36

When I type a sudo command into the terminal it shows the following error:

sudo: /etc/sudoers is owned by uid 1000, should be 0
sudo: no valid sudoers sources found, quitting
sudo: unable to initialize policy plugin

How do I fix this?

Kevin Bowen
  • 19,395
  • 55
  • 76
  • 81
Rasel Khan
  • 965
  • 6
  • 12
  • 18

5 Answers5

50

Change the owner back to root:

pkexec chown root:root /etc/sudoers /etc/sudoers.d -R

Or use the visudo command to ensure general correctness of the files:

pkexec visudo
αғsнιη
  • 35,092
  • 41
  • 129
  • 192
muru
  • 193,181
  • 53
  • 473
  • 722
  • Im having a problem i have an ec2 instance and I tried your solution and it asks for password. How do I mitigate this? – david Jan 04 '16 at 08:40
  • Well, that sucks; "The program 'pkexec' is currently not installed. You can install it by typing: sudo apt-get install policykit-1" – Koen. May 16 '16 at 21:41
  • @Koen. It is installed by default on Ubuntu (unless you're talking a server or minimal installation, perhaps). – muru May 16 '16 at 21:52
  • Indeed a server installation, but I fixed it by booting in single user mode. – Koen. May 16 '16 at 22:22
  • Just came here to say this saved me big time! – Vigs Jun 05 '18 at 04:10
  • Thank you thank you! I did not know about pkexec, but it saved me a lot of trouble. – keda Jul 25 '18 at 17:08
  • According to the default rules, `pkexec` works as long as your current user is a member of the `sudo` user group. – Weijun Zhou Feb 15 '19 at 10:34
  • The pkexec commands suggested did not work for me while I was initially trying to fix the problem. After fixing it from a root shell in recovery mode, I subsequently tried it and a GUI window popped up asking for my password and it did work so YMMV. – bvargo Dec 01 '21 at 02:55
  • 3
    I get this error: `Error executing command as another user: Not authorized` – étale-cohomology Mar 15 '22 at 21:00
1

Another option, in the case that one doesn't have the password for root or ubuntu users. I've fat-fingered ownership (more times than I want to admit) and ending up doing this:

sudo chown -R owner:group /

instead of this:

sudo chown -R owner:group .

This has almost always been in the context of a Vagrant-managed VirtualBox VM running Ubuntu headless, so YMMV. I'd never had a good fix until now, but this seems to do the trick easyishly.

Repair

  • Create or edit /etc/rc.local
    • NOTE Do this as vagrant user without trying to set permissions to root.
  • For this task, /etc/rc.local should look like this:
#!/bin/sh -e
#
# rc.local
#
# This script is executed at the end of each multiuser runlevel.
# Make sure that the script will "exit 0" on success or any other
# value on error.
#
# In order to enable or disable this script just change the execution
# bits.
#
# By default this script does nothing.

chown -R root:root /etc/sudoers.d
chown root:root /etc/sudoers
chmod 440 /etc/sudoers

exit 0
  • Disconnect from SSH
  • Open VirtualBox Manager
  • Right-click VM in question
  • Select 'Close'=>'ACPI Shutdown'
  • Start the VM from the VirtualBox Manager by right-clicking the VM entry then selecting 'Start'=>'Normal Start'
  • SSH into VM
  • Use your now-restored sudo set permissions for children of / back to root:root

After the fix is in place the commands in /etc/rc.local can be removed.

AreDubya
  • 163
  • 1
  • 7
  • 1
    I have no idea how this could work when sudo does not work—see title of post!! You can't sudo chown anything and you cannot edit /etc/rc.local without sudo working. – bvargo Dec 01 '21 at 02:27
1

to recover from

sudo chown myuser:myuser /etc/sudoers 
chmod u+w /etc/sudoers
chmod u-w /etc/sudoers
sudo chown root:root /etc/sudoers

The last of which results in the "sudo: /etc/sudoers is owned by uid 1000, should be 0", etc. errors. I tried to su - sudo which I've seen suggested but I don't think the root password was ever set so that did not work.¹

To fix this issue, I rebooted, dropped into a root shell and²

chown root:root /etc/sudoers
passwd root #for good measure, e.g., so su - root would work in the future!

Rebooted, voila.

NB: The pkexec commands suggested did not work for me while I was initially trying to fix the problem. After it was fixed via the recovery mode root shell, I subsequently tried it and a GUI window popped up asking for my password and it did work so YMMV.

¹ After fixing the problem, I repeated the steps and was able to recover with²

su - root
chown root:root /etc/sudoers

² The list of commands Rohlt suggests were unnecessary in my case but they might apply in other cases.

bvargo
  • 475
  • 1
  • 4
  • 16
0

if you have set and have the root password, first run the following command

$ su - root

it will ask for the root password and then run following commands one by one

chown root:root /etc/sudoers 
chmod 440 /etc/sudoers
chown -R root:root /etc/sudoers.d
chmod  755 /etc/sudoers.d 
chmod  440 /etc/sudoers.d/*
bvargo
  • 475
  • 1
  • 4
  • 16
Rohit
  • 11
  • 2
    On Ubuntu, root account is typically disabled, so this approach will not work. However, `pkexec` should work, if the only damage is to `sudo`'s config. – vidarlo Feb 29 '20 at 08:05
  • This method works just fine if you've set and have the root password. That said the command is wrong, it should be su - root not su -root. – bvargo Dec 01 '21 at 02:35
0

In my case, I was running Windows Subsystem for Linux(WSL2). I had created a folder using VSCode(running in windows) and opened it for creating more files in it.

After closing VSCode(which kept running in background), I tried deleting the created folder from WSL2 terminal and got the above error.

The solution was to terminate instance of VSCode fully(or restart system) as it was keeping the folder opened.

Abhishek Shakya
  • 1