Linux – Broke the /etc/sudoers file on amazon EC2

amazon ec2linuxsudo

I edited my Linux Amazon EC2 instance using vim /etc/sudoers and tried adding another account to the list. I realize now that this was a terrible mistake. I can no longer sudo from any account (which means I cannot edit the file again) and I do not have the root account password. Is there anything I can do to correct this?

Thanks.

Best Answer

Hopefully you are using an EBS root volume. If so, the solution is not too difficult.

Essentially, you attach the EBS volume to another instance make the changes, and reattach it to the original instance:

Stop (don't terminate) the original instance
Detach the EBS volume
Launch another instance
Attach your current EBS volume to the new instance
SSH into the new instance, mount the EBS volume and make the needed changes
Unmount the EBS volume (e.g. umount -d /dev/xvdh or umount -d /dev/sdh)
Detach the EBS volume from new instance and attach it as the root volume (e.g. /dev/sda1) of the old instance
Start the old instance
If everything is working, terminate the new instance

The reason this works, is that on the fresh, new instance, you have the proper permissions - its root volume is intact - which makes the sudoers file from your original instance just another file you can edit.

If you have an instance-store root volume, unfortunately, you probably won't be able to fix the problem, and will have to revert to an AMI you have made previously as a backup.

Best Answer

Related Solutions

Root access amazon ec2

Update multiple sudoers file

Related Topic