 '15 at 3:15
3
3
@Dennis Somewhat confusingly,
#include
directives in sudoers
files are treated specially; the leading #
does not cause the rest of the line to be interpreted as a comment, in that case. As man sudoers
says: "The pound sign (‘#’) is used to indicate a comment (unless it is part of a #include directive or unless..." See also visudo: #includedir sudoers.d (archived from lzone.de/blog).– Eliah Kagan
Apr 5 '15 at 3:49
@Dennis Somewhat confusingly,
#include
directives in sudoers
files are treated specially; the leading #
does not cause the rest of the line to be interpreted as a comment, in that case. As man sudoers
says: "The pound sign (‘#’) is used to indicate a comment (unless it is part of a #include directive or unless..." See also visudo: #includedir sudoers.d (archived from lzone.de/blog).– Eliah Kagan
Apr 5 '15 at 3:49
5
5
My user is sudoer but i got this error: Error executing command as another user: Not authorized
– SuB
Oct 30 '16 at 10:05
My user is sudoer but i got this error: Error executing command as another user: Not authorized
– SuB
Oct 30 '16 at 10:05
1
1
In Ubuntu 16.04,
pkexec visudo
asks for a password, which does not accept the correct password. It throws an "AUTHENTICATION FAILED" error.– Juha Untinen
Aug 14 '18 at 9:30
In Ubuntu 16.04,
pkexec visudo
asks for a password, which does not accept the correct password. It throws an "AUTHENTICATION FAILED" error.– Juha Untinen
Aug 14 '18 at 9:30
|
show 8 more comments
Always use visudo
to edit your sudoers file, never edit it directly yourself. It will prevent you saving it to disk unless it validates.
14
hindsight is 20/20
– code_monk
Jan 9 '15 at 1:57
4
It won't prevent disaster. It's easy enough to validly deny yourself.
– Joshua
Oct 5 '15 at 22:02
Can visudo be used by scritps? If so, how?
– Lukas
Jul 7 '16 at 15:01
I don't have visudo installed. So I did pkexec vim. Then it shows the list of users and asks for password. When I provide password, it throws error as " Error executing command as another user: Not authorized". Please help
– Shyamkkhadka
May 24 '18 at 5:48
add a comment |
Always use visudo
to edit your sudoers file, never edit it directly yourself. It will prevent you saving it to disk unless it validates.
14
hindsight is 20/20
– code_monk
Jan 9 '15 at 1:57
4
It won't prevent disaster. It's easy enough to validly deny yourself.
– Joshua
Oct 5 '15 at 22:02
Can visudo be used by scritps? If so, how?
– Lukas
Jul 7 '16 at 15:01
I don't have visudo installed. So I did pkexec vim. Then it shows the list of users and asks for password. When I provide password, it throws error as " Error executing command as another user: Not authorized". Please help
– Shyamkkhadka
May 24 '18 at 5:48
add a comment |
Always use visudo
to edit your sudoers file, never edit it directly yourself. It will prevent you saving it to disk unless it validates.
Always use visudo
to edit your sudoers file, never edit it directly yourself. It will prevent you saving it to disk unless it validates.
edited Apr 19 '12 at 1:55
tantrix
1032
1032
answered Nov 20 '11 at 17:08
CaesiumCaesium
11.5k33147
11.5k33147
14
hindsight is 20/20
– code_monk
Jan 9 '15 at 1:57
4
It won't prevent disaster. It's easy enough to validly deny yourself.
– Joshua
Oct 5 '15 at 22:02
Can visudo be used by scritps? If so, how?
– Lukas
Jul 7 '16 at 15:01
I don't have visudo installed. So I did pkexec vim. Then it shows the list of users and asks for password. When I provide password, it throws error as " Error executing command as another user: Not authorized". Please help
– Shyamkkhadka
May 24 '18 at 5:48
add a comment |
14
hindsight is 20/20
– code_monk
Jan 9 '15 at 1:57
4
It won't prevent disaster. It's easy enough to validly deny yourself.
– Joshua
Oct 5 '15 at 22:02
Can visudo be used by scritps? If so, how?
– Lukas
Jul 7 '16 at 15:01
I don't have visudo installed. So I did pkexec vim. Then it shows the list of users and asks for password. When I provide password, it throws error as " Error executing command as another user: Not authorized". Please help
– Shyamkkhadka
May 24 '18 at 5:48
14
14
hindsight is 20/20
– code_monk
Jan 9 '15 at 1:57
hindsight is 20/20
– code_monk
Jan 9 '15 at 1:57
4
4
It won't prevent disaster. It's easy enough to validly deny yourself.
