How do I fix an invalid /etc/sudoers file if root access is disabled?

sudo root raspberry-pi sudoers raspbmc
17,942

Solution 1

You should still be able to boot up the Pi in Single User mode to get access to root.

Using another computer, modify cmdline.txt and add single to the end of the line
Then when you boot up the Pi from the SD card, it should automatically dump you to a root prompt which well allow you to update /etc/sudoers

Solution 2

After two days of research and browsing the web I have finally found a solution and been able to save my own Raspberry Pi system (not having to reformat the SD card and start from scratch)!

NOTE: This answer is pretty long. If you want to get to the actual solution quickly, I've added a header that you can scroll down to. I do recommend you read the whole answer though, as it may bring some insight into the differences between the Raspbian distribution and other Linux distributions as well as clarity to why a lot of the suggested solutions you find across the internet may not work on your Pi.

So normally, in a Linux environment, the quickest way to repair the broken sudo without even having to reboot is by using PolicyKit or the pkexec -command like this:

pkexec visudo

But on the Pi it most likely won't work, it will ask for the root password, but no password is accepted. (I mean, do you even remember setting a root password? Wait, you do? Then skip to the asterisk*.)

Some Linux distributions, for example Ubuntu, come with a recovery mode that can be accessed by holding down the shift-key during bootup and offers a user-friendly interface and allows one to be dropped into a root shell prompt where one could get access to fix the broken files. The Pi's Raspbian Linux distribution does not come with that kind of a recovery mode so that solution is not a solution for us. Yet the Pi does prompt you at bootup to hold down the shift-key to enter some kind of recovery mode and by entering the Pi's recovery mode or the NOOBS dialog we are surely on the right path towards repairing the broken sudo on our Pi.

Another common way of repairing sudo is by booting into single-user mode which gets you to a root shell prompt. The way you do this is by adding the word single to the end of the cmdline.txt -file on the system's boot partition. The next time your system boots up it will boot into single-user mode.

We can easily try this solution on our Pi because, conviniently, the Pi's recovery mode or the NOOBS dialog allows us to edit the cmdline.txt -file. In the recovery mode or the NOOBS dialog, by pressing the "Edit config" -icon you open up an editor that lets you edit two files, one of which is cmdline.txt. By pressing "OK" in the editor your changes are saved.

Unfortunately, when you boot into single-user mode or "rescue mode" on the Pi, you'll most likely get the following message:

Cannot open access to console, the root account is locked.
See sulogin(8) man page for more details.

Press Enter to continue.

This – as well as why the previously mentioned root password prompt didn't accept any passwords – is because Raspbian, by default, has no password set for the root account. This is not to be confused with a password that is nothing or that no password would be required. Raspbian, just like a handful of other Linux distributions (for example Debian which Raspbian is a derivate of), expects the user to operate as root through sudo and not through the account itself. Hence the root account is in the "lockdown" state that we are experiencing.

*If you set the root password yourself, for example through the command sudo passwd root, then you should be able to use the pkexec -command and boot into single-user mode. Note that when you do this, you need to use sudo, so this is obviously not a solution once sudo is broken, but I point this out because this is probably why some people found success in fixing their Pi's when applying the solutions suggesting the pkexec -command or single-user mode. These people had at some point gone and manually set a root password, unlocking their system's root account.

The Solution

This blog post explains how to do what we need to do. The steps are almost identical to the steps we took when trying to repair sudo through single-user mode. You don’t have to do all the cumbersome stuff the blog post mentions in order to edit the cmdline.txt -file, instead just do it in the NOOBS dialog. The key is to add init=/bin/sh to the end of the cmdline.txt -file. With that snippet added, the next time you boot up your Pi, you will be dropped into a root shell prompt.

Initially, the file system will be loaded in read-only mode, so before being able to edit anything, you’ll have to remount the root partition in read and write mode by executing the following command:

mount -o remount,rw /dev/mmcblk0p2 /

Now you should be in a root shell prompt, where you can freely edit any file, including the broken sudo files.

