Sudo doesn't work: "/etc/sudoers is owned by uid 1000, should be 0"
Solution 1
Change the owner back to root:
pkexec chown root:root /etc/sudoers /etc/sudoers.d -R
Or use the visudo
command to ensure general correctness of the files:
pkexec visudo
Solution 2
Another option, in the case that one doesn't have the password for root
or ubuntu
users. I've fat-fingered ownership (more times than I want to admit) and ending up doing this:
sudo chown -R owner:group /
instead of this:
sudo chown -R owner:group .
This has almost always been in the context of a Vagrant-managed VirtualBox VM running Ubuntu headless, so YMMV. I'd never had a good fix until now, but this seems to do the trick easyishly.
Repair
- Create or edit /etc/rc.local
- NOTE Do this as vagrant user without trying to set permissions to root.
- For this task, /etc/rc.local should look like this:
#!/bin/sh -e
#
# rc.local
#
# This script is executed at the end of each multiuser runlevel.
# Make sure that the script will "exit 0" on success or any other
# value on error.
#
# In order to enable or disable this script just change the execution
# bits.
#
# By default this script does nothing.
chown -R root:root /etc/sudoers.d
chown root:root /etc/sudoers
chmod 440 /etc/sudoers
exit 0
- Disconnect from SSH
- Open VirtualBox Manager
- Right-click VM in question
- Select 'Close'=>'ACPI Shutdown'
- Start the VM from the VirtualBox Manager by right-clicking the VM entry then selecting 'Start'=>'Normal Start'
- SSH into VM
- Use your now-restored sudo set permissions for children of / back to root:root
After the fix is in place the commands in /etc/rc.local can be removed.
Solution 3
to recover from
sudo chown myuser:myuser /etc/sudoers
chmod u+w /etc/sudoers
chmod u-w /etc/sudoers
sudo chown root:root /etc/sudoers
The last of which results in the "sudo: /etc/sudoers is owned by uid 1000, should be 0", etc. errors. I tried to su - sudo which I've seen suggested but I don't think the root password was ever set so that did not work.¹
To fix this issue, I rebooted, dropped into a root shell and²
chown root:root /etc/sudoers
passwd root #for good measure, e.g., so su - root would work in the future!
Rebooted, voila.
NB: The pkexec commands suggested did not work for me while I was initially trying to fix the problem. After it was fixed via the recovery mode root shell, I subsequently tried it and a GUI window popped up asking for my password and it did work so YMMV.
¹ After fixing the problem, I repeated the steps and was able to recover with²
su - root
chown root:root /etc/sudoers
² The list of commands Rohlt suggests were unnecessary in my case but they might apply in other cases.
Related videos on Youtube
Rasel Khan
Updated on September 18, 2022Comments
-
Rasel Khan over 1 year
When I type a sudo command into the terminal it shows the following error:
sudo: /etc/sudoers is owned by uid 1000, should be 0 sudo: no valid sudoers sources found, quitting sudo: unable to initialize policy plugin
How do I fix this?
-
david over 8 yearsIm having a problem i have an ec2 instance and I tried your solution and it asks for password. How do I mitigate this?
-
Serkan KOCAMAN about 8 yearsIndeed a server installation, but I fixed it by booting in single user mode.
-
Vigs almost 6 yearsJust came here to say this saved me big time!
-
keda almost 6 yearsThank you thank you! I did not know about pkexec, but it saved me a lot of trouble.
-
Weijun Zhou over 5 yearsAccording to the default rules,
pkexec
works as long as your current user is a member of thesudo
user group. -
vidarlo about 4 yearsOn Ubuntu, root account is typically disabled, so this approach will not work. However,
pkexec
should work, if the only damage is tosudo
's config. -
bvargo over 2 yearsI have no idea how this could work when sudo does not work—see title of post!! You can't sudo chown anything and you cannot edit /etc/rc.local without sudo working.
-
bvargo over 2 yearsThis method works just fine if you've set and have the root password. That said the command is wrong, it should be su - root not su -root.
-
bvargo over 2 yearsThe pkexec commands suggested did not work for me while I was initially trying to fix the problem. After fixing it from a root shell in recovery mode, I subsequently tried it and a GUI window popped up asking for my password and it did work so YMMV.
-
étale-cohomology about 2 yearsI get this error:
Error executing command as another user: Not authorized