[svlug] Fix to locking oneself out of /etc/sudoers with Ubuntu 14.04

Steve Litt slitt at troubleshooters.com
Sat Jan 17 16:09:02 PST 2015


On Sat, 17 Jan 2015 16:38:45 -0700
Jesse Monroy <jesse650 at gmail.com> wrote:

> To all,
> this has been sitting in my outbox for quite a while. It will get
> posted to one of my blogs, likely https://unbot.wordpress.com/
> 
> Also, given the wide spread use of 'sudo', I expect this solution
> to useful beyond this post. If you have any comments or additions,
> let me know, I'll add them to the blog post.
> 
> TIA
> Jesse
> ----
> On Dec 13, 2014, minutes before a sales call, the brillant concept
> flashed in my mind "passwordless sudo".
> 
> First, for proper reference let relate a BSD community motto
> Namely, "always leave the user enough rope to shot themself in foot
> with."
> 
> Next, I want to say after doing multiple mindless self-inflicted
> hangings I should have known better, but I did it. Yes, I did what
> might be the worst idea - I modified /etc/sudoers, and left the editor
> - before testing it!
> 
> So as you might guess, I was locked out of reverting /etc/sudoers.
> Yes, I know there are countless solutions to this - if forethought is
> given.
> 
> But let's just say for a moment you did not have coffee, or somehow
> put on the idiot hat in the morning, and wandered around in a daze,
> and accidently typed :wq!
> 
> Here is how to fix that mess for Ubuntu 14.04
> 
> while booting:
> left-shift key
> 
> $ mount -o remount,rw /
> 
> $ vi /etc/sudoers
> 
> Undo your mistake. Also when editing a configuration file, it has
> always been a company policy, "Comment out. NEVER EVER DELETE!"
> 
> $ save with ":w!"
> 
>  ----
> 
> To the original problem
> 
> Add this to the last line of: /etc/sudoers
> your-username ALL=NOPASSWD: ALL
> 
> Credit goes to :
> http://askubuntu.com/questions/147241/execute-sudo-without-password

If, for some reason, left-shift didn't work, couldn't you also boot
System Rescue CD, mount the hard drive's root at /mnt, temporarily
change /mnt/etc/sudoers permissions, edit the file just like you said,
exit the editor, restore the original 440 permissions, cd /, unmount
the hard drive's root, and reboot back to your original OS?

Obviously, left-shift would be better if it's available, as would
choosing the emergency boot from Grub, but just in case?

Thanks,

SteveT

Steve Litt                *  http://www.troubleshooters.com/
Troubleshooting Training  *  Human Performance




More information about the svlug mailing list