Not able to use sudo commands in terminal

[BugeyeSTI]

I was trying to create a bootable USB drive for High Sierra using the video below:

This is what I get when I hit enter in terminal:
sudo: /etc/sudoers is owned by uid 1, should be 0

sudo: no valid sudoers sources found, quitting

sudo: unable to initialize policy plugin

Any idea what the issue might be? This happens no matter what method I've tried in terminal. I'm the administrator on the account and I have access to everything on the computer.

 

[macdos]

Boot to safe mode and do this:

chown root:wheel /etc/sudoers

 

[BugeyeSTI]

Boot to safe mode and do this:

chown root:wheel /etc/sudoers

Didn't work. This was the output:

chown: /etc/sudoers: Operation not permitted

 

[macdos]

Didn't work. This was the output:

chown: /etc/sudoers: Operation not permitted

Hm… how about:

visudo /etc/sudoers

 

[BugeyeSTI]

Hm… how about:

visudo /etc/sudoers

This is what I got:
usage: visudo [-chqsV] [-f sudoers] [-x output_file]

 

[dsemf]

This is what I got:
usage: visudo [-chqsV] [-f sudoers] [-x output_file]

Enter the following terminal command and reply with the results.

ls -l /etc/sudoers

The results should look like the following.

-r--r-----  1 root  wheel  1563 Jul 30  2016 /etc/sudoers

DS

 

[BugeyeSTI]

Enter the following terminal command and reply with the results.

ls -l /etc/sudoers

The results should look like the following.

-r--r-----  1 root  wheel  1563 Jul 30  2016 /etc/sudoers

DS

This is what was displayed:
-rw-r--r-- 1 (my name) staff 2299 Jul 31 2015 /etc/sudoers
I replaced my actual name with (my name)

 

[dsemf]

This is what was displayed:
-rw-r--r-- 1 (my name) staff 2299 Jul 31 2015 /etc/sudoers
I replaced my actual name with (my name)

Two more commands.

ls -l /etc/
ls -l /etc

The first one lists everything in the directory. All the files should show root and wheel, not your name and staff.
The second is the directory itself.

lrwxr-xr-x@ 1 root  wheel  11 Oct  5 15:31 /etc -> private/etc

Somehow your system got really messed up. At this point I would suspect malware.

DS

 

[BugeyeSTI]

Two more commands.

ls -l /etc/
ls -l /etc

The first one lists everything in the directory. All the files should show root and wheel, not your name and staff.
The second is the directory itself.

lrwxr-xr-x@ 1 root  wheel  11 Oct  5 15:31 /etc -> private/etc

Somehow your system got really messed up. At this point I would suspect malware.

DS

The first command shows mostly root and wheel entries but, my name and staff are also sprinkled in the list. The second command shows the exact output you posted. I might add that I had an issue with the original administrator account so I created a new one to test out if the original account was corrupt. After verifying the original account was the issue, I transferred everything into the new admin account and erased the old one. Everything works fine except sudo commands.

 

[dsemf]

The first command shows mostly root and wheel entries but, my name and staff are also sprinkled in the list. The second command shows the exact output you posted. I might add that I had an issue with the original administrator account so I created a new one to test out if the original account was corrupt. After verifying the original account was the issue, I transferred everything into the new admin account and erased the old one. Everything works fine except sudo commands.

Use the following command to determine the scope of the damage.

ls -l /etc/ | grep staff

At this point, I don't have any good ideas on how to recover.

 

[Nermal]

Boot to Recovery, open Terminal and try this:

chown root:wheel "/Volumes/Macintosh HD/etc/sudoers"

(changing "Macintosh HD" to the name of your boot volume as appropriate).

 

[BugeyeSTI]

Use the following command to determine the scope of the damage.

ls -l /etc/ | grep staff

At this point, I don't have any good ideas on how to recover.

