Manjaro : sudoers locked out

I was running visudo and i think i messed a lil up next time i booted it does no longer accept my password and am locked out, i can use ctrl alt 3 and get into user:root

but not my main profile so i can acces root shell, and i don’t know what too do

Without knowing what you changed - there is no way one can provide a meaningful response.

Which file did you edit with visudo?

If I understand correct - you can login with root?

4 Likes

Changing the password is easy. If you can login as root enter

passwd <username>

where <username> is the username of your user.

After changing reboot.

It could be that your user has been deleted from wheel group, in this case please post the sudoers file you changed with visudo.

2 Likes

You can log in as root?
have a look at the command history then - to help you remember what you did with visudo

It’s probably going to be in your users command history:

less /home/username/.bash_history
or
less /home/username/.zhistory

or in roots equivalent files:
less /root/.bash_history
less /root/.zhistory

1 Like

correct

What did you find there?

(If you don’t answer this, Nachlese can’t help you)

cat ~/.*history |grep -E 'visudo'
sudo sh -c 'cat /root/.*history' |grep -E 'visudo'

:footprints:

1 Like

Maybe we should be looking at providing advice to the OP on the assumption that it is their /etc/sudoers file they were working on?

After all, they do mention sudoers in the topic title, and visudo defaults to editing /etc/sudoers if no file is specified, as I just tested on my system:

sudo visudo 
[sudo] password for scotty: 
visudo: /etc/sudoers.tmp unchanged

Of course, I exited without saving by typing :q! & pressing enter. However, if they mistakenly saved when exiting, they have probably overwritten their sudoers file, and thus find themselves locked out of sudo.

However, as a solution may be time-consuming, it would still be preferable for the OP to confirm what file they were working on.

If there’s a sudoers.pacsave created, that might simplify recovery.

Judging by the OP’s responses response so far, I would guess very time-consuming, indeed.

3 Likes

If that isn’t possible, could they log in to a TTY session as root, delete their messed-up /etc/sudoers file, and then (as root) reinstall sudo to provide the default /etc/sudoers file? Or would that cause other issues?

This is something I was actually pondering recently when I tried to edit my sudoers file for the first time using visudo. It ended up with a lot of "q"s & other letters scattered throughout it as I tried to work out how to exit, and I had to do a search in Firefox for how to exit visudo without saving.

That was when I also discovered the much safer method of dropping a config file into /etc/sudoers.d/ rather than editing the actual sudoers file.

2 Likes

At this point we could guess a number of possibilities. Until the OP actually confirms what they have done; which file(s) they have edited; and/or provides some actionable information to work with, there’s practically nothing to be done here.

If the OP won’t help themselves within a fair amount of time, then I move to close.

3 Likes

If this is the answer to the assumption that you can login in as root - then great!

As visudo can be used for several system sensitive tasks - what exactly did you change?

1 Like

sorry for the long responses atm, am in school i am in school and be home in a hour or four, sorry for the delay.

1 Like

it was somewhwre around this part something broke

# %wheel ALL=(ALL:ALL) ALL

The wheel group is outcommented. Looks like the pacnew file being copied over.

1 Like

not how too type that on yhe terminal, i can’t really copy paste

what do you mean?

I would remove the # in front of the mentioned line. Use visudo.

2 Likes

the one with wheel all all all all?

yes, indeed

1 Like

i tried that and it still seems not too work.