Rescue from an Invalid "sudoers" File
I was trying some feature today, and that feature required to modify /etc/sudoers
. No problem, it seemed that my favorite editor vim can accomplish it. Open up a terminal, I entered sudo vim /etc/sudoers
, modified and saved it. Everything was ok, and I went on testing.
Oh no, I saw such an error message just after that.
>>> /etc/sudoers: syntax error near line 12 <<<
sudo: parse error in /etc/sudoers near line 12
sudo: no valid sudoers sources found, quitting
sudo: unable to initialize policy plugin
The file was screwed up by the last change, and I was not able to make any further change on this file! I searched online and found pkexec visudo was ready to rescue. I happily entered , and it required to authenticate a super user by password. Then I realized that none of the users in sudo group had a password!
Everything was messed up. Luckily the server was not in production environment. Anyway, I learned the following from the incident:
1. Never use a normal text editor to modify sudoers file. Use visudo
instead.
2. Always set a password for user accounts.
The server was running in AWS, so rebooting was not an option. Thanks to AWS, I finally fixed the file by the following steps:
1. Stop the server instance with error (let me call it server A).
2. Detach the disk volume from server A.
3. Attach the disk to another running server (let me call it server B) and mount the disk to a directory.
4. Correct the syntax error of the sudoers file in the mounted disk.
5. Unmount the directory and detach the disk from server B.
6. Re-attach the disk to server A as a root volume.
7. Restart server A.