corrupted AWS /etc/sudoers.d/90-cloud-init-users

Question

On one of my EC2 EBS backed instances, /etc/sudoers.d/90-cloud-init-users is corrupted so I can not sudo

I tried pkexec visudo to fix it -- it asks for authentication, but won't accept credentials.

What are my options?

Wondering if there's a way to mount the volume on another instance, edit it manually, and restart?

Yes, you can do that. – Michael Hampton May 28 '19 at 20:11 — Michael Hampton, May 28 '19 at 20:11

score 1 · Accepted Answer · answered May 28 '19 at 22:35

Yes, one way is to attach the volume to another instance to fix the problem.

Shut down your instance (do not terminate!)
Note down what the root volume device name is (probably /dev/sda1 or /dev/xvda)
Detach the volume and attach to another "helper" instance.
Fix the sudoers file.
Unmount and detach the volume from the "helper" instance and re-attach to the original one using the correct name noted in step 2 above (i.e. /dev/sda1 or /dev/xvda)
Start up and test.

Another way is to use AWS Systems Manager (SSM) to open an interactive session to the instance and fix it from there. Most recent AMIs come with SSM agent already installed but you may need to give the instance the appropriate IAM Role/Policy to permit access to SSM. Check out Using SSM Session Manager for interactive instance access for an intro and SSM Sessions the easy way for a helper script that makes it more convenient.

Hope that helps :)

This is what I wound up doing. The one surprise was that the actual mount point wound up being different than what I specified in the CLI command. — Kyle Banerjee, May 29 '19 at 23:04

corrupted AWS /etc/sudoers.d/90-cloud-init-users

1 Answers1