sudo: can't open /private/etc/sudoers: Permission denied | sudo: no valid sudoers sources found, quitting

If your /etc/sudoers file is actually missing, you may need to use Linc Davis' solution above, and restore Lion (or Mountain Lion) via the recovery partition.

A more difficult and very command line heavy approach is to enable the root account (will most likely also require booting the recovery partition - Google search for instructions), login as root, take the /etc/sudoers file contents shown above and put a copy into a new /etc/sudoers file, change the ownership to "chown root:wheel /etc/sudoers", and change the permissions to "chmod 440 /etc/sudoers". Then maybe you can use the sudo command again. This is not an approach for anyone that is not confortable playing on the command line, and will require a lot of Google searching to give instructions for various steps in the process.

Or, you could go into Users & Groups in System Preferences, click Login Options, and change Display login window as: Name and password. Go into /System/Library/CoreServices and open Directory Utility. Click the lock in the bottom left of the screen and enter your password. In the Edit menu, select Enable Root User and enter a password.

Log out. When you get to the login screen, enter "root" (no quotes) as the user and the password you just selected. Once everything has loaded, open the Terminal (located in /Applications/Utilities, or just press Command-Shift-U to open the Utilities window) and type:

chmod g+x /

Note the space between the x and the slash.

Logout. Log back in as your usual user. Everything should be working now.

Go back into /System/Library/CoreServices and open the Directory Utility again. In the Edit menu, select Disable Root User. Close the program, and you're done.

This fixed my sudo problem in Mountain Lion.

This fixed my problem in ML as well - thanks Joshua! One thing, though, when I went back to delete the root user I had created, it apparently wasn't there, as "enable root user" was the only option.

There is a very simple way to solve this one if you have given yourself admin rights in the first place.

If so do the following:

1. In finder go to the directory where sudoers in located using the Go->Go to Folder....
2. Right click on the file sodoers and choose Get Info.
3. In the bottom-right corner there is a lock, click on the lock to open it.
4. When opened you can add yourself to list 'Sharing & Permissions'.
5. Give yourself read & write permissions.
6. Now you can edit the file in terminal with vi or vim.
7. After successful saving the content you can use sudo again.
8. If you like remove yourself from the list and close tje lock.

No reboot required!

@mylesdevon you should be able to disable the root user if you are not in the "Directory Editor" section of the Directory Utility and you have click the lock in the bottom left to make changes.

I had the same issue on my new Mavericks OS and was unable to "chmod g+x /" to work with my regular user so wanted to figure out how to log in as root. Here is a very simple way of enabling root and getting to the Directory Utility. http://support.apple.com/kb/PH11331

Thanks a lot, this post saved me.

This worked and fixed the problem under Maverick 10.9.5. Of all the work arounds I read over the last 2 days over on StackExchange, Apple.StackExchange or SuperUser, this turned out to be the most elegant, powerful and quick tech KungFu. Thank you!!!🙂

The following Terminal command is all that you need to open/edit/save the /etc/sudoers file. No permissions or ownership tampering necessary.

sudo visudo

This worked for me, but with a few shortcuts.

In my case, the / directory had the correct permissions. But during upgrade to OS X 10.11 (El Capitan), somehow the permissions on /private/etc went bad (did not have group execute permissions) and I could not sudo with this error:

---

bash-3.2$ sudo dmesg

sudo: unable to stat /etc/sudoers: Permission denied

sudo: no valid sudoers sources found, quitting

---

To fix this, I followed advice to add a password for the root user via System Preferences -> Users & Groups -> Login Options -> (lower right) Network Account Server: Join-> Open Directory Utility (button) -> Services (Unlock the icon at bottom left)-> Edit menu->Enable Root User (and enter a password).

Once done, pull up a terminal and hit "su -" give the password you provided and you should be root user mode.

Run: chmod g+x /private/etc to fix the folder permissions.

The issue was now fixed. Try running sudo dmesg on the terminal as a regular user with admin access.

Finally, exit and go back (reverse your steps) and disable the root user account again via the Edit menu options on Directory Editor.

Thanks for every ones help. I tried all the suggestions, none worked for me.

I did the backup, reinstall of Yosemite. All of that didn't work for me.

This worked for me:

Restart holding down command-s when you here the sound.

Be patient. When you see the computer booting, code scrolling down,

Wait till the scrolling code stops.

Type: mount -uw / (hit enter)

chmod -R 755 /etc/ (hit enter)

exit (Wait!, you will see more scrolling text)

It will take you to the login screen.

