Sudoers syntax error

Question

Everytime I run a sudo command, I get the following error message:

/etc/sudoers: syntax error near line 1 <<< sudo: parse error in /etc/sudoers near line 1 sudo: no valid sudoers sources found, quitting sudo: unable to initialize policy plugin

My sudoers file within /etc/ is empty. How do I resolve this issue? I'm on Mac OS High Sierra

Answer 1

Ubuntu 20.04 encounter this error upon "sudo anycommand"

/etc/sudoers.d/sudoers: too many levels of includes near line 29 <<< sudo: parse error in /etc/sudoers.d/sudoers near line 29 sudo: no valid sudoers sources found, quitting sudo: unable to initialize policy plugin

My solution: Though not know how the sudoers file created in /etc/sudoers.d. After reading README in /etc/sudoers.d,

Extract of README

Note that there must be at least one file in the sudoers.d directory (this one will do), and all files in this directory should be mode 0440.

Removed the sudoers in /etc/sudoers.d

pkexec rm /etc/sudoers.d/sudoers

System will prompt for user password.

Can execute sudo command as usual.

Answer 2

You can use pkexec if you are stuck.

pkexec allows you to execute program as another user. If you don't specify a user then the program will be executed as root

1. Root Escalation

pkexec bash

2. Fix your syntax error

visudo

Answer 3

Never open sudoer file with a normal editor. always use visudo

just type

sudo visudo

this will take you to /etc/sudoers and upon saving it will make sure that there is no error in formatting.

if you make an error in sudoer file, you will lose sudo access, so always use visudo

Answer 4

You could try this link to grab some sudoer file examples. Re-create your sudoers file using the visudo command

http://www.softpanorama.org/Access_control/Sudo/sudoer_file_examples.shtml

In case the link breaks, here is a "default" sudoer file that is described on that page:

# Sample /etc/sudoers file.
#
# This file MUST be edited with the 'visudo' command as root.
#
# See the sudoers man page for the details on how to write a sudoers file.
#

##
# User alias specification
##
User_Alias  FULLTIMERS = millert, mikef, dowdy
User_Alias  PARTTIMERS = bostley, jwfox, crawl
User_Alias  WEBMASTERS = will, wendy, wim

##
# Runas alias specification
##
Runas_Alias OP = root, operator
Runas_Alias DB = oracle, sybase

##
# Host alias specification
##
Host_Alias  SPARC = bigtime, eclipse, moet, anchor:\
        SGI = grolsch, dandelion, black:\
        ALPHA = widget, thalamus, foobar:\
        HPPA = boa, nag, python
Host_Alias  CUNETS = 128.138.0.0/255.255.0.0
Host_Alias  CSNETS = 128.138.243.0, 128.138.204.0/24, 128.138.242.0
Host_Alias  SERVERS = master, mail, www, ns
Host_Alias  CDROM = orion, perseus, hercules

##
# Cmnd alias specification
##
Cmnd_Alias  DUMPS = /usr/sbin/dump, /usr/sbin/rdump, /usr/sbin/restore, \
            /usr/sbin/rrestore, /usr/bin/mt
Cmnd_Alias  KILL = /usr/bin/kill
Cmnd_Alias  PRINTING = /usr/sbin/lpc, /usr/bin/lprm
Cmnd_Alias  SHUTDOWN = /usr/sbin/shutdown
Cmnd_Alias  HALT = /usr/sbin/halt
Cmnd_Alias  REBOOT = /usr/sbin/reboot
Cmnd_Alias  SHELLS = /sbin/sh, /usr/bin/sh, /usr/bin/csh, /usr/bin/ksh, \
             /usr/local/bin/tcsh, /usr/bin/rsh, \
             /usr/local/bin/zsh
Cmnd_Alias  SU = /usr/bin/su
Cmnd_Alias  VIPW = /usr/sbin/vipw, /usr/bin/passwd, /usr/bin/chsh, \
               /usr/bin/chfn

##
# Override built-in defaults
##
Defaults               syslog=auth
Defaults>root          !set_logname
Defaults:FULLTIMERS    !lecture
Defaults:millert       !authenticate
Defaults@SERVERS       log_year, logfile=/var/log/sudo.log

##
# User specification
##

# root and users in group wheel can run anything on any machine as any user
root        ALL = (ALL) ALL
%wheel      ALL = (ALL) ALL

# full time sysadmins can run anything on any machine without a password
FULLTIMERS  ALL = NOPASSWD: ALL

# part time sysadmins may run anything but need a password
PARTTIMERS  ALL = ALL

# jack may run anything on machines in CSNETS
jack        CSNETS = ALL

# lisa may run any command on any host in CUNETS (a class B network)
lisa        CUNETS = ALL

# operator may run maintenance commands and anything in /usr/oper/bin/
operator    ALL = DUMPS, KILL, SHUTDOWN, HALT, REBOOT, PRINTING,\
        sudoedit /etc/printcap, /usr/oper/bin/

# joe may su only to operator
joe     ALL = /usr/bin/su operator

# pete may change passwords for anyone but root on the hp snakes
pete        HPPA = /usr/bin/passwd [A-z]*, !/usr/bin/passwd root

# bob may run anything on the sparc and sgi machines as any user
# listed in the Runas_Alias "OP" (ie: root and operator)
bob     SPARC = (OP) ALL : SGI = (OP) ALL

# jim may run anything on machines in the biglab netgroup
jim     +biglab = ALL

# users in the secretaries netgroup need to help manage the printers
# as well as add and remove users
+secretaries    ALL = PRINTING, /usr/bin/adduser, /usr/bin/rmuser

# fred can run commands as oracle or sybase without a password
fred        ALL = (DB) NOPASSWD: ALL

# on the alphas, john may su to anyone but root and flags are not allowed
john        ALPHA = /usr/bin/su [!-]*, !/usr/bin/su *root*

# jen can run anything on all machines except the ones
# in the "SERVERS" Host_Alias
jen     ALL, !SERVERS = ALL

# jill can run any commands in the directory /usr/bin/, except for
# those in the SU and SHELLS aliases.
jill        SERVERS = /usr/bin/, !SU, !SHELLS

# steve can run any command in the directory /usr/local/op_commands/
# as user operator.
steve       CSNETS = (operator) /usr/local/op_commands/

# matt needs to be able to kill things on his workstation when
# they get hung.
matt        valkyrie = KILL

# users in the WEBMASTERS User_Alias (will, wendy, and wim)
# may run any command as user www (which owns the web pages)
# or simply su to www.
WEBMASTERS  www = (www) ALL, (root) /usr/bin/su www

# anyone can mount/unmount a cd-rom on the machines in the CDROM alias
ALL     CDROM = NOPASSWD: /sbin/umount /CDROM,\
        /sbin/mount -o nosuid\,nodev /dev/cd0a /CDROM