Share:
17,942

Related videos on Youtube

3cheesewheel
Author by

3cheesewheel

Updated on September 18, 2022

Comments

  • 3cheesewheel
    3cheesewheel over 1 year

    This pertains to my Raspberry Pi, on which I have Raspbmc installed. I do realize that there is a Raspberry Pi StackExchange site, but I figured I might get more eyes on this problem here.

    The issue is that I modified /etc/sudoers in an attempt to grant NOPASSWD permissions to one of the users, but I guess somewhere along the way I borked up the file and now I'm getting the following error whenever I login/attempt to use sudo:

    sudo: parse error in /etc/sudoers near line 19
sudo: no valid sudoers sources found, quitting
sudo: unable to initialize policy plugin

    I've found similar posts on Ubuntu as well as StackOverflow, but the problem is all the answers require a root password, and the root account is disabled by default on Raspbmc, and I obviously had not enabled it before attempting to change /etc/sudoers.

    So my question is: how do I fix the file if I don't have root access enabled? Is it even possible?

    • slhck
      slhck over 10 years
      Don't forget to use visudo next time for editing.
  • 3cheesewheel
    3cheesewheel over 10 years
    Unfortunately I need root access to be able to modify /boot/cmdline.txt :(
  • Lawrence
    Lawrence over 10 years
    Hence using another computer
  • VL-80
    VL-80 over 10 years
    Raspberry Pi's hard drive is just SD card, so it is possible to plug it in via card reader to another computer and make all changes there without booting Pi in single mode.
  • Lawrence
    Lawrence over 10 years
    @Nikolay Assuming the OP has another computer with Linux installed or has a Live Distro handy of course.
  • user1686
    user1686 over 10 years
    (Or Windows/OSX with VirtualBox; the "USB sharing" feature works well.) Though, single also asks for root password, so while it does allow logins to a locked or expired root account, it may still refuse access on occassion, so editing /etc/sudoers directly from the live system would be a bit easier and quicker.
  • 3cheesewheel
    3cheesewheel over 10 years
    My mistake, I somehow interpreted that as "using another computer" to SSH in, rather than inserting the SD card into another computer and modifying the file there. Thanks very much! :)
  • 3cheesewheel
    3cheesewheel over 10 years
    I tried this; I was able to modify cmdline.txt but that didn't automatically boot to a root prompt. I tried holding the Shift key and Esc key while booting, but neither of those keys worked either (and they were the only two keys I could find from googling that would help boot into a prompt). Did anyone have success with this answer?
  • Lawrence
    Lawrence over 10 years
    Are you using RaspBMC with NOOBS or using raw RaspBMC ?

Recents

Why Is PNG file with Drop Shadow in Flutter Web App Grainy?
How to troubleshoot crashes detected by Google Play Store for Flutter app
Cupertino DateTime picker interfering with scroll behaviour
Why does awk -F work for most letters, but not for the letter "t"?
Flutter change focus color and icon color but not works
How to print and connect to printer using flutter desktop via usb?
Critical issues have been reported with the following SDK versions: com.google.android.gms:play-services-safetynet:17.0.0
Flutter Dart - get localized country name from country code
navigatorState is null when using pushNamed Navigation onGenerateRoutes of GetMaterialPage
Android Sdk manager not found- Flutter doctor error
Flutter Laravel Push Notification without using any third party like(firebase,onesignal..etc)
How to change the color of ElevatedButton when entering text in TextField

Related

Arch Linux sudo: command not found
How to avoid "root is not allowed to run sudo"?
sudo command trying to search for hostname
Open file or application as root from GUI
How to run sudo command as root?
How to execute os.* methods as root?
Regex in Sudoers File?
Is the "--no-scripts" option enough to account for the security concerns about running composer as root?
how to make non root user as sudo user in docker alpine image?
Allow bash script to be run as root, but not sudo