The complete story:
I launched an Amazon EC2 "Tier" (VPS) running RHEL 7.1 and created a key for ssh.
EC2 automaticly crates a user called ec2-user for new Rhel VPSs, and it have the permissions (in sudoers file):
ec2-user ALL = NOPASSWD: ALL
I crated a new user (with password) called "e" and tried to add him to the sudoers file.
When i tried to edit the /etc/sudoers file with VI, it said the file is read-only, so i changed it's permissions to 600, and now every time i try to do somthing with "sudo" command, i get an error:
sudo: /etc/sudoers is world writable
sudo: no valid sudoers sources found, quitting
sudo: unable to initialize policy plugin
and i can't change it back to 440, becuse i need to be root to do it and i can't do "sudo".
I read somewhere the solution is to run
pkexec chmod 0440 /etc/sudoers
but it asks for password for ec2-user who don't have any password:
==== AUTHENTICATING FOR org.freedesktop.policykit.exec ===
Authentication is needed to run `/usr/bin/chmod' as the super user
Authenticating as: Cloud User (ec2-user)
Password:
polkit-agent-helper-1: pam_authenticate failed: Authentication failure
==== AUTHENTICATION FAILED ===
Error executing command as another user: Not authorized
This incident has been reported.
What now? anyone have any idea how to proceed in order to make sudoers file 440 agin?
Best Answer
Yeah - that is a "gotcha" for sure. Use
visudo
in the future to avoid that problem. I have a CentOS 7 VM, which is essentially the same as RHEL7; and I was able to usesu -
to become root without usingsudo
, because I know the root password. Do you know your password for the user, root?