-rw-r--r-- 1 (myname) staff 515 Sep 15 2015 afpovertcp.cfg

-rw-r--r-- 1 (myname) staff 194 Dec 10 2015 auto_master

-rw-r--r-- 1 (myname) staff 189 Jul 31 2015 csh.cshrc

-rw-r--r-- 1 (myname) staff 121 Jul 31 2015 csh.login

-rw-r--r-- 1 (myname) staff 39 Jul 31 2015 csh.logout

-rw-r--r-- 1 (myname) staff 1029 Jul 31 2015 efax.rc~previous

-rw-r--r-- 1 (myname) staff 0 Sep 15 2015 find.codes

-rw-r--r-- 1 (myname) staff 119 Sep 15 2015 ftpusers

-rw-r--r-- 1 (myname) staff 5678 Sep 15 2015 gettytab

-rw-r--r-- 1 (myname) staff 214 Sep 15 2015 hosts

-rw-r--r-- 1 (myname) staff 1946 Nov 30 00:10 krb5.keytab

-rw-r--r-- 1 (myname) staff 106 Aug 15 2015 mail.rc

-rw-r--r-- 1 (myname) staff 6355 Sep 15 2015 master.passwd

-rw-r--r-- 1 (myname) staff 53 Sep 15 2015 networks

-rw-r--r-- 1 (myname) staff 43 Jul 31 2015 nfs.conf

-rw-r--r--@ 1 (myname) staff 22 Mar 20 2016 ntp.conf

-rw-r--r-- 1 (myname) staff 45 Sep 15 2015 paths

-rw-r--r-- 1 (myname) staff 189 Jul 31 2015 profile

-rw-r--r-- 1 (myname) staff 179 Sep 15 2015 shells
[doublepost=1516088575][/doublepost]

Boot to Recovery, open Terminal and try this:

chown root:wheel "/Volumes/Macintosh HD/etc/sudoers"

(changing "Macintosh HD" to the name of your boot volume as appropriate).

I entered the code. There was no output.. Should I of seen something?

 

[Nermal]

No output is a good thing; that means no errors

Does sudo work now?

 

[BugeyeSTI]

No output is a good thing; that means no errors

Does sudo work now?

It sure does! Thank you so much! I thought I was going to have to nuke the whole machine and do a clean install to correct it. I really appreciate all the help..

 

[chrfr]

It sure does! Thank you so much! I thought I was going to have to nuke the whole machine and do a clean install to correct it. I really appreciate all the help..

To be clear, you have a lot of things that have the wrong permissions set. This is one of the cases where the old repair permissions function would have helped. Did you disable System Integrity Protection at some point?

 

[BugeyeSTI]

To be clear, you have a lot of things that have the wrong permissions set. This is one of the cases where the old repair permissions function would have helped. Did you disable System Integrity Protection at some point?

No SIP is operational. Is there any way to repair it or do I have to start with a fresh install?

 

[dsemf]

No SIP is operational. Is there any way to repair it or do I have to start with a fresh install?

You might try doing a non-distructive re-install.

I believe that consists of creating a really good backup using CCC or equivalent and then booting with CMD-R and selecting re-install OS. Other posters here have a much better understanding of the process.

DS

 

[BugeyeSTI]

You might try doing a non-distructive re-install.

I believe that consists of creating a really good backup using CCC or equivalent and then booting with CMD-R and selecting re-install OS. Other posters here have a much better understanding of the process.

DS

Now when I enter: ls -l /etc the output is:
lrwxr-xr-x@ 1 root wheel 11 Oct 5 15:31 /etc -> private/etc

Does that still indicate issues?

 

[dsemf]

Now when I enter: ls -l /etc the output is:
lrwxr-xr-x@ 1 root wheel 11 Oct 5 15:31 /etc -> private/etc

Does that still indicate issues?

That just shows the status of the directory itself, not the contents.

When you add the slash to the end, then you see the directory contents. That is where your user name was showing. With a couple of exceptions, the files should show root and wheel as the owner and group.

DS

 

[BugeyeSTI]

That just shows the status of the directory itself, not the contents.

When you add the slash to the end, then you see the directory contents. That is where your user name was showing. With a couple of exceptions, the files should show root and wheel as the owner and group.

