I edited the sudoers file on my EC2 instance and now I'm receiving syntax errors when trying to run sudo commands. How do I fix this?
I manually edited the sudoers file on my Amazon Elastic Compute Cloud (Amazon EC2 instance). Now I'm receiving a syntax error similar to the following when trying to run sudo su commands or commands that require privileged user access:
"/etc/sudoers: syntax error near line xx" "sudo: parse error in /etc/sudoers near line xx" "sudo: no valid sudoers sources found, quitting" "sudo: unable to initialize policy plugin"
Short description
This syntax error occurs when the /etc/sudoers file is manually edited to change the sudo user and unwanted characters are added to the file. The result can be an impaired instance that can't run sudo su or commands that require privileged user access. To fix this syntax error, stop the instance, detach its root volume, attach it to a recovery instance, mount the root volume as a secondary volume, and then revert the changes to the sudoers file.
Warning: Before starting this procedure, be aware of the following:
- Stopping and restarting the instance erases any data on instance store volumes. Be sure that you back up any data on the instance store volume that you want to keep. For more information, see Determine the root vevice type of your instance.
- Stopping and restarting the instance changes the public IP address of your instance. It's a best practice to use an Elastic IP address instead of a public IP address when routing external traffic to your instance.
Resolution
Note: Don't manually edit the sudoers file using a text editor such as vi, vim, or nano on a running instance that you can connect to. Always run visudo to edit the /etc/sudoers file on instances that you can connect to. Visudo checks for parse errors as you edit so that any issues introduced into the file are brought to your attention before you save the changes.
1. Open the Amazon EC2 console.
2. Choose Instances from the navigation pane, and then select the impaired instance.
3. Choose Actions, choose Instance State, and then choose Stop.
4. In the Description tab, select the Root device, and then select the EBS ID.
5. Choose Actions, choose Detach Volume (/dev/sda1 or /dev/xvda), and then choose Yes, Detach.
6. Verify that the State is Available.
7. Launch a new EC2 instance in same Availability Zone as the original instance. The new instance becomes your rescue instance.
8. After the rescue instance launches, choose Volumes from the navigation pane, and then select the detached root volume of the original instance.
9. Choose Actions, and then choose Attach Volume.
10. Select the rescue instance ID (1-xxxx) and then enter a device name (/dev/sdf, for example).
11. Use SSH to connect into the rescue instance using your key pair.
12. Run the lsblk command to verify the device name of the attached volume.
lsblk
The following is an example of the output.
NAME MAJ:MIN RM SIZE RO TYPE MOUNTPOINT xvda 202:0 0 8G 0 disk └─xvda1 202:1 0 8G 0 part / xvdf 202:80 0 500G 0 disk └─xvdf1 202:81 0 500G 0 part
13. Create a mount directory and then mount with root privileges:
Amazon Linux, Ubuntu, and Debian:
sudo mount /dev/xvdf1 /mnt
Amazon Linux 2, CentOS 7 or 8, SUSE Linux 12, and RHEL 7.x or 8.x:
sudo mount -o nouuid /dev/xvdf1 /mnt
Check the mount point in the console for the newly attached volume. Usually that mount point is /dev/xvdf1.
14. Chroot into the mounted directory.
for dir in {/dev,/dev/pts,/sys,/proc}; do sudo mount -o bind $dir /mnt$dir; done chroot /mnt
15. Edit the sudoers file using visudo command.
visudo
There are two options for editing the file:
Option 1: Revert the changes you made that created the syntax error.
Option 2: Replace the /mnt/etc/sudoers file with a known correct file from the recovery instance by copying the file from the recovery instance.
Create a backup of the original file.
sudo mv /mnt/etc/sudoers /mnt/etc/sudoers.backup
Copy the file to the instance.
sudo cp /etc/sudoers /mnt/etc/sudoers
16. After you edit or replace the sudoers file, unmount the volume.
for dir in {/dev,/dev/pts,/sys,/proc}; do umount /mnt$dir; done sudo umount /mnt
17. Attach the volume to the original instance. Specify the mount point as /dev/xvda or /dev/sda1, as this is the root volume for the original instance.
18. Start the original instance.
19. Connect to the instance using SSH and try running sudo commands.
Related information
Why am I unable to run sudo commands on my EC2 Linux instance?

Relevanter Inhalt
- AWS OFFICIALAktualisiert vor einem Jahr
- AWS OFFICIALAktualisiert vor 3 Monaten
- AWS OFFICIALAktualisiert vor 3 Monaten
- Wie kann ich die PHP-Upload-Größenbegrenzung in meiner Lightsail-Bitnami-WordPress-Instance erhöhen?AWS OFFICIALAktualisiert vor 2 Jahren