How to repair /etc/sudoers on OSX High Sierra

How I got here

I installed an SSD drive after backing up my data. I installed OSX Maverick (because my laptop is circa 2014), and then I started copying over my data from user-2 to user-1 (because my user after installation of the OS did not match the user of the same name that saved the data in the backed up data).

Then I started to repair the ownership of files but I did something really bad: I ran sudo chmod -R user-1:staff in /etc and changed the ownership of /etc/sudoers. And with the file ownership corrupted, you cannot change it back.

What I've tried

I've done single user mode boot and found that the file system is mounted read-only.

I've booted in recovery mode and found that OSX no longer offers "Repair Disk Permissions" in Disk Utility.

I've booted in recovery mode and found that I cannot restore a single file from my Time Machine backup because recovery mode allows only paving over your machine with all your Time Machine datas.

I've tried to do an ordinary boot but that takes 30 minutes and though the progress bar says that it has completed, the OS never comes up again.

The question

So, how do I

get a user prompt on a writable file system so that I can set the ownership on /etc/sudoers or
get to Finder to repair ownership

and maybe be able to boot my laptop again?

Sadly, I cannot get on as root with this exploit because I cannot get a dialog prompt for login.

Later 2018-01-21

I came across this question and was able to mount -uw / && chmod 0 /etc/sudoers successfully, but I still cannot boot. It may be something else caused by the chown -R.

Later still: when I boot in verbose mode (Command-V), I get infinite scroll of error message "Process X crashed: opendirectoryd. Too many corpses being created." This looks fatal. I may have to reinstall the OS and my backup.

user20342

Posted 2018-01-22T04:13:53.203

Reputation: 163

Answers

There is a way out (thanks to https://astrails.com/blog/2009/09/29/how-to-fix-a-hosed-etc-sudoers-file-on-mac-osx):

be logged from an account with admin rights
in a Terminal, run open etc/ to see that directory from the Finder
select the file sudoers
get its information (Cmd+I)
click the + to add permissions
grant your account with Read-Write rights
vi /etc/sudoers and fix your mess
:w! to save (as it is still "Readonly")
then run sudo visudo to restore proper rights on this file.

akim

Posted 2018-01-22T04:13:53.203

Reputation: 141

You need to revert the entire /etc hierarchy to its proper ownership. It's mostly root:wheel, but there are a few exceptions. You can fix it in single-user mode after remounting the root volume for write access:

mount -uw /
chown -R root:wheel /etc
chown -R root:_lp /etc/cups
chown _lp:admin /etc/cups/certs
chown root:admin /etc/cups/certs/*
chown root:operator /etc/dumpdates    # It's ok if this file doesn't exist

Note that the order of execution is important, since the later chowns override the earlier ones.

Gordon Davisson

Posted 2018-01-22T04:13:53.203

Reputation: 28 538

I sort of went down this route. I looked at a Mac that was running correctly and grep -v wheel, saw only cups directory, saw my laptop did not have cups and just did chmod -R 0 /etc. No joy. So now I am paving and reinstalling my Time Machine backup. Hoping for the best. – user20342 – 2018-01-22T06:56:06.167

1Actually, an in-place reinstall from Recovery should also work, and preserve your user data (though that might not be a benefit at this point). BTW, you missed fixing the group along with owner. – Gordon Davisson – 2018-01-22T07:36:18.950