Hit the Restart.

If this works for anyone else please let me know.

Thanks All!

chmod -R 755 /etc/ (hit enter)

That is rather dangerous. Some of those files should not allow read access, but you just gave all the files in /etc/ read access. Not good.

I would suggest A) running Disk Utility -> Repair Permissions

Then I would suggest you review the following files. I got these from my system, but you may or may not have the same list:

-rw------- /etc/AFP.conf

-rw-r--r-- /etc/afpovertcp.cfg

-rw-r----- /etc/aliases.db

-rw-r--r-- /etc/apache2/extra/httpd-autoindex.conf

-rw-r--r-- /etc/apache2/extra/httpd-dav.conf

-rw-r--r-- /etc/apache2/extra/httpd-default.conf

-rw-r--r-- /etc/apache2/extra/httpd-info.conf

-rw-r--r-- /etc/apache2/extra/httpd-languages.conf

-rw-r--r-- /etc/apache2/extra/httpd-manual.conf

-rw-r--r-- /etc/apache2/extra/httpd-mpm.conf

-rw-r--r-- /etc/apache2/extra/httpd-multilang-errordoc.conf

-rw-r--r-- /etc/apache2/extra/httpd-ssl.conf

-rw-r--r-- /etc/apache2/extra/httpd-userdir.conf

-rw-r--r-- /etc/apache2/extra/httpd-vhosts.conf

-rw-r--r-- /etc/apache2/httpd.conf

-rw-r--r-- /etc/apache2/httpd.conf~previous

-rw-r--r-- /etc/apache2/magic

-rw-r--r-- /etc/apache2/mime.types

-rw-r--r-- /etc/apache2/original/extra/httpd-autoindex.conf

-rw-r--r-- /etc/apache2/original/extra/httpd-dav.conf

-rw-r--r-- /etc/apache2/original/extra/httpd-default.conf

-rw-r--r-- /etc/apache2/original/extra/httpd-info.conf

-rw-r--r-- /etc/apache2/original/extra/httpd-languages.conf

-rw-r--r-- /etc/apache2/original/extra/httpd-manual.conf

-rw-r--r-- /etc/apache2/original/extra/httpd-mpm.conf

-rw-r--r-- /etc/apache2/original/extra/httpd-multilang-errordoc.conf

-rw-r--r-- /etc/apache2/original/extra/httpd-ssl.conf

-rw-r--r-- /etc/apache2/original/extra/httpd-userdir.conf

-rw-r--r-- /etc/apache2/original/extra/httpd-vhosts.conf

-rw-r--r-- /etc/apache2/original/httpd.conf

-r--r--r-- /etc/apache2/other/php5.conf

-rw-r--r-- /etc/apache2/users/Guest.conf

-rw-r--r-- /etc/apache2/users/raharris.conf

-rw-r--r-- /etc/apache2/users/testing.conf

-rw-r--r-- /etc/asl/com.apple.appstore

-rw-r--r-- /etc/asl/com.apple.authd

-rw-r--r-- /etc/asl/com.apple.bookstore

-rw-r--r-- /etc/asl/com.apple.eventmonitor

-rw-r--r-- /etc/asl/com.apple.install

-rw-r--r-- /etc/asl/com.apple.iokit.power

-rw-r--r-- /etc/asl/com.apple.login.guest

-rw-r--r-- /etc/asl/com.apple.mail

-rw-r--r-- /etc/asl/com.apple.MessageTracer

-rw-r--r-- /etc/asl/com.apple.networking.captive

-rw-r--r-- /etc/asl/com.apple.networking.eapol

-rw-r--r-- /etc/asl/com.apple.networking.IPConfiguration

-rw-r--r-- /etc/asl/com.apple.networking.IPMonitor

-rw-r--r-- /etc/asl/com.apple.networking.mDNSResponder

-rw-r--r-- /etc/asl/com.apple.performance

-rw-r--r-- /etc/asl/com.apple.securityd

-rw-r--r-- /etc/asl.conf

-rw-r--r-- /etc/authorization.deprecated

-rw-r--r-- /etc/auto_home

-rw-r--r-- /etc/auto_master

