Troubleshooting Sudo
I happen to much prefer Ubuntu and Mac OS X's sudo model to the root/user one that's typical of most Linux distributions. You can read all about why Ubuntu uses sudo and all the pros and cons of that model at help.ubuntu.com/community/RootSudo.
The one thing I don't like about sudo is how fragile it is. If you don't know what you're doing (especially at the command-line), sometimes sudo can get broken. It doesn't happen very often, but it does happen. That's what this page is for.
If your sudo is "broken," meaning that you can't use the sudo command to temporarily gain administrative privileges, there are two files you should be aware of:
/etc/sudoers and /etc/group
The /etc/sudoers file should look the same for every Ubuntu user who hasn't fiddled with it:
#
# This file MUST be edited with the 'visudo' command as root.
#
# See the man page for details on how to write a sudoers file.
#
# Host alias specification
# User alias specification
# Cmnd alias specification
# Defaults
Defaults !lecture,tty_tickets,!fqdn
# User privilege specification
root ALL=(ALL) ALL
# Members of the admin group may gain root privileges
%admin ALL=(ALL) ALL
It basically says anyone who is root can do anything, and anyone in the administrative group (people who can sudo) can do anything (with a password).
Now, the /etc/group file will look different for every Ubuntu installation. It specifies which groups each user belongs to. An example of how it might look is here:
daemon:x:1:
bin:x:2:
sys:x:3:
adm:x:4:firstuser
tty:x:5:
disk:x:6:
lp:x:7:cupsys
mail:x:8:
news:x:9:
uucp:x:10:
man:x:12:
proxy:x:13:
kmem:x:15:
dialout:x:20:firstuser,cupsys
fax:x:21:
voice:x:22:
cdrom:x:24:firstuser,haldaemon
floppy:x:25:firstuser,haldaemon
tape:x:26:
sudo:x:27:
audio:x:29:firstuser
dip:x:30:firstuser
www-data:x:33:
backup:x:34:
operator:x:37:
list:x:38:
irc:x:39:
src:x:40:
gnats:x:41:
shadow:x:42:
utmp:x:43:
video:x:44:firstuser
sasl:x:45:
plugdev:x:46:firstuser,haldaemon
staff:x:50:
games:x:60:
users:x:100:
nogroup:x:65534:
dhcp:x:101:
syslog:x:102:
klog:x:103:
firstuser:x:1000:
lpadmin:x:104:firstuser
scanner:x:105:firstuser,cupsys
admin:x:106:firstuser
crontab:x:107:
ssh:x:108:
messagebus:x:109:
haldaemon:x:110:
slocate:x:111:
For troubleshooting purposes, the most important line in the /etc/group file is the one in bold, which specifies who is in the admin group, and hence who has sudo privileges. Substitute your actual username for firstuser, of course.
Now, this begs the question, "How can I edit the /etc/group file if I don't have sudo permissions?"
The answer is something called recovery mode.
You know when you boot up, you get several options for how you want to boot up? There's usually a kernel, recovery mode, and memtest at the very least.
After you boot into recovery mode, you should be logged in as root. Or, if you set a root password in your installation, you'll be prompted for your root password. Either way--password or not--you'll end up logged in as root.
Once you're there, before you make any changes, it's a good idea to make backup copies of your two corrupt files. Sure, they're incorrect, but they're better than nothing, especially if you accidentally delete the contents of the original files. To back them up, type
cp /etc/sudoers /etc/sudoers.old
Then, to edit the files, use these commands:
This command edits the /etc/sudoers file.
To save in nano, you press Control-X (save), Y (confirm), and Enter (exit).
If you don't want to bother editing the /etc/group file, you can also issue this command:
That one command will add user username to the admin group so you can sudo
If you are trying to fix the error where it says sudo is mode _____, should be 0440, then you'll want to type
When you're done, reboot, and you should be able to sudo again.