– Joshua
Oct 5 '15 at 22:02
It won't prevent disaster. It's easy enough to validly deny yourself.
– Joshua
Oct 5 '15 at 22:02
Can visudo be used by scritps? If so, how?
– Lukas
Jul 7 '16 at 15:01
Can visudo be used by scritps? If so, how?
– Lukas
Jul 7 '16 at 15:01
I don't have visudo installed. So I did pkexec vim. Then it shows the list of users and asks for password. When I provide password, it throws error as " Error executing command as another user: Not authorized". Please help
– Shyamkkhadka
May 24 '18 at 5:48
I don't have visudo installed. So I did pkexec vim. Then it shows the list of users and asks for password. When I provide password, it throws error as " Error executing command as another user: Not authorized". Please help
– Shyamkkhadka
May 24 '18 at 5:48
add a comment |
Type in:
pkexec visudo
Then change last line
#includedir /etc/sudoers
To:
#includedir /etc/sudoers.d
It should solve your problem.
1
I've noticed that removing the leading#
from#includedir
causes syntax errors, the#
is part of the directive, at least on Ubuntu 12.10.
– SAFX
Apr 5 '13 at 2:46
That just saved me a lot of headache. Thanks a ton :)
– Nitroware
Jul 16 '17 at 18:29
I don't have visudo installed. So I did pkexec vim. Then it shows the list of users and asks for password. When I provide password, it throws error as " Error executing command as another user: Not authorized". Please help
– Shyamkkhadka
May 24 '18 at 5:48
add a comment |
Type in:
pkexec visudo
Then change last line
#includedir /etc/sudoers
To:
#includedir /etc/sudoers.d
It should solve your problem.
1
I've noticed that removing the leading#
from#includedir
causes syntax errors, the#
is part of the directive, at least on Ubuntu 12.10.
– SAFX
Apr 5 '13 at 2:46
That just saved me a lot of headache. Thanks a ton :)
– Nitroware
Jul 16 '17 at 18:29
I don't have visudo installed. So I did pkexec vim. Then it shows the list of users and asks for password. When I provide password, it throws error as " Error executing command as another user: Not authorized". Please help
– Shyamkkhadka
May 24 '18 at 5:48
add a comment |
Type in:
pkexec visudo
Then change last line
#includedir /etc/sudoers
To:
#includedir /etc/sudoers.d
It should solve your problem.
Type in:
pkexec visudo
Then change last line
#includedir /etc/sudoers
To:
#includedir /etc/sudoers.d
It should solve your problem.
edited Apr 8 '16 at 9:58
muru
1
1
answered Feb 21 '13 at 18:23
Andrej BurcevAndrej Burcev
32122
32122
1
I've noticed that removing the leading#
from#includedir
causes syntax errors, the#
is part of the directive, at least on Ubuntu 12.10.
– SAFX
Apr 5 '13 at 2:46
That just saved me a lot of headache. Thanks a ton :)
– Nitroware
Jul 16 '17 at 18:29
I don't have visudo installed. So I did pkexec vim. Then it shows the list of users and asks for password. When I provide password, it throws error as " Error executing command as another user: Not authorized". Please help
– Shyamkkhadka
May 24 '18 at 5:48
add a comment |
1
I've noticed that removing the leading#
from#includedir
causes syntax errors, the#
is part of the directive, at least on Ubuntu 12.10.
