how to add a sudoer?

How did you modify the "sudoers" file originally? It sounds like you just used a regular text editor which is not the proper way of editing that file since the OS provides a special utility to edit that file. That special utility will make sure there are no syntax errors in the file when saving it.

Personally I would never edit the "sudoers" file even with that special utility because if you make a mistake it is very difficult to recover from it. It is much better to create a new file in the "/etc/sudoers.d" folder, so if something does go wrong, then you can just use the Finder to move/delete it.

To properly edit the "sudoers" file you need to use the following command which will allow you to use the "nano" text editor which is easier to use than the default "vi" or "vim" editors:

editor=nano  sudo  visudo

To fix this problem now, you will need to either replace the "sudoers" file from a backup, or edit it while booted from Recovery Mode. To edit it from recovery mode will require a slight modification to the above command as you will need to point the utility to the "sudoers" file which is located in another location when booted into Recovery Mode. You will need to find the mount point for the volume. I will provide an example command to where I believe the volume will be mounted (assuming the volume name is still the default "Macintosh HD" and "Macintosh HD - Data". I have never done this with macOS 10.15+ so you will need to figure out the exact path.

editor=nano  visudo  -f  /<path-to-mounted-internal-volume>/private/etc/sudoers

I believe the correct path while in Recovery Mode will be the following, but you should verify it yourself (if you don't know how, then you should not be modifying the "sudoers" file in the first place -- I'm assuming the default "Macintosh HD" volume name has not been changed):

editor=nano  visudo  -f  /Volumes/Macintosh\ HD\ -\ Data/private/etc/sudoers

Remove the changes you made and safe the file. Once you reboot normally, you should have your Terminal working again.

In the future create a new file in the "/etc/sudoers.d" folder for any customizations by using the following sample command (the special "visudo" command will make sure the file has the proper permissions as well as verifying the syntax of each line):

editor=nano  visudo  -f  /etc/sudoers.d/<custom-sudoers-addon-file>

So, to give create a special entry on my system, I used "mymods" as the file name to house the custom "sudoers" information:

editor=nano  visudo  -f  /etc/sudoers.d/mymods

This is a much safer way to make modifications. I suggest you perform a lot more research before following advice you find online (even mine since it is possible I have made a mistake or a typo -- it has been a while since I performed these modifications) and make sure you understand how this all works and possible repercussions. FYI, I never realized this myself until after doing research and finding people suggesting this option and also reading the "man" files for "sudoers" and "visudo". Also, backups are very important especially when working with the command line, even more so when "sudo" is involved.

From a Monterey install that happens to be handy:

$ sudo cat /etc/sudoers
Password:
#
# Sample /etc/sudoers file.
#
# This file MUST be edited with the 'visudo' command as root.
#
# See the sudoers man page for the details on how to write a sudoers file.

##
# Override built-in defaults
##
Defaults	env_reset
Defaults	env_keep += "BLOCKSIZE"
Defaults	env_keep += "COLORFGBG COLORTERM"
Defaults	env_keep += "__CF_USER_TEXT_ENCODING"
Defaults	env_keep += "CHARSET LANG LANGUAGE LC_ALL LC_COLLATE LC_CTYPE"
Defaults	env_keep += "LC_MESSAGES LC_MONETARY LC_NUMERIC LC_TIME"
Defaults	env_keep += "LINES COLUMNS"
Defaults	env_keep += "LSCOLORS"
Defaults	env_keep += "SSH_AUTH_SOCK"
Defaults	env_keep += "TZ"
Defaults	env_keep += "DISPLAY XAUTHORIZATION XAUTHORITY"
Defaults	env_keep += "EDITOR VISUAL"
Defaults	env_keep += "HOME MAIL"

Defaults	lecture_file = "/etc/sudo_lecture"

##
# User alias specification
##
# User_Alias	FULLTIMERS = millert, mikef, dowdy

##
# Runas alias specification
##
# Runas_Alias	OP = root, operator

##
# Host alias specification
##
# Host_Alias	CUNETS = 128.138.0.0/255.255.0.0
# Host_Alias	CSNETS = 128.138.243.0, 128.138.204.0/24, 128.138.242.0
# Host_Alias	SERVERS = master, mail, www, ns
# Host_Alias	CDROM = orion, perseus, hercules

##
# Cmnd alias specification
##
# Cmnd_Alias	PAGERS = /usr/bin/more, /usr/bin/pg, /usr/bin/less

##
# User specification
##

# root and users in group wheel can run anything on any machine as any user
root		ALL = (ALL) ALL
%admin		ALL = (ALL) ALL

## Read drop-in files from /private/etc/sudoers.d
## (the '#' here does not indicate a comment)
#includedir /private/etc/sudoers.d
$
$
$ sudo ls /etc/sudoers.d
$
$

Do you have something in that subdirectory?

The sudoers file shown above is the default copy.

Dannymac22 wrote:

These are good recovery ideas, but no, I did NOT use a regular text editor. I only use visudo.

I am puzzled why i is so dificult to recover from it, though. I change it back, and I am pointed to a syntax error corresponding to a line that I completely removed!