DS

(This was after I reinstalled MacOS from recovery), does it look normal?
Here is the list:

total 1224

-rw-r--r-- 1 (my name) staff 515 Sep 15 2015 afpovertcp.cfg

-rw-r--r-- 1 root wheel 515 Oct 2 17:29 afpovertcp.cfg~orig

lrwxr-xr-x 1 root wheel 15 Jan 16 16:42 aliases -> postfix/aliases

-rw-r----- 1 root wheel 16384 Jul 25 18:47 aliases.db

drwxr-xr-x 11 root wheel 374 Jan 16 16:50 apache2

drwxr-xr-x 29 root wheel 986 Jan 16 16:48 asl

-rw-r--r-- 1 root wheel 1051 Jul 21 19:17 asl.conf

-rw-r--r-- 1 root wheel 149 Nov 9 19:17 auto_home

-rw-r--r-- 1 (my name) staff 194 Dec 10 2015 auto_master

-rw-r--r-- 1 root wheel 194 Nov 9 19:17 auto_master~orig

-rw-r--r-- 1 root wheel 1935 Nov 9 19:17 autofs.conf

-r--r--r-- 1 root wheel 265 Jul 15 2017 bashrc

-rw-r--r-- 1 root wheel 9192 Oct 10 17:48 bashrc_Apple_Terminal

-r--r--r-- 1 root wheel 265 Jul 15 2017 bashrc~previous

-rw-r--r-- 1 root wheel 82 Nov 9 03:07 com.apple.screensharing.agent.launchd

-rw-r--r-- 1 (my name) staff 189 Jul 31 2015 csh.cshrc

-rw-r--r-- 1 root wheel 189 Jul 15 2017 csh.cshrc~orig

-rw-r--r-- 1 (my name) staff 121 Jul 31 2015 csh.login

-rw-r--r-- 1 root wheel 121 Jul 15 2017 csh.login~orig

-rw-r--r-- 1 (my name) staff 39 Jul 31 2015 csh.logout

-rw-r--r-- 1 root wheel 39 Jul 15 2017 csh.logout~orig

drwxr-xr-x 14 root _lp 476 Jan 16 16:50 cups

drwxr-xr-x 3 root wheel 102 Jul 15 2017 defaults

-rw-r--r-- 1 root wheel 2378 Oct 11 19:15 dnsextd.conf

-rw-r--r-- 1 (my name) staff 1029 Jul 31 2015 efax.rc~previous

drwxr-xr-x 4 root wheel 136 Jul 15 2017 emond.d

-rw-r--r-- 1 (my name) staff 0 Sep 15 2015 find.codes

-rw-r--r-- 1 root wheel 0 Oct 2 17:29 find.codes~orig

-rw-r--r-- 1 root wheel 150 Oct 2 17:29 fstab.hd

-rw-r--r-- 1 root wheel 150 Jul 25 18:37 fstab.hd~previous

-rw-r--r-- 1 (my name) staff 119 Sep 15 2015 ftpusers

-rw-r--r-- 1 root wheel 119 Oct 2 17:29 ftpusers~orig

-rw-r--r-- 1 (my name) staff 5678 Sep 15 2015 gettytab

-rw-r--r-- 1 root wheel 5678 Oct 2 17:29 gettytab~orig

-rw-r--r-- 1 root wheel 2769 Oct 2 17:29 group

-rw-r--r-- 1 root wheel 2769 Jul 25 18:37 group~previous

-rw-r--r-- 1 (my name) staff 214 Sep 15 2015 hosts

-rw-r--r-- 1 root wheel 0 Oct 2 17:29 hosts.equiv

-rw-r--r-- 1 root wheel 213 Oct 2 17:29 hosts~orig

-r--r--r-- 1 root wheel 1299 Jul 15 2017 irbrc

-rw------- 1 root wheel 12 Jan 15 10:36 kcpassword

-rw-r--r-- 1 root wheel 0 Oct 2 17:29 kern_loader.conf

-rw-r--r-- 1 root wheel 0 Jul 25 18:37 kern_loader.conf~previous

-rw-r--r-- 1 (my name) staff 1946 Jan 16 16:53 krb5.keytab

lrwxr-xr-x 1 root wheel 41 Jan 16 16:50 localtime -> /var/db/timezone/zoneinfo/America/Phoenix