– SAFX
Apr 5 '13 at 2:46
That just saved me a lot of headache. Thanks a ton :)
– Nitroware
Jul 16 '17 at 18:29
I don't have visudo installed. So I did pkexec vim. Then it shows the list of users and asks for password. When I provide password, it throws error as " Error executing command as another user: Not authorized". Please help
– Shyamkkhadka
May 24 '18 at 5:48
1
1
I've noticed that removing the leading
#
from #includedir
causes syntax errors, the #
is part of the directive, at least on Ubuntu 12.10.– SAFX
Apr 5 '13 at 2:46
I've noticed that removing the leading
#
from #includedir
causes syntax errors, the #
is part of the directive, at least on Ubuntu 12.10.– SAFX
Apr 5 '13 at 2:46
That just saved me a lot of headache. Thanks a ton :)
– Nitroware
Jul 16 '17 at 18:29
That just saved me a lot of headache. Thanks a ton :)
– Nitroware
Jul 16 '17 at 18:29
I don't have visudo installed. So I did pkexec vim. Then it shows the list of users and asks for password. When I provide password, it throws error as " Error executing command as another user: Not authorized". Please help
– Shyamkkhadka
May 24 '18 at 5:48
I don't have visudo installed. So I did pkexec vim. Then it shows the list of users and asks for password. When I provide password, it throws error as " Error executing command as another user: Not authorized". Please help
– Shyamkkhadka
May 24 '18 at 5:48
add a comment |
if anyone else like me didn't have pkexec installed, or was not able to run vi, visudo, nano or any other editor to change sudoers file you can be sure with this process.. I was saved with this:
- reboot
- hold shift key while booting to have option for recovery mode (enter it)
- enter command line as root (second last option at my grub menu)
remount boot device for rw, and apply exec right for user, and edit file
mount -n -o remount,rw /
chmod u+x /etc/sudoers
nano /etc/sudoers
fix that mistake and be happy :)
While pkexec solution suggested by @eliah-kagan seems to be easier, this one is more universal. On my machine it turned out that there is no pkexec installed and of course I could not install it because sudo apt-get install pkexec somehow did not work.
– running.t
Oct 15 '15 at 14:06
Also within this approach I would usevisudo
insteadnano /etc/sudoers
.
– pa4080
Dec 3 '18 at 12:38
add a comment |
if anyone else like me didn't have pkexec installed, or was not able to run vi, visudo, nano or any other editor to change sudoers file you can be sure with this process.. I was saved with this:
- reboot
- hold shift key while booting to have option for recovery mode (enter it)
- enter command line as root (second last option at my grub menu)
remount boot device for rw, and apply exec right for user, and edit file
mount -n -o remount,rw /
chmod u+x /etc/sudoers
nano /etc/sudoers
fix that mistake and be happy :)
While pkexec solution suggested by @eliah-kagan seems to be easier, this one is more universal. On my machine it turned out that there is no pkexec installed and of course I could not install it because sudo apt-get install pkexec somehow did not work.
– running.t
Oct 15 '15 at 14:06
Also within this approach I would usevisudo
insteadnano /etc/sudoers
.
– pa4080
Dec 3 '18 at 12:38
add a comment |
if anyone else like me didn't have pkexec installed, or was not able to run vi, visudo, nano or any other editor to change sudoers file you can be sure with this process.. I was saved with this:
- reboot
- hold shift key while booting to have option for recovery mode (enter it)
- enter command line as root (second last option at my grub menu)
remount boot device for rw, and apply exec right for user, and edit file
mount -n -o remount,rw /
chmod u+x /etc/sudoers
nano /etc/sudoers
fix that mistake and be happy :)
if anyone else like me didn't have pkexec installed, or was not able to run vi, visudo, nano or any other editor to change sudoers file you can be sure with this process.. I was saved with this:
- reboot
- hold shift key while booting to have option for recovery mode (enter it)
- enter command line as root (second last option at my grub menu)
remount boot device for rw, and apply exec right for user, and edit file
mount -n -o remount,rw /
chmod u+x /etc/sudoers
nano /etc/sudoers
fix that mistake and be happy :)
edited May 23 '17 at 19:25
muru
1
1
answered Oct 20 '14 at 21:40
Kresimir PendicKresimir Pendic
82679
82679
While pkexec solution suggested by @eliah-kagan seems to be easier, this one is more universal. On my machine it turned out that there is no pkexec installed and of course I could not install it because sudo apt-get install pkexec somehow did not work.
– running.t
Oct 15 '15 at 14:06
Also within this approach I would usevisudo
insteadnano /etc/sudoers
.
– pa4080
Dec 3 '18 at 12:38
add a comment |
While pkexec solution suggested by @eliah-kagan seems to be easier, this one is more universal. On my machine it turned out that there is no pkexec installed and of course I could not install it because sudo apt-get install pkexec somehow did not work.
– running.t
Oct 15 '15 at 14:06
Also within this approach I would usevisudo
insteadnano /etc/sudoers
.
– pa4080
Dec 3 '18 at 12:38
While pkexec solution suggested by @eliah-kagan seems to be easier, this one is more universal. On my machine it turned out that there is no pkexec installed and of course I could not install it because sudo apt-get install pkexec somehow did not work.
– running.t
Oct 15 '15 at 14:06
While pkexec solution suggested by @eliah-kagan seems to be easier, this one is more universal. On my machine it turned out that there is no pkexec installed and of course I could not install it because sudo apt-get install pkexec somehow did not work.
