How to modify an invalid '/etc/sudoers' file?

On a modern Ubuntu system (and many other GNU/Linux distributions), fixing a corrupted sudoers file is actually quite easy, and doesn't require rebooting, using a live CD, or physical access to the machine.

To do this via SSH, log in to the machine and run the command pkexec visudo. If you have physical access to the machine, SSH is unnecessary; just open a Terminal window and run that pkexec command.

Assuming you (or some other user) are authorized to run programs as root with PolicyKit, you can enter your password, and then it will run visudo as root, and you can fix your /etc/sudoers.

If you need to edit one of the configuration files in /etc/sudoers.d (which is uncommon in this situation, but possible), use pkexec visudo -f /etc/sudoers.d/filename.

If you have a related situation where you have to perform additional system administration commands as root to fix the problem (also uncommon in this circumstance, but common in others), you can start an interactive root shell with pkexec bash. Generally speaking, any non-graphical command you'd run with sudo can be run with pkexec instead.

(If there is more than one user account on the system authorized to run programs as root with PolicyKit, then for any of those actions, you'll be asked to select which one you want to use, before being asked for your password.)


If that doesn't work--for example, if there are no users authorized to run programs as root via PolicyKit--then boot from an Ubuntu live CD (like the CD you probably used to install Ubuntu) and mount the filesystem for the installed system. You can do this by running sudo parted -l to view your partitions--there is probably just one ext4 partition, and that's the root filesystem.

Suppose the installed Ubuntu system's root filesystem is on /dev/sda1. Then you could mount it with sudo mount /dev/sda1 /mnt. Then you can edit the installed system's sudoers file with sudo nano -w /mnt/etc/sudoers. Or, even better, you can edit it with

sudo visudo -f /mnt/etc/sudoers

(which will prevent you from saving a sudoers file with incorrect syntax).


Always use visudo to edit your sudoers file, never edit it directly yourself. It will prevent you saving it to disk unless it validates.


Type in:

pkexec visudo

Then change last line

#includedir /etc/sudoers

To:

#includedir /etc/sudoers.d

It should solve your problem.

Tags:

Sudo

Visudo