sudoers - Google Compute Engine - no access to root

Question

I have a Google Compute Engine VM instance with a Asterisk Server running on it. I get this message when I try to run sudo:

sudo: parse error in /etc/sudoers near line 21
sudo: no valid sudoers sources found, quitting
sudo: unable to initialize policy plugin

Is there a password for root so I can try to change it there? Any suggestions on this?

Answer 1

It looks like you have manually edited the /etc/sudoers file so while you would normally have sudo access, due to the parse error, you won't be able to do this directly.

Here's how to fix this situation.

1. Save the current boot disk

• go to to the instance view in Developers Console

• find your VM instance and click on its name; you should now be looking at a URL such as https://console.cloud.google.com/project/[PROJECT]/compute/instancesDetail/zones/[ZONE]/instances/[VM-NAME]

• stop the instance

• detach the boot disk from the instance

2. Fix the /etc/sudoers on the boot disk

• create a new VM instance with its own boot disk; you should have sudo access here
• attach the disk saved above as a separate persistent disk
• mount the disk you just attached
• fix the /etc/sudoers file on the disk
• unmount the second disk
• detach the second disk from the VM
• delete the new VM instance (let it delete its boot disk, you won't need it)

3. Restore the original VM instance

• re-attach the boot disk to the original VM
• restart the original VM with its original boot disk, with fixed config

How to avoid this in the future

Always use the command visudo rather just any text editor directly to edit the /etc/sudoers file which will validate the contents of the file prior to saving it.