It’s cached. Restart. If that fails, restart through Safe Mode to rebuild all the caches.

Admin users are added to sudoers automatically.

And su and sudo is ineffective on the read-only and sealed boot storage; on macOS itself and its protected files. Superuser has been relegated to use only with user files and add-on apps.

Giving a user privileges to administer the computer does change the sudoers file, and it does not need to.

Anyone in the admin group is already a sudoer.

By turning this on:

You effectively make a user a member of the admin group.

Hence it becomes a "bona fide sudoer", to use your expression, but this does not require modifying the sudoers file.

To make someone a sudoer you can just make that account an administrator account in System Preferences->Users & Groups.

I think that is better than messing with the sudoers file.

Maybe you could post the contents your sudoers file here so we can examine it. Use the "Code Insertion" tool which has an icon like "<>" on the forum editing toolbar so it makes it easier for us to view the text especially so the spaces are a bit more visible.

Something before this line may be incorrect and it is only this line which happens to flag the problem. Plus it is hard to read text posted in a standard text window because spacing is not easily seen.

Your best option is to remove all customizations from the sudoers file to see what happens. "visudo" should not be allowing you to save the file unless you have removed all syntax errors. Then if things are Ok, add any customizations to a new file in the "sudoers.d" folder as I suggested so any mistakes are much easier to deal with. Of course if the "sudoers" file is broken, then you may need to modify it while booted from Recovery Mode.

Another option is delete the "sudoers" file and reinstall macOS over top of itself from Recovery Mode which in theory should recreate this file for you. Then add any customizations to the "sudoers.d" folder instead.

Then try it from Internet Recovery Mode to completely bypass the system on the internal drive. While booted in Internet Recovery Mode delete the current "sudoers" file using the command line. Then create a fresh "sudoers" file by typing in the text @MrHoffman provided. Do not copy & paste since it may include hidden text items from the website. You will need to locate the exact location of the file, but if the internal volume still has the default "Macintosh HD" volume name, then I believe the following two commands will permanently remove the file for you and launch the "visudo" command with the proper file location for the replacement file. Of course adjust the path as necessary to reflect the volume name of the internal drive. My examples assume "Macintosh HD" is the name of the macOS system volume and "Macintosh HD - Data" is the "Data" volume. If you did change the name, then one of the names may still retain the original "Macintosh HD" portion of the name.

First verify you have the correct location by making sure the "sudoers" file exists here:

ls  -hl  /Volumes/Macintosh\ HD\ -\ Data/private/etc  

This will delete the "sudoers" file and prompt for confirmation:

rm  -i  /Volumes/Macintosh\ HD\ -\ Data/private/etc/sudoers

This launches the "visudo" utility necessary for editing the "sudoers" file by using the "nano" text editor:

EDITOR=nano  visudo  -f  /Volumes/Macintosh\ HD\ -\ Data/private/etc/sudoers

Or if you don't want to escape the spaces in the path, then enclose the path in double quotes like this (same applies to the previous two commands):

EDITOR=nano  visudo  -f  "/Volumes/Macintosh HD - Data/private/etc/sudoers"

If you prefer using "vi" or "vim" for editing on the command line, then just omit the "EDITOR=nano" part of the line. I recommend most people to use "nano" unless they are already familiar with "vi" or "vim".

Any other users besides the OP should be extremely careful using any commands listed in this thread without knowing exactly what they do or why they are being used. The command line has absolutely no safety net and just a simple typographical error (either in my instructions or when the user types the commands) may end up with catastrophic results and perhaps even data loss. Plus locations of these files may vary depending on the version of macOS used and the drive used to boot the Mac. I'm making the assumption the OP has at least a rudimentary knowledge of the command line since the OP modified such a critical system file in the first place (I know, it is not wise to make any assumptions, but the OP already has a broken system).

Did you restart your mac after making that change? The file is probably cached and not reread every time.

Dannymac22 wrote:

But that's an important point that "Admin users", which I believe has to mean users with Admin privileges, are added to sudoers automatically.

A point that I made a few days ago, more than once...

Dannymac22 wrote:

I'm wondering what Safe Mode DOES. Does it clear out caches? Or do I need to do reediting via visudo while I'm in Safe Mode?

Per Apple: Safe mode prevents your Mac from loading certain software as it starts up, including login items, system extensions not required by macOS, and fonts not installed by macOS. It also does a basic check of your startup disk, similar to using First Aid in Disk Utility. And it deletes some system caches, including font caches and the kernel cache, which are automatically created again as needed.

Safe mode is particularly useful when you're trying to resolve an issue that doesn't seem to be associated with using any particular app. As always, keeping your software up to date is the first step toward resolving any software issue.

Between the cache rebuild, and shutting off the more problematic apps—add-on privacy apps, security, cleaner apps, first-few-hops VPN client apps, and the odd stuff still with kexts—Safe Mode untangles some messes. If Safe Mode doesn’t, then reinstallation—preferably f]with fewer malware-ish add-on apps—is usually the next step.

And no, no sudoers related steps.

As you want to learn more about macOS, acquiring the volumes of the New OS X Book (a web search will find it) are an investment you will want to consider.