– running.t
Oct 15 '15 at 14:06
Also within this approach I would use
visudo
instead nano /etc/sudoers
.– pa4080
Dec 3 '18 at 12:38
Also within this approach I would use
visudo
instead nano /etc/sudoers
.– pa4080
Dec 3 '18 at 12:38
add a comment |
If you messed up your sudoers
file, you'll need to:
- Reboot into recovery mode (hit escape during boot, choose the recovery mode option on the grub screen)
- Choose the 'Enable networking' option (if you don't your filesystem will be mounted as read-only. who knew)
- Chosee the 'Drop to root shell' option
- run
visudo
, fix your file - Reboot with normal grub option
source :- http://mario.net.au/content/recover-etcsudoers-ubuntu-1204
Hi, does it removes the iptables, files of existing system ?
– Shyamkkhadka
May 24 '18 at 7:48
add a comment |
If you messed up your sudoers
file, you'll need to:
- Reboot into recovery mode (hit escape during boot, choose the recovery mode option on the grub screen)
- Choose the 'Enable networking' option (if you don't your filesystem will be mounted as read-only. who knew)
- Chosee the 'Drop to root shell' option
- run
visudo
, fix your file - Reboot with normal grub option
source :- http://mario.net.au/content/recover-etcsudoers-ubuntu-1204
Hi, does it removes the iptables, files of existing system ?
– Shyamkkhadka
May 24 '18 at 7:48
add a comment |
If you messed up your sudoers
file, you'll need to:
- Reboot into recovery mode (hit escape during boot, choose the recovery mode option on the grub screen)
- Choose the 'Enable networking' option (if you don't your filesystem will be mounted as read-only. who knew)
- Chosee the 'Drop to root shell' option
- run
visudo
, fix your file - Reboot with normal grub option
source :- http://mario.net.au/content/recover-etcsudoers-ubuntu-1204
If you messed up your sudoers
file, you'll need to:
- Reboot into recovery mode (hit escape during boot, choose the recovery mode option on the grub screen)
- Choose the 'Enable networking' option (if you don't your filesystem will be mounted as read-only. who knew)
- Chosee the 'Drop to root shell' option
- run
visudo
, fix your file - Reboot with normal grub option
source :- http://mario.net.au/content/recover-etcsudoers-ubuntu-1204
edited Sep 18 '18 at 9:50
Melebius
4,59651839
4,59651839
answered Dec 14 '12 at 10:59
streakstreak
21124
21124
Hi, does it removes the iptables, files of existing system ?
– Shyamkkhadka
May 24 '18 at 7:48
add a comment |
Hi, does it removes the iptables, files of existing system ?
– Shyamkkhadka
May 24 '18 at 7:48
Hi, does it removes the iptables, files of existing system ?
– Shyamkkhadka
May 24 '18 at 7:48
Hi, does it removes the iptables, files of existing system ?
– Shyamkkhadka
May 24 '18 at 7:48
add a comment |
There is nothing wrong #include sudoer.d
removing #include sudoer.d won't make any difference.
But please make sure you don't have any syntax errors.
I had same issue but and spent hours to fix and just figured out they are syntax errors.
Refer to manual and make them right.
For example
Say your username is : dolly
I used following which is wrong
dolly ALL = (ALL) ALL NO PASSWD: ALL
correct syntax is
dolly ALL = (ALL) ALL //give permission to everything, not good
or
dolly ALL=(ALL) NOPASSWD:/usr/bin/thurderbird //good, give specific permission
hope this helps
A better approach than making sure you don't have syntax errors is to always usevisudo
when editing these files, which makes sure you don't have syntax errors for you, before it modifies file.visudo
is not just for editing/etc/sudoers
--it will also create and edit files in/etc/sudoers.d
. It will also work with whatever text editor you want. See the manpage for details.
– Eliah Kagan
Jul 3 '12 at 0:12
As for giving specific permission, please note that this is only useful for very simple commands/apps, because any sufficiently complex app (includingthunderbird
, which should never be run as root anyway) will effectively give the user full system access when run as root. Even seemingly simple functionality opens the door to full root access. For example, a user who can run a program that can save a file to an arbitrary location as root can gain full root access (they can install their own/etc/sudoers
, or if syntax limitations prevent that, they can install their own/etc/crontab
).
– Eliah Kagan
Jul 3 '12 at 0:16
add a comment |
There is nothing wrong #include sudoer.d
removing #include sudoer.d won't make any difference.
But please make sure you don't have any syntax errors.