-rw-r--r-- 1 root wheel 621 Jul 15 2017 locate.rc

drwxr-xr-x 2 root wheel 68 Oct 30 15:22 mach_init.d

drwxr-xr-x 2 root wheel 68 Oct 30 15:22 mach_init_per_login_session.d

drwxr-xr-x 2 root wheel 68 Oct 30 15:22 mach_init_per_user.d

-rw-r--r-- 1 (my name) staff 106 Aug 15 2015 mail.rc

-rw-r--r-- 1 root wheel 106 Jul 28 16:08 mail.rc~orig

-rw-r--r-- 1 root wheel 4574 Jul 15 2017 man.conf

-rw-r--r-- 1 root wheel 36 Oct 2 17:29 manpaths

drwxr-xr-x 2 root wheel 68 Oct 2 17:29 manpaths.d

-rw-r--r-- 1 (my name) staff 6355 Sep 15 2015 master.passwd

-rw------- 1 root wheel 7264 Oct 2 17:29 master.passwd~orig

-rw-r--r-- 1 root wheel 11 Jul 15 2017 nanorc

-rw-r--r-- 1 (my name) staff 53 Sep 15 2015 networks

-rw-r--r-- 1 root wheel 53 Oct 2 17:29 networks~orig

-rw-r--r-- 1 root wheel 1318 Jul 15 2017 newsyslog.conf

drwxr-xr-x 7 root wheel 238 Dec 1 12:36 newsyslog.d

-rw-r--r-- 1 (my name) staff 43 Jul 31 2015 nfs.conf

-rw-r--r-- 1 root wheel 43 Oct 9 20:06 nfs.conf~orig

-rw-r--r-- 1 root wheel 351 Jul 15 2017 notify.conf

-rw-r--r-- 1 root wheel 414 Jul 15 2017 ntp-restrict.conf

-rw-r--r--@ 1 (my name) staff 22 Mar 20 2016 ntp.conf

-rw-r--r-- 1 root wheel 23 Nov 29 01:04 ntp_opendirectory.conf

drwxr-xr-x 9 root wheel 306 Jan 16 16:50 openldap

drwxr-xr-x 22 root wheel 748 Dec 1 12:37 pam.d

-rw-r--r-- 1 root wheel 6774 Oct 2 17:29 passwd

-rw-r--r-- 1 root wheel 6393 Feb 20 2017 passwd~orig

-rw-r--r-- 1 (my name) staff 45 Sep 15 2015 paths

drwxr-xr-x 2 root wheel 68 Oct 2 17:29 paths.d

-rw-r--r-- 1 root wheel 45 Oct 2 17:29 paths~orig

drwxr-xr-x 5 root wheel 170 Jul 15 2017 periodic

drwxr-xr-x 3 root wheel 102 Jul 15 2017 pf.anchors

-rw-r--r-- 1 root wheel 1027 Jul 15 2017 pf.conf

-rw-r--r-- 1 root wheel 28311 Jul 15 2017 pf.os

-rw-r--r-- 1 root wheel 4417 Jul 15 2017 php-fpm.conf.default

drwxr-xr-x 3 root wheel 102 Jul 15 2017 php-fpm.d

-r--r--r-- 1 root wheel 71096 Jul 15 2017 php.ini.default

-r--r--r-- 1 root wheel 71096 Jul 15 2017 php.ini.default-previous

-r--r--r-- 1 root wheel 71096 Jul 15 2017 php.ini.default-previous~orig

drwxr-xr-x 34 root wheel 1156 Jan 16 16:50 postfix

drwxr-xr-x 2 root wheel 68 Nov 9 19:30 ppp

-rw-r--r-- 1 (my name) staff 189 Jul 31 2015 profile

-r--r--r-- 1 root wheel 189 Jul 15 2017 profile~orig

-rw-r--r-- 1 root wheel 6393 Oct 2 17:29 protocols

-rw-r--r-- 1 root wheel 6393 Jul 25 18:37 protocols~previous

drwxr-xr-x 4 root wheel 136 Jul 15 2017 racoon

-rw-r--r-- 1 root wheel 1560 Oct 30 15:22 rc.common

-rw-r--r-- 1 root wheel 1560 Jul 31 17:30 rc.common~previous

-rw-r--r-- 1 root wheel 5264 Sep 26 18:11 rc.netboot

lrwxr-xr-x 1 root wheel 22 Jan 16 16:42 resolv.conf -> ../var/run/resolv.conf

-rw-r--r-- 1 root wheel 0 Oct 2 17:29 rmtab

-rw-r--r-- 1 root wheel 1735 Oct 2 17:29 rpc

-rw-r--r-- 1 root wheel 1735 Jul 25 18:37 rpc~previous

-rw-r--r-- 1 root wheel 891 Nov 9 19:18 rtadvd.conf

