sudo: can't open /private/etc/sudoers: Permission denied

ryannazaretian

macrumors 6502a
Original poster
Sep 21, 2008
649
4
Mississippi
So this morning I enabled File Sharing and Remote Login in the Sharing preference pane, and now I get this whenever I use sudo:

Ryans-MacBook-Pro:~ ryannazaretian$ sudo
sudo: can't open /private/etc/sudoers: Permission denied
sudo: no valid sudoers sources found, quitting
Ryans-MacBook-Pro:~ ryannazaretian$ visudo
visudo: /private/etc/sudoers: Permission denied
visudo: /private/etc/sudoers: Permission denied
It was working all yesterday. I haven't been poking around in the system files at all. I've been using sudo to burn my Raspberry Pi image to an SD card (used it for diskutil to unmount & eject the SD card).

I'm not sure if the File Sharing or Remote Login causes this or not, so I wouldn't recommend anything just seeing if it works, because I haven't figured out a way to fix it yet, without reinstalling OSX... If someone wants to risk it, then by all means, let me know.

If someone knows how to fix it, then definitely tell me! It would be MUCH appreciated!

File Sharing:
Screen Shot 2012-08-14 at 12.56.05 PM.png

Remote Login:
Screen Shot 2012-08-14 at 12.56.17 PM.png

"sudo" and "visudo" in terminal:
Screen Shot 2012-08-14 at 12.56.26 PM.png
 
Last edited:

ryannazaretian

macrumors 6502a
Original poster
Sep 21, 2008
649
4
Mississippi
Fixed it already... I managed to find this posted on the Apple Communities:

https://discussions.apple.com/message/6769777#6769777

Short version:

Reboot & hold Command + S to boot into Single User Mode. You should reach a terminal with root permissions.

Then run the following commands:

/sbin/fsck -fy
/sbin/mount -wu /
/bin/chmod 1775 /
/bin/sync
exit

Login, open terminal, and verify that it was fixed.

I checked by unmounted that SD card I talked about in the previous post:
Screen Shot 2012-08-14 at 1.09.54 PM.png
 

ADCMacbeginner

macrumors newbie
May 25, 2013
1
0
I lucked out. Be careful.

THIS IS A CAUTIONARY TALE:

I did something unhelpful, like changing the default editor for visudo as according with somebody's advice on the internet. Then I tried to use:

sudo visudo -f sudoers

nano came up as the default editor and when I exited without saving the newly generated, blank version of sudoers, I lost my sudoers.tmp content. No lines no characters. "Permission denied" came up for sudo on one command.

It did appear that I was able to rechange the .bashrc file and get rid of nano as the default editor for visudo. Then I could just run "edit sudoers.tmp". and cut and paste the correct version of the sudoers what I found on the internet.

Since the version found on the internet was a bog-standard one, i was able to save it and reboot the Mac.

It came up with sudo access again.

I tried it again:

sudo visudo -f sudoers

It worked. happy days.

Although the sudoers.tmp file tells you to use only visudo because it does a syntax check, you can physically edit the file and trust to luck. I AM NOT RECOMMENDING SUCH ACTION. I did it because it was the only way out, like MacGyver trying to save the nation. Some folk advise to reinstall the OS. I don't know about that.

So, I don't fully understand all of the ins and outs but for Snow Leopard the following is the correct sudoers.tmp basic-issue file:

:p


# sudoers file.
#
# This file MUST be edited with the 'visudo' command as root.
# Failure to use 'visudo' may result in syntax or file permission errors
# that prevent sudo from running.
#
# See the sudoers man page for the details on how to write a sudoers file.
#


# Host alias specification


# User alias specification


# Cmnd alias specification


# Defaults specification
Defaults env_reset
Defaults env_keep += "BLOCKSIZE"
Defaults env_keep += "COLORFGBG COLORTERM"
Defaults env_keep += "__CF_USER_TEXT_ENCODING"
Defaults env_keep += "CHARSET LANG LANGUAGE LC_ALL LC_COLLATE LC_CTYPE"
Defaults env_keep += "LC_MESSAGES LC_MONETARY LC_NUMERIC LC_TIME"
Defaults env_keep += "LINES COLUMNS"
Defaults env_keep += "LSCOLORS"
Defaults env_keep += "SSH_AUTH_SOCK"
Defaults env_keep += "TZ"
Defaults env_keep += "DISPLAY XAUTHORIZATION XAUTHORITY"
Defaults env_keep += "EDITOR VISUAL"
Defaults env_keep += "HOME MAIL"


# Runas alias specification


# User privilege specification
root ALL=(ALL) ALL
%admin ALL=(ALL) ALL


# Uncomment to allow people in group wheel to run all commands
# %wheel ALL=(ALL) ALL


# Same thing without a password
# %wheel ALL=(ALL) NOPASSWD: ALL


# Samples
# %users ALL=/sbin/mount /cdrom,/sbin/umount /cdrom
# %users localhost=/sbin/shutdown -h now