I had same issue but and spent hours to fix and just figured out they are syntax errors.
Refer to manual and make them right.
For example
Say your username is : dolly
I used following which is wrong
dolly ALL = (ALL) ALL NO PASSWD: ALL
correct syntax is
dolly ALL = (ALL) ALL //give permission to everything, not good
or
dolly ALL=(ALL) NOPASSWD:/usr/bin/thurderbird //good, give specific permission
hope this helps
A better approach than making sure you don't have syntax errors is to always usevisudo
when editing these files, which makes sure you don't have syntax errors for you, before it modifies file.visudo
is not just for editing/etc/sudoers
--it will also create and edit files in/etc/sudoers.d
. It will also work with whatever text editor you want. See the manpage for details.
– Eliah Kagan
Jul 3 '12 at 0:12
As for giving specific permission, please note that this is only useful for very simple commands/apps, because any sufficiently complex app (includingthunderbird
, which should never be run as root anyway) will effectively give the user full system access when run as root. Even seemingly simple functionality opens the door to full root access. For example, a user who can run a program that can save a file to an arbitrary location as root can gain full root access (they can install their own/etc/sudoers
, or if syntax limitations prevent that, they can install their own/etc/crontab
).
– Eliah Kagan
Jul 3 '12 at 0:16
add a comment |
There is nothing wrong #include sudoer.d
removing #include sudoer.d won't make any difference.
But please make sure you don't have any syntax errors.
I had same issue but and spent hours to fix and just figured out they are syntax errors.
Refer to manual and make them right.
For example
Say your username is : dolly
I used following which is wrong
dolly ALL = (ALL) ALL NO PASSWD: ALL
correct syntax is
dolly ALL = (ALL) ALL //give permission to everything, not good
or
dolly ALL=(ALL) NOPASSWD:/usr/bin/thurderbird //good, give specific permission
hope this helps
There is nothing wrong #include sudoer.d
removing #include sudoer.d won't make any difference.
But please make sure you don't have any syntax errors.
I had same issue but and spent hours to fix and just figured out they are syntax errors.
Refer to manual and make them right.
For example
Say your username is : dolly
I used following which is wrong
dolly ALL = (ALL) ALL NO PASSWD: ALL
correct syntax is
dolly ALL = (ALL) ALL //give permission to everything, not good
or
dolly ALL=(ALL) NOPASSWD:/usr/bin/thurderbird //good, give specific permission
hope this helps
answered Jul 2 '12 at 23:15
Thusitha NuwanThusitha Nuwan
6111
6111
A better approach than making sure you don't have syntax errors is to always usevisudo
when editing these files, which makes sure you don't have syntax errors for you, before it modifies file.visudo
is not just for editing/etc/sudoers
--it will also create and edit files in/etc/sudoers.d
. It will also work with whatever text editor you want. See the manpage for details.
– Eliah Kagan
Jul 3 '12 at 0:12
As for giving specific permission, please note that this is only useful for very simple commands/apps, because any sufficiently complex app (includingthunderbird
, which should never be run as root anyway) will effectively give the user full system access when run as root. Even seemingly simple functionality opens the door to full root access. For example, a user who can run a program that can save a file to an arbitrary location as root can gain full root access (they can install their own/etc/sudoers
, or if syntax limitations prevent that, they can install their own/etc/crontab
).
– Eliah Kagan
Jul 3 '12 at 0:16
add a comment |
A better approach than making sure you don't have syntax errors is to always usevisudo
when editing these files, which makes sure you don't have syntax errors for you, before it modifies file.visudo
is not just for editing/etc/sudoers
--it will also create and edit files in/etc/sudoers.d
. It will also work with whatever text editor you want. See the manpage for details.
– Eliah Kagan
Jul 3 '12 at 0:12
As for giving specific permission, please note that this is only useful for very simple commands/apps, because any sufficiently complex app (includingthunderbird
, which should never be run as root anyway) will effectively give the user full system access when run as root. Even seemingly simple functionality opens the door to full root access. For example, a user who can run a program that can save a file to an arbitrary location as root can gain full root access (they can install their own/etc/sudoers
, or if syntax limitations prevent that, they can install their own/etc/crontab
).
