Sudoers file corrupt?

[davvanc]

EtraCheck has produced a red line showing the results below:
/etc/sudoers, File size 2235 but expected 1563
I have looked at the content and there is nothing suspicious in that file, but the size is wrong.
Using the editor (forgot the name now, was it VI?) for those kind of files is beyond me. Is there any way to get a new file with the correct size, other than a clean install?

 

[MacUser2525]

EtraCheck has produced a red line showing the results below:
/etc/sudoers, File size 2235 but expected 1563
I have looked at the content and there is nothing suspicious in that file, but the size is wrong.
Using the editor (forgot the name now, was it VI?) for those kind of files is beyond me. Is there any way to get a new file with the correct size, other than a clean install?

The program would have been visudo which locks the file during editing to prevent problems if another user tries to edit at same time and as always if it is not broke do not fix it. In other words if you have no problems using sudo on the command line ignore that warning. Now you can always do a fresh install and import all your settings again but if doing so I would suggest the first thing you do is run that third party program again to confirm, if it says the same then it is useless for that checking.

 

[davvanc]

The program would have been visudo which locks the file during editing to prevent problems if another user tries to edit at same time and as always if it is not broke do not fix it. In other words if you have no problems using sudo on the command line ignore that warning. Now you can always do a fresh install and import all your settings again but if doing so I would suggest the first thing you do is run that third party program again to confirm, if it says the same then it is useless for that checking.

Thanks for the well-thoughtout reply. I did do a clean install but then let the install program import all my data and settings from another disk, an El Capitan install with that over-sized "sudoers" file, which resulted in the use of that file in the new Sierra install. As far as I can tell, there is no problem running "sudo" from the command line and, as you suggested, it may well be OK just to ignore that warning from EtraCheck.

 

[fivenotrump]

EtraCheck has produced a red line showing the results below:
/etc/sudoers, File size 2235 but expected 1563
I have looked at the content and there is nothing suspicious in that file, but the size is wrong.
Using the editor (forgot the name now, was it VI?) for those kind of files is beyond me. Is there any way to get a new file with the correct size, other than a clean install?

There should be a clean version of the sudoers file at /etc/sudoers~orig : copy this to /etc/sudoers .

If you need to make local changes, for example changing the timeout, edit /etc/sudoers using visudo to delete the comment marker '#' on the bottom line
#includedir /private/etc/sudoers.d
so that it becomes
includedir /private/etc/sudoers.d

Now put your local changes into a file in this directory, for example /etc/sudoers.d/timeout might contain
Defaults timestamp_timeout = 30

 

[davvanc]

There should be a clean version of the sudoers file at /etc/sudoers~orig : copy this to /etc/sudoers .

Thanks so much! That did it, deleted the bad one, copied the old "~org" file without the "~org" and rebooted.
Now EtraCheck doesn't show that red line!
Thanks again.

 

[KALLT]

Just to clarify: sudoers is one of those configuration files that the system installer does not overwrite upon updating the system. This is completely normal. Instead, a copy of the newer version is left in the same directory, with `~orig` appended to the file name. You can choose to swap them if you want to, but it is not required.

What EtreCheck does is compare the file size of the sudoers file to its standard size. It cannot distinguish between an outdated, but genuine, and a compromised file.