-rw-r--r-- 1 root wheel 891 Aug 24 21:54 rtadvd.conf~previous

drwxr-xr-x 7 root wheel 238 Jul 15 2017 security

-rw-r--r-- 1 root wheel 677972 Oct 2 17:29 services

-rw-r--r-- 1 root wheel 677972 Jul 25 18:37 services~previous

-rw-r--r-- 1 (my name) staff 179 Sep 15 2015 shells

-rw-r--r-- 1 root wheel 179 Oct 2 17:29 shells~orig

drwxr-xr-x 4 root wheel 136 Jul 15 2017 snmp

drwxr-xr-x 5 root wheel 170 Dec 1 12:35 ssh

drwxr-xr-x 6 root wheel 204 Jul 15 2017 ssl

-r--r----- 1 root wheel 257 Jul 15 2017 sudo_lecture

-rw-r--r-- 1 root wheel 2299 Jul 31 2015 sudoers

drwxr-xr-x 2 root wheel 68 Jul 15 2017 sudoers.d

-r--r----- 1 root wheel 1563 Jul 15 2017 sudoers~orig

-rw-r--r-- 1 root wheel 96 Jul 21 19:17 syslog.conf

-rw-r--r-- 1 root wheel 96 Jul 21 19:17 syslog.conf~previous

-rw-r--r-- 1 root wheel 1316 Oct 2 17:29 ttys

-rw-r--r-- 1 root wheel 1316 Jul 25 18:37 ttys~previous

drwxr-xr-x 5 root wheel 170 Jul 15 2017 wfs

-rw-r--r-- 1 root wheel 0 Oct 2 17:29 xtab

-r--r--r-- 1 root wheel 126 Jul 15 2017 zprofile

-r--r--r-- 1 root wheel 207 Jul 15 2017 zshrc

 

[dsemf]

(This was after I reinstalled MacOS from recovery), does it look normal?
Here is the list:

total 1224

drwxr-xr-x 14 root _lp 476 Jan 16 16:50 cups

With the exception of cups, they should all be root / wheel.

The re-install did not fix the permissions.

I would do 2 things at this point: Run Malwarebytes and create an Entrecheck report. Something created a mess.

DS

 

[BugeyeSTI]

With the exception of cups, they should all be root / wheel.

The re-install did not fix the permissions.

I would do 2 things at this point: Run Malwarebytes and create an Entrecheck report. Something created a mess.

DS

Malwarebytes says system is clean.
Here is the Etrecheck report:
EtreCheck version: 3.4.6 (460)

Report generated 2018-01-16 17:45:13

Download EtreCheck from https://etrecheck.com

Runtime: 2:26

Performance: Excellent



Click the [Lookup] links for more information from Apple Support Communities.

Click the [Details] links for more information about that line.



Problem: Other problem



Hardware Information: ⓘ

iMac (27-inch, Mid 2010)

[Technical Specifications] - [User Guide] - [Warranty & Service]

iMac - model: iMac11,3

1 2.8 GHz Intel Core i5 (i5) CPU: 4-core

32 GB RAM Upgradeable - [Instructions]

BANK 0/DIMM0

8 GB DDR3 1333 MHz ok

BANK 1/DIMM0

8 GB DDR3 1333 MHz ok

BANK 0/DIMM1

8 GB DDR3 1333 MHz ok

BANK 1/DIMM1

8 GB DDR3 1333 MHz ok

Handoff/Airdrop2: not supported

Wireless: en1: 802.11 a/b/g/n

iCloud Quota: 2.19 GB available


Video Information: ⓘ

ATI Radeon HD 5750 - VRAM: 1 GB

iMac 2560 x 1440


Disk Information: ⓘ

ST31000528AS disk0: (1 TB) (Rotational)

[Show SMART report]

EFI (disk0s1 - MS-DOS FAT32) <not mounted> [EFI]: 210 MB

Macintosh HD (disk0s2 - Journaled HFS+) / [Startup]: 999.35 GB (971.39 GB free)