– Eliah Kagan
Jul 3 '12 at 0:16
A better approach than making sure you don't have syntax errors is to always use
visudo
when editing these files, which makes sure you don't have syntax errors for you, before it modifies file. visudo
is not just for editing /etc/sudoers
--it will also create and edit files in /etc/sudoers.d
. It will also work with whatever text editor you want. See the manpage for details.– Eliah Kagan
Jul 3 '12 at 0:12
A better approach than making sure you don't have syntax errors is to always use
visudo
when editing these files, which makes sure you don't have syntax errors for you, before it modifies file. visudo
is not just for editing /etc/sudoers
--it will also create and edit files in /etc/sudoers.d
. It will also work with whatever text editor you want. See the manpage for details.– Eliah Kagan
Jul 3 '12 at 0:12
As for giving specific permission, please note that this is only useful for very simple commands/apps, because any sufficiently complex app (including
thunderbird
, which should never be run as root anyway) will effectively give the user full system access when run as root. Even seemingly simple functionality opens the door to full root access. For example, a user who can run a program that can save a file to an arbitrary location as root can gain full root access (they can install their own /etc/sudoers
, or if syntax limitations prevent that, they can install their own /etc/crontab
).– Eliah Kagan
Jul 3 '12 at 0:16
As for giving specific permission, please note that this is only useful for very simple commands/apps, because any sufficiently complex app (including
thunderbird
, which should never be run as root anyway) will effectively give the user full system access when run as root. Even seemingly simple functionality opens the door to full root access. For example, a user who can run a program that can save a file to an arbitrary location as root can gain full root access (they can install their own /etc/sudoers
, or if syntax limitations prevent that, they can install their own /etc/crontab
).– Eliah Kagan
Jul 3 '12 at 0:16
add a comment |
run recovery mode then type this
chown -R root:root /etc/sudoers.d
chmod u=rwx,g=rx,o=rx /etc/sudoers.d/
chmod u=r,g=r,o= /etc/sudoers.d/*
only the group and user root should have read privelege
add a comment |
run recovery mode then type this
chown -R root:root /etc/sudoers.d
chmod u=rwx,g=rx,o=rx /etc/sudoers.d/
chmod u=r,g=r,o= /etc/sudoers.d/*
only the group and user root should have read privelege
add a comment |
run recovery mode then type this
chown -R root:root /etc/sudoers.d
chmod u=rwx,g=rx,o=rx /etc/sudoers.d/
chmod u=r,g=r,o= /etc/sudoers.d/*
only the group and user root should have read privelege
run recovery mode then type this
chown -R root:root /etc/sudoers.d
chmod u=rwx,g=rx,o=rx /etc/sudoers.d/
chmod u=r,g=r,o= /etc/sudoers.d/*
only the group and user root should have read privelege
answered Nov 20 '11 at 17:11
kosaidpokosaidpo
21913
21913
add a comment |
add a comment |
You can also login as root on a tty
console with Ctrl+Fn (Fn from 1 to 6) and run visudo
.
add a comment |
You can also login as root on a tty
console with Ctrl+Fn (Fn from 1 to 6) and run visudo
.
add a comment |
You can also login as root on a tty
console with Ctrl+Fn (Fn from 1 to 6) and run visudo
.
You can also login as root on a tty
console with Ctrl+Fn (Fn from 1 to 6) and run visudo
.
edited Mar 9 '13 at 8:16
BuZZ-dEE
9,225115169
9,225115169
answered Mar 9 '13 at 7:12
magisterludimagisterludi
311
311
add a comment |
add a comment |
You can edit your boot entry while in grub as well.
Simply reboot your pc, and wait for grub to show. Then press "e" on the "Ubuntu" entry to edit it.
Look for a line with "linux = " or "kernel = " and simply add an "single" to the end of that line.
Then press F10 to boot this temporarily modified boot entry.
This will give you a shell (without GUI) with root rights and you can edit the sudoers file with s.th. like nano /etc/sudoers back to its previous state.
Then reboot and its done.
add a comment |
You can edit your boot entry while in grub as well.
Simply reboot your pc, and wait for grub to show. Then press "e" on the "Ubuntu" entry to edit it.
Look for a line with "linux = " or "kernel = " and simply add an "single" to the end of that line.
Then press F10 to boot this temporarily modified boot entry.
This will give you a shell (without GUI) with root rights and you can edit the sudoers file with s.th. like nano /etc/sudoers back to its previous state.
Then reboot and its done.
add a comment |
You can edit your boot entry while in grub as well.
Simply reboot your pc, and wait for grub to show. Then press "e" on the "Ubuntu" entry to edit it.
Look for a line with "linux = " or "kernel = " and simply add an "single" to the end of that line.
Then press F10 to boot this temporarily modified boot entry.