-rw-r--r-- /etc/autofs.conf

-r--r--r-- /etc/bashrc

-rw-r--r-- /etc/com.apple.screensharing.agent.launchd

-rw-r--r-- /etc/csh.cshrc

-rw-r--r-- /etc/csh.login

-rw-r--r-- /etc/csh.logout

dr-x--x--x /etc/cups/certs

-rw-r--r-- /etc/cups/cups-files.conf

-rw-r--r-- /etc/cups/cupsd.conf

-rw-r--r-- /etc/cups/cupsd.conf.default

-rw-r--r-- /etc/cups/cupsd.conf.O

-rw-r--r-- /etc/cups/ppd/HP_LaserJet_M1536dnf_MFP__C0CDAC_.ppd

-rw-r--r-- /etc/cups/ppd/NHP4137_us_oracle_com.ppd

-rw------- /etc/cups/printers.conf

-rw------- /etc/cups/printers.conf.O

-rw-r--r-- /etc/cups/snmp.conf

-rw-r--r-- /etc/defaults/periodic.conf

-rw-r--r-- /etc/devdocsets

-rw-r--r-- /etc/dnsextd.conf

-rw-r--r-- /etc/efax.rc

-rw-r--r-- /etc/emond.d/emond.plist

-rw-r--r-- /etc/emond.d/rules/SampleRules.plist

-rw-r--r-- /etc/emond.d/rules/Xsan.plist

drwx------ /etc/emond.d/state

-rw-r--r-- /etc/emond.d/state/state

-rw-r--r-- /etc/find.codes

-rw-r--r-- /etc/fstab.hd

-rw-r--r-- /etc/ftpd.conf

-r--r--r-- /etc/ftpd.conf.default

-rw-r--r-- /etc/ftpusers

-rw-r--r-- /etc/gettytab

-rw-r--r-- /etc/group

-rw-r--r-- /etc/group~previous

-rw-r--r-- /etc/hostconfig

-rw-r--r-- /etc/hosts

-rw-r--r-- /etc/hosts.equiv

-rw-r--r-- /etc/ip6addrctl.conf

-r--r--r-- /etc/irbrc

-rw-r--r-- /etc/kern_loader.conf

-rw------- /etc/krb5.keytab

-rw-r--r-- /etc/locate.rc

-rw-r--r-- /etc/mach_init.d/chum.plist

-rw-r--r-- /etc/mach_init.d/pilotfish.plist

-rw-r--r-- /etc/mail.rc

-rw-r--r-- /etc/man.conf

-rw-r--r-- /etc/manpaths

-rw-r--r-- /etc/manpaths.d/40-XQuartz

-rw------- /etc/master.passwd

-rw------- /etc/master.passwd~orig

-rw-r--r-- /etc/moduli

-rw-r--r-- /etc/moduli~previous

-rw-r--r-- /etc/motd

-rw-r--r-- /etc/nanorc

-rw-r--r-- /etc/networks

-rw-r--r-- /etc/newsyslog.conf

-rw-r--r-- /etc/newsyslog.d/com.apple.slapconfig.conf

-rw-r--r-- /etc/newsyslog.d/com.apple.xscertd.conf

-r--r--r-- /etc/newsyslog.d/files.conf

-rw-r--r-- /etc/newsyslog.d/wifi.conf

-rw-r--r-- /etc/nfs.conf

-rw-r--r-- /etc/notify.conf

-rw-r--r-- /etc/ntp-restrict.conf

-rw-r--r-- /etc/ntp.conf

-rw-r--r-- /etc/ntp_opendirectory.conf

-rw-r--r-- /etc/openldap/AppleOpenLDAP.plist

-rw------- /etc/openldap/DB_CONFIG.example

-rw-r--r-- /etc/openldap/ldap.conf

-rw-r--r-- /etc/openldap/ldap.conf.default

-r--r--r-- /etc/openldap/schema/apple.schema

-r--r--r-- /etc/openldap/schema/apple_auxillary.schema

-r--r--r-- /etc/openldap/schema/collective.ldif

-r--r--r-- /etc/openldap/schema/collective.schema

-r--r--r-- /etc/openldap/schema/corba.ldif

-r--r--r-- /etc/openldap/schema/corba.schema

-r--r--r-- /etc/openldap/schema/core.ldif

-r--r--r-- /etc/openldap/schema/core.schema

-r--r--r-- /etc/openldap/schema/cosine.ldif

-r--r--r-- /etc/openldap/schema/cosine.schema

-r--r--r-- /etc/openldap/schema/duaconf.ldif

-r--r--r-- /etc/openldap/schema/duaconf.schema

-r--r--r-- /etc/openldap/schema/dyngroup.ldif