(disk0s3) <not mounted> [Recovery]: 650 MB


PIONEER DVD-RW DVRTS09 ()


USB Information: ⓘ

USB20Bus

hub_device

Apple Internal Memory Card Reader

Apple Inc. BRCM2046 Hub

Apple Inc. Bluetooth USB Host Controller

USB20Bus

hub_device

Apple Computer, Inc. IR Receiver

Apple Inc. Built-in iSight


System Software: ⓘ

macOS High Sierra 10.13.2 (17C205) - Time since boot: less than an hour


Gatekeeper: ⓘ

Mac App Store and identified developers


Kernel Extensions: ⓘ

/Library/Application Support/com.adguard.Adguard/kext

[not loaded] com.adguard.nfext (1.0.4 - SDK 10.11) [Lookup]



System Launch Agents: ⓘ

[not loaded] 9 Apple tasks

[loaded] 183 Apple tasks

[running] 98 Apple tasks


System Launch Daemons: ⓘ

[not loaded] 35 Apple tasks

[loaded] 192 Apple tasks

[running] 104 Apple tasks


Launch Daemons: ⓘ

[loaded] com.apple.installer.osmessagetracing.plist (Apple, Inc. - installed 2017-12-01)

[loaded] com.bombich.ccchelper.plist (Bombich Software, Inc. - installed 2018-01-01) [Lookup]


User Login Items: ⓘ

iTunesHelper Application (Apple, Inc. - installed 2017-12-06)

(/Applications/iTunes.app/Contents/MacOS/iTunesHelper.app)

Flux Application

(/Applications/Flux.app)


Internet Plug-ins: ⓘ

QuickTime Plugin: 7.7.3 (installed 2017-12-01)



Safari Extensions: ⓘ

[enabled] AdBlock - BetaFish, Inc. - https://getadblock.com (installed 2017-11-16)


3rd Party Preference Panes: ⓘ

None


Time Machine: ⓘ

Skip System Files: NO

Mobile backups: OFF

Auto backup: YES

Volumes being backed up:

Macintosh HD: Disk size: 999.35 GB Disk used: 27.95 GB

Destinations:

IMac External [Local]

Total size: 500.01 GB

Total number of backups: 34

Oldest backup: 8/30/17, 6:24 PM

Last backup: 1/16/18, 2:21 PM

Size of backup disk: Adequate

Backup size 500.01 GB > (Disk used 27.95 GB X 3)


Top Processes by CPU: ⓘ

8% mds

6% mdworker

6% mdworker

6% WindowServer

4% kernel_task


Top Processes by Memory: ⓘ

1.16 GB kernel_task

423 MB Safari

188 MB com.apple.WebKit.WebContent

101 MB cfprefsd

84 MB Messages


Top Processes by Network Use: ⓘ

Input Output Process name

36 KB 23 KB com.apple.WebKit.Networking

41 KB 12 KB cloudd

21 KB 9 KB mDNSResponder

18 KB 11 KB apsd

14 KB 3 KB gamed


Top Processes by Energy Use: ⓘ

5.26 WindowServer

0.94 hidd

0.52 Safari

0.48 Messages


Virtual Memory Information: ⓘ

28.69 GB Available RAM

25.74 GB Free RAM

3.31 GB Used RAM

2.95 GB Cached files

0 B Swap Used

 

[dsemf]

I don't see any red flags in the Etrecheck report.

Personally, I would backup, format, install and manually restore data and install new copies of applications.

It sounds really harsh, but leaving the permissions the way they are can facilitate future malware. You could change each of the bad /etc files, but what happens if there are other files with bad permissions in other areas?

DS

 

[BugeyeSTI]

I don't see any red flags in the Etrecheck report.

Personally, I would backup, format, install and manually restore data and install new copies of applications.

It sounds really harsh, but leaving the permissions the way they are can facilitate future malware. You could change each of the bad /etc files, but what happens if there are other files with bad permissions in other areas?

DS

I nuked the hard drive and started from scratch. It was a pain but, everything is fixed now. Thanks for your help!

 

[dsemf]

I nuked the hard drive and started from scratch. It was a pain but, everything is fixed now. Thanks for your help!

Painful, but better in the long term.

DS