This will give you a shell (without GUI) with root rights and you can edit the sudoers file with s.th. like nano /etc/sudoers back to its previous state.
Then reboot and its done.
You can edit your boot entry while in grub as well.
Simply reboot your pc, and wait for grub to show. Then press "e" on the "Ubuntu" entry to edit it.
Look for a line with "linux = " or "kernel = " and simply add an "single" to the end of that line.
Then press F10 to boot this temporarily modified boot entry.
This will give you a shell (without GUI) with root rights and you can edit the sudoers file with s.th. like nano /etc/sudoers back to its previous state.
Then reboot and its done.
answered Jan 13 '13 at 4:41
Markus ResselMarkus Ressel
211
211
add a comment |
add a comment |
pkexec visudo
then revert your mistakes
1
not necessary to use pkexec
– Braiam
Jan 1 '14 at 12:01
@Braiamvisudo
has to be run as root. Ifsudo
doesn't work,pkexec
sometimes does. This is covered by my earlier answer... but it is a correct answer,visudo
by itself (when not run as root) will not work, and there may be value in correct, brief answers even when their recommendations overlap considerably with other answers. Of course, if one goes into recovery mode, that's a root shell and then neithersudo
norvisudo
is necessary for commands likepkexec
. Maybe that's what you mean...
– Eliah Kagan
Mar 29 '14 at 5:30
add a comment |
pkexec visudo
then revert your mistakes
1
not necessary to use pkexec
– Braiam
Jan 1 '14 at 12:01
@Braiamvisudo
has to be run as root. Ifsudo
doesn't work,pkexec
sometimes does. This is covered by my earlier answer... but it is a correct answer,visudo
by itself (when not run as root) will not work, and there may be value in correct, brief answers even when their recommendations overlap considerably with other answers. Of course, if one goes into recovery mode, that's a root shell and then neithersudo
norvisudo
is necessary for commands likepkexec
. Maybe that's what you mean...
– Eliah Kagan
Mar 29 '14 at 5:30
add a comment |
pkexec visudo
then revert your mistakes
pkexec visudo
then revert your mistakes
edited Jan 1 '14 at 8:39
kiri
19k1259104
19k1259104
answered Jan 1 '14 at 8:23
Bhavesh GabaniBhavesh Gabani
411
411
1
not necessary to use pkexec
– Braiam
Jan 1 '14 at 12:01
@Braiamvisudo
has to be run as root. Ifsudo
doesn't work,pkexec
sometimes does. This is covered by my earlier answer... but it is a correct answer,visudo
by itself (when not run as root) will not work, and there may be value in correct, brief answers even when their recommendations overlap considerably with other answers. Of course, if one goes into recovery mode, that's a root shell and then neithersudo
norvisudo
is necessary for commands likepkexec
. Maybe that's what you mean...
– Eliah Kagan
Mar 29 '14 at 5:30
add a comment |
1
not necessary to use pkexec
– Braiam
Jan 1 '14 at 12:01
@Braiamvisudo
has to be run as root. Ifsudo
doesn't work,pkexec
sometimes does. This is covered by my earlier answer... but it is a correct answer,visudo
by itself (when not run as root) will not work, and there may be value in correct, brief answers even when their recommendations overlap considerably with other answers. Of course, if one goes into recovery mode, that's a root shell and then neithersudo
norvisudo
is necessary for commands likepkexec
. Maybe that's what you mean...
– Eliah Kagan
Mar 29 '14 at 5:30
1
1
not necessary to use pkexec
– Braiam
Jan 1 '14 at 12:01
not necessary to use pkexec
– Braiam
Jan 1 '14 at 12:01
@Braiam
visudo
has to be run as root. If sudo
doesn't work, pkexec
sometimes does. This is covered by my earlier answer... but it is a correct answer, visudo
by itself (when not run as root) will not work, and there may be value in correct, brief answers even when their recommendations overlap considerably with other answers. Of course, if one goes into recovery mode, that's a root shell and then neither sudo
nor visudo
is necessary for commands like pkexec
. Maybe that's what you mean...– Eliah Kagan
Mar 29 '14 at 5:30
@Braiam
visudo
has to be run as root. If sudo
doesn't work, pkexec
sometimes does. This is covered by my earlier answer... but it is a correct answer, visudo
by itself (when not run as root) will not work, and there may be value in correct, brief answers even when their recommendations overlap considerably with other answers. Of course, if one goes into recovery mode, that's a root shell and then neither sudo
nor visudo
is necessary for commands like pkexec
. Maybe that's what you mean...– Eliah Kagan
Mar 29 '14 at 5:30
add a comment |
In Ubuntu 16.04 running on a VirtualBox (shouldn't make a difference), the above methods didn't work for me (invalid row in the end of the file). What did work was:
- Restart the VirtualBox
- Let it boot normally, until it asks for your username & password in the console
- Login normally with your username
- Then when you end up in the console (provided your box doesn't boot into a GUI), simply give the command
su -
and then give your own username's password. - It should now end up in
root@ubuntu-xenial:~#
prompt, if the/etc/sudoers
isn't too broken or empty. Not sure what would happen in that case. - Then you can simply run
visudo
and fix the file. - Then
Ctrl + X
and it will prompt to Save modified buffer. PressY
andEnter
- Restart the box and it should work now.
