Broke my /etc/sudoers file on amazon EC2
I edited my Linux Amazon EC2 instance using vim /etc/sudoers and tried adding another account to the list. I realize now that this was a terrible mistake. I can no longer sudo from any account (which means I cannot edit the file again) and I do not have the root account password. Is there anything I can do to correct this?
Thanks.
Hopefully you are using an EBS root volume. If so, the solution is not too difficult.
Essentially, you attach the EBS volume to another instance make the changes, and reattach it to the original instance:
- Stop (don't terminate) the original instance
- Detach the EBS volume
- Launch another instance
- Attach your current EBS volume to the new instance
- SSH into the new instance, mount the EBS volume and make the needed changes
- Unmount the EBS volume (e.g.
umount -d /dev/xvdh
orumount -d /dev/sdh
) - Detach the EBS volume from new instance and attach it as the root volume (e.g.
/dev/sda1
) of the old instance - Start the old instance
- If everything is working, terminate the new instance
The reason this works, is that on the fresh, new instance, you have the proper permissions - its root volume is intact - which makes the sudoers file from your original instance just another file you can edit.
If you have an instance-store root volume, unfortunately, you probably won't be able to fix the problem, and will have to revert to an AMI you have made previously as a backup.
It depends whether it's an AMI or EBS root device.
If it's an AMI and you don't have the root password, and the AMI doesn't configure root SSH access, then there's nothing you can do.
If it's an EBS root you can terminate it and attach the volume to a different instance (as an additional disk, not the root). You can then either access the data, or correct the sudoers file and launch a new instance using the volume.