Need to fix permissions of sudoers file in High Sierra?

[David Mansfield]

I was trying to uninstall some old software using Terminal and got this message:

sudo: no valid sudoers sources found, quitting
sudo: unable to initialize policy plugin
Uninstallation stopped.

I did a little research and found it likely that the permissions on my sudoers file are set wrong. I opened up the /etc folder and looked at the sudoers file with "Get Info", and admin, system, wheel, and everyone are all set to "Read & Write". What should they be, and what is the safe way to set them? Are there other related files that will need their permissions fixed? I'm not a Unix guy and don't want to brick my Mac Pro!

By the way, I started down this rabbit hole when I discovered I couldn't save my File Sharing preferences, in either of two administrator accounts, even after going through the standard advice for fixing permissions and rebuilding the systemprefs plist.

 

[David Mansfield]

A little more info:

In Terminal I did sudo syscheck, and it returned:
sudo: /etc/sudoers is world writable
sudo: no valid sudoers sources found, quitting
sudo: unable to initialize policy plugin

Then I did ls -l /etc/sudoers to see what the permissions are, and got:
-rwxrwxrwx+ 1 root wheel 1275 Sep 9 2014 /etc/sudoers

I'm just googling, and don't really know what I'm doing, so I'm not going to change the sudoers file until I get some reliable help, but the problem is getting clearer, and I imagine there is a fix.

 

[Brian33]

Yeah, you definitely don't want /etc/sudoers to be writable by everyone! I'd be super careful about any changes to that file. My High Sierra systems show these permissions:

-r--r----- 1 root wheel 2299 Aug 1 2015 /etc/sudoers

That is, the owner (root) and the group (wheel) have (r)ead permission and nothing else.

Really, you should read up on and understand the 'chmod' command. Really, I hesitate to help, in case I tell you to do something wrong! I think this should do the trick, but don't blame me if if goes wrong! Test it on a dummy file first!

chmod ug=r,o= /etc/sudoers

That should set the (u)ser and (g)roup permisions to (r)ead, and clear all permissions for (o)thers.

Since your sudoers file is writable by everyone, I don't think you even have to preface the chmod command with 'sudo'. If you do need to, can you even use the 'sudo' command successfully? If not you might have to boot from an external disk in order to change the permissions on the sudoers file.

man sudoers says the following:
"The sudoers file should always be edited by the visudo command which locks the file and does grammatical checking. It is imperative that the sudoers file be free of syntax errors since sudo will not run with a syntactically incorrect sudoers file."

Hope that helps.

 

[Brian33]

I should probably have first asked how you got your sudoers file in such a state... ?

 

[David Mansfield]

Someone else gave me some advice and I ran the visudo command on it, and visudo corrected the permissions. They are now:

-r--r-----+ 1 root wheel 1275 Mar 23 16:565 /etc/sudoers

I still have other unsolved problems-- I can't save my System Preferences-- but my sudoers file is back in shape. Thanks.