In case your /etc/sudoers
is empty or missing something, and you can edit it, then here's the contents of mine:
Defaults env_reset
Defaults mail_badpass
Defaults secure_path="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/snap/bin"
root ALL=(ALL:ALL) ALL
%admin ALL=(ALL) ALL
%sudo ALL=(ALL:ALL) ALL
add a comment |
In Ubuntu 16.04 running on a VirtualBox (shouldn't make a difference), the above methods didn't work for me (invalid row in the end of the file). What did work was:
- Restart the VirtualBox
- Let it boot normally, until it asks for your username & password in the console
- Login normally with your username
- Then when you end up in the console (provided your box doesn't boot into a GUI), simply give the command
su -
and then give your own username's password. - It should now end up in
root@ubuntu-xenial:~#
prompt, if the/etc/sudoers
isn't too broken or empty. Not sure what would happen in that case. - Then you can simply run
visudo
and fix the file. - Then
Ctrl + X
and it will prompt to Save modified buffer. PressY
andEnter
- Restart the box and it should work now.
In case your /etc/sudoers
is empty or missing something, and you can edit it, then here's the contents of mine:
Defaults env_reset
Defaults mail_badpass
Defaults secure_path="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/snap/bin"
root ALL=(ALL:ALL) ALL
%admin ALL=(ALL) ALL
%sudo ALL=(ALL:ALL) ALL
add a comment |
In Ubuntu 16.04 running on a VirtualBox (shouldn't make a difference), the above methods didn't work for me (invalid row in the end of the file). What did work was:
- Restart the VirtualBox
- Let it boot normally, until it asks for your username & password in the console
- Login normally with your username
- Then when you end up in the console (provided your box doesn't boot into a GUI), simply give the command
su -
and then give your own username's password. - It should now end up in
root@ubuntu-xenial:~#
prompt, if the/etc/sudoers
isn't too broken or empty. Not sure what would happen in that case. - Then you can simply run
visudo
and fix the file. - Then
Ctrl + X
and it will prompt to Save modified buffer. PressY
andEnter
- Restart the box and it should work now.
In case your /etc/sudoers
is empty or missing something, and you can edit it, then here's the contents of mine:
Defaults env_reset
Defaults mail_badpass
Defaults secure_path="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/snap/bin"
root ALL=(ALL:ALL) ALL
%admin ALL=(ALL) ALL
%sudo ALL=(ALL:ALL) ALL
In Ubuntu 16.04 running on a VirtualBox (shouldn't make a difference), the above methods didn't work for me (invalid row in the end of the file). What did work was:
- Restart the VirtualBox
- Let it boot normally, until it asks for your username & password in the console
- Login normally with your username
- Then when you end up in the console (provided your box doesn't boot into a GUI), simply give the command
su -
and then give your own username's password. - It should now end up in
root@ubuntu-xenial:~#
prompt, if the/etc/sudoers
isn't too broken or empty. Not sure what would happen in that case. - Then you can simply run
visudo
and fix the file. - Then
Ctrl + X
and it will prompt to Save modified buffer. PressY
andEnter
- Restart the box and it should work now.
In case your /etc/sudoers
is empty or missing something, and you can edit it, then here's the contents of mine:
Defaults env_reset
Defaults mail_badpass
Defaults secure_path="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/snap/bin"
root ALL=(ALL:ALL) ALL
%admin ALL=(ALL) ALL
%sudo ALL=(ALL:ALL) ALL
answered Aug 14 '18 at 9:40
Juha UntinenJuha Untinen
1135
1135
add a comment |
add a comment |
2
great question considering this page creates that error help.ubuntu.com/community/RootSudoTimeout
– user128334
Sep 21 '13 at 18:14