How to modify an invalid '/etc/sudoers' file?

On a modern Ubuntu system (and many other GNU/Linux distributions), fixing a corrupted sudoers file is actually quite easy, and doesn't require rebooting, using a live CD, or physical access to the machine.

To do this via SSH, log in to the machine and run the command pkexec visudo. If you have physical access to the machine, SSH is unnecessary; just open a Terminal window and run that pkexec command.

Assuming you (or some other user) are authorized to run programs as root with PolicyKit, you can enter your password, and then it will run visudo as root, and you can fix your /etc/sudoers.

If you need to edit one of the configuration files in /etc/sudoers.d (which is uncommon in this situation, but possible), use pkexec visudo -f /etc/sudoers.d/filename.

If you have a related situation where you have to perform additional system administration commands as root to fix the problem (also uncommon in this circumstance, but common in others), you can start an interactive root shell with pkexec bash. Generally speaking, any non-graphical command you'd run with sudo can be run with pkexec instead.

(If there is more than one user account on the system authorized to run programs as root with PolicyKit, then for any of those actions, you'll be asked to select which one you want to use, before being asked for your password.)

---

If that doesn't work--for example, if there are no users authorized to run programs as root via PolicyKit--then boot from an Ubuntu live CD (like the CD you probably used to install Ubuntu) and mount the filesystem for the installed system. You can do this by running sudo parted -l to view your partitions--there is probably just one ext4 partition, and that's the root filesystem.

Suppose the installed Ubuntu system's root filesystem is on /dev/sda1. Then you could mount it with sudo mount /dev/sda1 /mnt. Then you can edit the installed system's sudoers file with sudo nano -w /mnt/etc/sudoers. Or, even better, you can edit it with

sudo visudo -f /mnt/etc/sudoers

(which will prevent you from saving a sudoers file with incorrect syntax).

Always use visudo to edit your sudoers file, never edit it directly yourself. It will prevent you saving it to disk unless it validates.

Type in:

pkexec visudo

Then change last line

#includedir /etc/sudoers

To:

#includedir /etc/sudoers.d

It should solve your problem.

When this happens to a non-GUI system (your production server, maybe) the pkexec fails with this error message:

polkit-agent-helper-1: error response to PolicyKit daemon: GDBus.Error:org.freedesktop.PolicyKit1.Error.Failed: No session for cookie
==== AUTHENTICATION FAILED ===
Error executing command as another user: Not authorized

In this situation, using pkttyagent can be helpful. If you want to remove a corrupted file in sudoers.d directory, use this:

pkttyagent -p $(echo $$) | pkexec rm /etc/sudoers.d/FILENAME

If you want to recover the default /etc/sudoers, you can use this gist to copy the default configurations, putting it in a non-root accessed place (e.g. your $HOME). Then, you can overwrite your sudoers file:

pkttyagent -p $(echo $$) | pkexec cp ~/sudoers /etc/sudoers

NOTE: Using this approach, after running your command, probably your access to the shell will be gone. But I'm sure losing one shell session is much better than losing your server! (According to the manpage, this is the normal behavior: When its services are no longer needed, the process can be killed.)

if anyone else like me didn't have pkexec installed, or was not able to run vi, visudo, nano or any other editor to change sudoers file you can be sure with this process.. I was saved with this:

• reboot
• hold shift key while booting to have option for recovery mode (enter it)
• enter command line as root (second last option at my grub menu)

• remount boot device for rw, and apply exec right for user, and edit file

  mount -n -o remount,rw /
  chmod u+x /etc/sudoers
  visudo /etc/sudoers
  

fix that mistake and be happy :)

If you messed up your sudoers file, you'll need to:

• Reboot into recovery mode (hit escape during boot, choose the recovery mode option on the grub screen)
• Choose the 'Enable networking' option (if you don't your filesystem will be mounted as read-only. who knew)
• Chosee the 'Drop to root shell' option
• run visudo, fix your file
• Reboot with normal grub option

source :- http://mario.net.au/content/recover-etcsudoers-ubuntu-1204

There is nothing wrong #include sudoer.d removing #include sudoer.d won't make any difference.

But please make sure you don't have any syntax errors. I had same issue but and spent hours to fix and just figured out they are syntax errors. Refer to manual and make them right.

For example Say your username is : dolly I used following which is wrong

 dolly ALL = (ALL) ALL NO PASSWD: ALL

correct syntax is

dolly ALL = (ALL) ALL //give permission to everything, not good

or

dolly ALL=(ALL) NOPASSWD:/usr/bin/thurderbird //good, give specific permission

hope this helps

For WSL users, accessing a bad sudoers is much more straightforward:

wsl.exe -u root visudo

If you cannot recover the file manually this way, you can reset it to the default installed version (adapted from this answer) with:

wsl.exe -u root -e apt install --reinstall -o Dpkg::Options::="--force-confask,confnew,confmiss" sudo

Important: This will reset all configuration files associated with sudo, including other customizations done in /etc/sudoers.d.

run recovery mode then type this

chown -R root:root /etc/sudoers.d
chmod u=rwx,g=rx,o=rx /etc/sudoers.d/
chmod u=r,g=r,o= /etc/sudoers.d/*

only the group and user root should have read privelege

pkexec visudo

then revert your mistakes