how to change owner of sudoer file in centos that has been mistakenly changed to nonexisting user

Learn how to change owner of sudoer file in centos that has been mistakenly changed to nonexisting user with practical examples, diagrams, and best practices. Covers chown, sudoers development tech...
Tags:
Categories:

Recovering the Sudoers File: Fixing Ownership on CentOS

A broken lock icon symbolizing lost access, with a wrench and screwdriver indicating repair.

Learn how to regain control of your sudoers file on CentOS after its ownership has been accidentally changed to a non-existent user, preventing sudo access.

Accidentally changing the ownership of the /etc/sudoers file to a non-existent user can lock you out of sudo commands on your CentOS system. This is a critical issue because sudo relies on correct permissions and ownership for security. Without sudo access, performing administrative tasks becomes challenging. This article will guide you through the necessary steps to recover your sudoers file ownership and restore sudo functionality.

Understanding the Problem: Why Sudoers Ownership Matters

The /etc/sudoers file dictates which users and groups can execute commands with superuser privileges. For security reasons, this file must have very specific permissions and ownership. Typically, it should be owned by root:root and have permissions 0440 (read-only for owner and group, no access for others). If the ownership is changed to a user that doesn't exist, the system cannot correctly interpret the file's permissions, leading to sudo failures. This often manifests as errors like sudo: /etc/sudoers is owned by uid 1001, should be 0 or sudo: no valid sudoers sources found, quitting.

flowchart TD
    A[User attempts sudo command] --> B{Sudo checks /etc/sudoers}
    B --> C{Is ownership root:root?}
    C -- No --> D[Sudo fails: Ownership incorrect]
    C -- Yes --> E{Are permissions 0440?}
    E -- No --> F[Sudo fails: Permissions incorrect]
    E -- Yes --> G[Sudo proceeds with authorization]

Flowchart illustrating sudoers file validation process

The Recovery Process: Gaining Root Access

To fix the sudoers file, you need root privileges. Since sudo is likely broken, you'll need to boot into single-user mode or rescue mode. This method bypasses the normal boot process and grants you a root shell without requiring a password (in most default configurations). This is the most reliable way to fix critical system files like sudoers.

1. Reboot into Single-User Mode

Reboot your CentOS system. During the boot process, when the GRUB menu appears, select your desired kernel and press the e key to edit the boot parameters. Locate the line that starts with linux or linux16 and append init=/bin/bash or rd.break to the end of it. Then, press Ctrl+x or F10 to boot.

2. Remount Root Filesystem as Writable

Once you land in the root shell, the filesystem is usually mounted read-only. You need to remount it as writable to make changes. Execute the command: mount -o remount,rw /.

3. Change Sudoers File Ownership

Now that you have root access and a writable filesystem, you can correct the ownership of the /etc/sudoers file. Use the chown command: chown root:root /etc/sudoers.

4. Verify and Correct Permissions (if necessary)

While you're at it, it's good practice to ensure the permissions are also correct. The standard permissions for /etc/sudoers are 0440. You can set them using chmod: chmod 0440 /etc/sudoers. You can verify with ls -l /etc/sudoers.

5. Exit and Reboot

After correcting the ownership and permissions, type exit to leave the root shell. The system will then continue its boot process or prompt you to reboot. If it doesn't reboot automatically, use reboot -f.

# Step 1: Edit GRUB entry (append to linux/linux16 line)
# init=/bin/bash  OR  rd.break

# Step 2: Remount root filesystem as writable
mount -o remount,rw /

# Step 3: Change ownership of sudoers file
chown root:root /etc/sudoers

# Step 4: (Optional but recommended) Verify/Correct permissions
chmod 0440 /etc/sudoers

# Step 5: Exit and reboot
exit
# If system doesn't reboot, use:
# reboot -f

Commands to execute in single-user/rescue mode

Post-Recovery Verification

Once your system has rebooted, log in as a regular user and test sudo functionality. Try a simple command like sudo whoami or sudo ls /root. If it prompts for your password and executes successfully, you have successfully restored the sudoers file ownership.

sudo whoami
# Expected output: root

sudo ls /root
# Expected output: Listing of /root directory contents (if accessible)

Verifying sudo functionality after recovery