38

When I type a sudo command into the terminal it shows the following error:

sudo: /etc/sudoers is owned by uid 1000, should be 0
sudo: no valid sudoers sources found, quitting
sudo: unable to initialize policy plugin

How do I fix this?

Kevin Bowen
  • 19,615
  • 55
  • 79
  • 83
Rasel Khan
  • 985

6 Answers6

53

Change the owner back to root:

pkexec chown root:root /etc/sudoers /etc/sudoers.d -R

Or use the visudo command to ensure general correctness of the files:

pkexec visudo
αғsнιη
  • 35,660
muru
  • 197,895
  • 55
  • 485
  • 740
  • Im having a problem i have an ec2 instance and I tried your solution and it asks for password. How do I mitigate this? – david Jan 04 '16 at 08:40
  • Well, that sucks; "The program 'pkexec' is currently not installed. You can install it by typing: sudo apt-get install policykit-1" – Koen. May 16 '16 at 21:41
  • @Koen. It is installed by default on Ubuntu (unless you're talking a server or minimal installation, perhaps). – muru May 16 '16 at 21:52
  • Indeed a server installation, but I fixed it by booting in single user mode. – Koen. May 16 '16 at 22:22
  • Just came here to say this saved me big time! – Vigs Jun 05 '18 at 04:10
  • Thank you thank you! I did not know about pkexec, but it saved me a lot of trouble. – keda Jul 25 '18 at 17:08
  • According to the default rules, pkexec works as long as your current user is a member of the sudo user group. – Weijun Zhou Feb 15 '19 at 10:34
  • The pkexec commands suggested did not work for me while I was initially trying to fix the problem. After fixing it from a root shell in recovery mode, I subsequently tried it and a GUI window popped up asking for my password and it did work so YMMV. – bvargo Dec 01 '21 at 02:55
  • 4
    I get this error: Error executing command as another user: Not authorized – étale-cohomology Mar 15 '22 at 21:00
  • If you are in WSL and cannot get to a root user, you can drop out to windows and then run wsl -u root to start WSL as root/ From there you can then reset the broken permissions – alastairtree Nov 23 '23 at 17:09
  • If the root password has not been set/reset , then you can do it with

    user@host:$sudo passwd root

    otherwise if it has already been set do

    user@host:$su -c

    enter root password - then

    user@host:$pkexec chown root:root /etc/sudoers /etc/sudoers.d -R

     – CRTLBREAK Mar 15 '24 at 20:32
1

Another option, in the case that one doesn't have the password for root or ubuntu users. I've fat-fingered ownership (more times than I want to admit) and ending up doing this:

sudo chown -R owner:group /

instead of this:

sudo chown -R owner:group .

This has almost always been in the context of a Vagrant-managed VirtualBox VM running Ubuntu headless, so YMMV. I'd never had a good fix until now, but this seems to do the trick easyishly.

Repair

  • Create or edit /etc/rc.local
    • NOTE Do this as vagrant user without trying to set permissions to root.
  • For this task, /etc/rc.local should look like this:
#!/bin/sh -e
#
# rc.local
#
# This script is executed at the end of each multiuser runlevel.
# Make sure that the script will "exit 0" on success or any other
# value on error.
#
# In order to enable or disable this script just change the execution
# bits.
#
# By default this script does nothing.

chown -R root:root /etc/sudoers.d
chown root:root /etc/sudoers
chmod 440 /etc/sudoers


exit 0
  • Disconnect from SSH
  • Open VirtualBox Manager
  • Right-click VM in question
  • Select 'Close'=>'ACPI Shutdown'
  • Start the VM from the VirtualBox Manager by right-clicking the VM entry then selecting 'Start'=>'Normal Start'
  • SSH into VM
  • Use your now-restored sudo set permissions for children of / back to root:root

After the fix is in place the commands in /etc/rc.local can be removed.

AreDubya
  • 163
  • 1
    I have no idea how this could work when sudo does not work—see title of post!! You can't sudo chown anything and you cannot edit /etc/rc.local without sudo working. – bvargo Dec 01 '21 at 02:27
1

to recover from

sudo chown myuser:myuser /etc/sudoers 
chmod u+w /etc/sudoers
chmod u-w /etc/sudoers
sudo chown root:root /etc/sudoers

The last of which results in the "sudo: /etc/sudoers is owned by uid 1000, should be 0", etc. errors. I tried to su - sudo which I've seen suggested but I don't think the root password was ever set so that did not work.¹

To fix this issue, I rebooted, dropped into a root shell and²

chown root:root /etc/sudoers
passwd root #for good measure, e.g., so su - root would work in the future!

Rebooted, voila.

NB: The pkexec commands suggested did not work for me while I was initially trying to fix the problem. After it was fixed via the recovery mode root shell, I subsequently tried it and a GUI window popped up asking for my password and it did work so YMMV.

¹ After fixing the problem, I repeated the steps and was able to recover with²

su - root
chown root:root /etc/sudoers

² The list of commands Rohlt suggests were unnecessary in my case but they might apply in other cases.

bvargo
  • 557
0

if you have set and have the root password, first run the following command

$ su - root

it will ask for the root password and then run following commands one by one

chown root:root /etc/sudoers 
chmod 440 /etc/sudoers
chown -R root:root /etc/sudoers.d
chmod  755 /etc/sudoers.d 
chmod  440 /etc/sudoers.d/*
bvargo
  • 557
Rohit
  • 11
  • 2
    On Ubuntu, root account is typically disabled, so this approach will not work. However, pkexec should work, if the only damage is to sudo's config. – vidarlo Feb 29 '20 at 08:05
  • This method works just fine if you've set and have the root password.
    That said the command is wrong, it should be su - root not su -root.     – bvargo Dec 01 '21 at 02:35
0

In my case, I was running Windows Subsystem for Linux(WSL2). I had created a folder using VSCode(running in windows) and opened it for creating more files in it.

After closing VSCode(which kept running in background), I tried deleting the created folder from WSL2 terminal and got the above error.

The solution was to terminate instance of VSCode fully(or restart system) as it was keeping the folder opened.

Abhishek Shakya
  • 1
0

Here is what worked for me after all other failed.

Here is the original link to my steps https://metamug.com/article/networking/unable-to-access-sudoers-owned-by-uid-1000.html

Open two SSH sessions to the target server.

(Put both SSH side by side, so you can enter password at SSH-2 when running STEP-3,in SSH-1)

  1. In the first session, get the PID of bash by running:
echo $$
  1. In the second session, start the authentication agent with:

(Use the pid obtained from step 1)

pkttyagent --process 29824
  1. Back in the first session, run:
pkexec chown root:root  /etc/sudoer
pkexec chown root:root /etc/sudoers /etc/sudoers.d -R

GOOD LUCK HOPE IT WORKS FOR YOU TOO!!!

sotirov
  • 3,169
Mohammed Quayyum
  • 1