Cannot do sudo: "/etc/sudoers is mode 0740, should be 0440"

macos sudo administration

I have a problem:

I don't have a root password on my mac. I just have an Admin account, which can do stuff using sudo. Now, I wanted to add my normal user to the /etc/sudoers file as well. Since it did not let me write to that file (even writing using sudo), I did this:

sudo chmod u+w /etc/sudoers

That worked. But since then I can't do any sudo command anymore on my system. It complains that /etc/sudoers has the wrong mode:

$ sudo touch /etc/sudoers 
sudo: /etc/sudoers is mode 0740, should be 0440
Segmentation fault

It sounds like a bad joke, because now I can't even change the mode back to 0440:

$ sudo chmod 0440 /etc/sudoers 
sudo: /etc/sudoers is mode 0740, should be 0440
Segmentation fault

Is there any way to fix this situation? I need to get my sudo abilities back.


Solution 1:

This may be one of the rare cases where running "Repair Disk Permissions" from Disk Utility might actually be warranted.

If that doesn't work, follow @slhck's suggestion of booting into single user mode to fix it:

  1. Reboot, holding down Command-S to enter single user mode. Note that if you're using a Bluetooth keyboard, you need to hit this as the boot chime is trailing off. If you hit it too soon, it's before the Bluetooth radio gets reset and the keyboard loses connection and doesn't communicate the keypress. If you hit it too late, the boot process will have moved on to multi-user boot.

  2. Follow the instructions on-screen to remount your root drive read-write. You can probably skip the fsck step if you rebooted gracefully. So you can probably just type:

    mount -uw /

  3. Fix the permissions on /etc/sudoers. Note that you're already root when you're in single user mode, so you don't need to sudo this.

    chmod 0440 /etc/sudoers

  4. Exit single user mode by rebooting again, by simply typing:

    reboot

Solution 2:

Another approach is using Automator.app

Create a new workflow that contains something like the following:

do shell script "chmod 0440 /etc/sudoers" with administrator privileges

When you run it, it'll ask for your password and (presuming you're an administrator) it'll fix it.

This also works if you've messed up the permissions on a parent directory (eg making / something other than 755).

Related

How to add a "metro" looking tile for a desktop application?
Is there a way to get Windows 7 to index shared network drives?
Can Excel use formula-input data for cell references?
How to automatically restart MySQL and MongoDB when being unresponsive?
Install Google Chrome to AppData\Local\Google\Chrome\Application
Rules for adding/upgrading RAM
Windows 7 Update Failure 800B0100
Deleting folders give access denied error message on Windows 7, although I am administrator
A command to copy the access time of files on macOS 11.6 Big Sur
How to type em-dash with a croatian keyboard layout?
Does using a lower wattage power adapter for a MacBook increase its battery health?
iPhone 6s Plus does not offer iOS updates