sudo: can't open /private/etc/sudoers: Permission denied

Discussion in 'OS X Mountain Lion (10.8)' started by ryannazaretian, Aug 14, 2012.

  1. ryannazaretian, Aug 14, 2012
    Last edited: Aug 14, 2012

    ryannazaretian macrumors 6502a


    Sep 21, 2008
    So this morning I enabled File Sharing and Remote Login in the Sharing preference pane, and now I get this whenever I use sudo:

    It was working all yesterday. I haven't been poking around in the system files at all. I've been using sudo to burn my Raspberry Pi image to an SD card (used it for diskutil to unmount & eject the SD card).

    I'm not sure if the File Sharing or Remote Login causes this or not, so I wouldn't recommend anything just seeing if it works, because I haven't figured out a way to fix it yet, without reinstalling OSX... If someone wants to risk it, then by all means, let me know.

    If someone knows how to fix it, then definitely tell me! It would be MUCH appreciated!

    File Sharing:
    Screen Shot 2012-08-14 at 12.56.05 PM.png

    Remote Login:
    Screen Shot 2012-08-14 at 12.56.17 PM.png

    "sudo" and "visudo" in terminal:
    Screen Shot 2012-08-14 at 12.56.26 PM.png
  2. ryannazaretian thread starter macrumors 6502a


    Sep 21, 2008
    Fixed it already... I managed to find this posted on the Apple Communities:

    Short version:

    Reboot & hold Command + S to boot into Single User Mode. You should reach a terminal with root permissions.

    Then run the following commands:

    /sbin/fsck -fy
    /sbin/mount -wu /
    /bin/chmod 1775 /

    Login, open terminal, and verify that it was fixed.

    I checked by unmounted that SD card I talked about in the previous post:
    Screen Shot 2012-08-14 at 1.09.54 PM.png
  3. ADCMacbeginner macrumors newbie

    May 25, 2013
    I lucked out. Be careful.


    I did something unhelpful, like changing the default editor for visudo as according with somebody's advice on the internet. Then I tried to use:

    sudo visudo -f sudoers

    nano came up as the default editor and when I exited without saving the newly generated, blank version of sudoers, I lost my sudoers.tmp content. No lines no characters. "Permission denied" came up for sudo on one command.

    It did appear that I was able to rechange the .bashrc file and get rid of nano as the default editor for visudo. Then I could just run "edit sudoers.tmp". and cut and paste the correct version of the sudoers what I found on the internet.

    Since the version found on the internet was a bog-standard one, i was able to save it and reboot the Mac.

    It came up with sudo access again.

    I tried it again:

    sudo visudo -f sudoers

    It worked. happy days.

    Although the sudoers.tmp file tells you to use only visudo because it does a syntax check, you can physically edit the file and trust to luck. I AM NOT RECOMMENDING SUCH ACTION. I did it because it was the only way out, like MacGyver trying to save the nation. Some folk advise to reinstall the OS. I don't know about that.

    So, I don't fully understand all of the ins and outs but for Snow Leopard the following is the correct sudoers.tmp basic-issue file:


    # sudoers file.
    # This file MUST be edited with the 'visudo' command as root.
    # Failure to use 'visudo' may result in syntax or file permission errors
    # that prevent sudo from running.
    # See the sudoers man page for the details on how to write a sudoers file.

    # Host alias specification

    # User alias specification

    # Cmnd alias specification

    # Defaults specification
    Defaults env_reset
    Defaults env_keep += "BLOCKSIZE"
    Defaults env_keep += "COLORFGBG COLORTERM"
    Defaults env_keep += "__CF_USER_TEXT_ENCODING"
    Defaults env_keep += "LINES COLUMNS"
    Defaults env_keep += "LSCOLORS"
    Defaults env_keep += "SSH_AUTH_SOCK"
    Defaults env_keep += "TZ"
    Defaults env_keep += "EDITOR VISUAL"
    Defaults env_keep += "HOME MAIL"

    # Runas alias specification

    # User privilege specification
    root ALL=(ALL) ALL
    %admin ALL=(ALL) ALL

    # Uncomment to allow people in group wheel to run all commands
    # %wheel ALL=(ALL) ALL

    # Same thing without a password
    # %wheel ALL=(ALL) NOPASSWD: ALL

    # Samples
    # %users ALL=/sbin/mount /cdrom,/sbin/umount /cdrom
    # %users localhost=/sbin/shutdown -h now

Share This Page