-r--r--r-- /etc/openldap/schema/dyngroup.schema

-r--r--r-- /etc/openldap/schema/fmserver.schema

-r--r--r-- /etc/openldap/schema/inetorgperson.ldif

-r--r--r-- /etc/openldap/schema/inetorgperson.schema

-r--r--r-- /etc/openldap/schema/java.ldif

-r--r--r-- /etc/openldap/schema/java.schema

-r--r--r-- /etc/openldap/schema/krb5-kdc.schema

-r--r--r-- /etc/openldap/schema/microsoft.ext.schema

-r--r--r-- /etc/openldap/schema/microsoft.schema

-r--r--r-- /etc/openldap/schema/microsoft.std.schema

-r--r--r-- /etc/openldap/schema/misc.ldif

-r--r--r-- /etc/openldap/schema/misc.schema

-r--r--r-- /etc/openldap/schema/netinfo.schema

-r--r--r-- /etc/openldap/schema/nis.ldif

-r--r--r-- /etc/openldap/schema/nis.schema

-r--r--r-- /etc/openldap/schema/openldap.ldif

-r--r--r-- /etc/openldap/schema/openldap.schema

-r--r--r-- /etc/openldap/schema/pmi.ldif

-r--r--r-- /etc/openldap/schema/pmi.schema

-r--r--r-- /etc/openldap/schema/ppolicy.ldif

-r--r--r-- /etc/openldap/schema/ppolicy.schema

-r--r--r-- /etc/openldap/schema/README

-r--r--r-- /etc/openldap/schema/samba.schema

-rw------- /etc/openldap/slapd.conf.default

-rw-r--r-- /etc/pam.d/authorization

-rw-r--r-- /etc/pam.d/checkpw

-rw-r--r-- /etc/pam.d/chkpasswd

-r--r--r-- /etc/pam.d/cups

-rw-r--r-- /etc/pam.d/ftpd

-rw-r--r-- /etc/pam.d/login

-rw-r--r-- /etc/pam.d/login.term

-r--r--r-- /etc/pam.d/other

-rw-r--r-- /etc/pam.d/passwd

-r--r--r-- /etc/pam.d/rshd

-rw-r--r-- /etc/pam.d/screensaver

-rw-r--r-- /etc/pam.d/smbd

-r--r--r-- /etc/pam.d/sshd

-rw-r--r-- /etc/pam.d/su

-r--r--r-- /etc/pam.d/sudo

-rw-r--r-- /etc/passwd

-rw-r--r-- /etc/passwd~orig

-rw-r--r-- /etc/paths

-rw-r--r-- /etc/paths.d/40-XQuartz

-rw-r--r-- /etc/pf.anchors/com.apple

-rw-r--r-- /etc/pf.conf

-rw-r--r-- /etc/pf.os

-rw-r--r-- /etc/php-fpm.conf.default

-r--r--r-- /etc/php.ini.default

-r--r--r-- /etc/php.ini.default-5.2-previous

-r--r--r-- /etc/php.ini.default-5.2-previous~orig

-rw-r--r-- /etc/postfix/access

-rw-r--r-- /etc/postfix/aliases

-rw-r--r-- /etc/postfix/bounce.cf.default

-rw-r--r-- /etc/postfix/canonical

-rw-r--r-- /etc/postfix/custom_header_checks

-rw-r--r-- /etc/postfix/generic

-rw-r--r-- /etc/postfix/header_checks

-rw-r--r-- /etc/postfix/LICENSE

-rw-r--r-- /etc/postfix/main.cf

-rw-r--r-- /etc/postfix/main.cf.default

-rw-r--r-- /etc/postfix/makedefs.out

-rw-r--r-- /etc/postfix/master.cf

-rw-r--r-- /etc/postfix/master.cf.default

-rw-r--r-- /etc/postfix/postfix-files

-rw-r--r-- /etc/postfix/relocated

-rw-r--r-- /etc/postfix/TLS_LICENSE

-rw-r--r-- /etc/postfix/transport

-rw-r--r-- /etc/postfix/virtual

-r--r--r-- /etc/profile

-rw-r--r-- /etc/protocols

-rw------- /etc/racoon/psk.txt

-rw-r--r-- /etc/racoon/racoon.conf

-rw-r--r-- /etc/rc.common

-r-xr-xr-x /etc/rc.imaging

-rw-r--r-- /etc/rc.netboot

-rw-r--r-- /etc/rmtab

-rw-r--r-- /etc/rpc

-rw-r--r-- /etc/rtadvd.conf

-r--r--r-- /etc/security/audit_class

-r-------- /etc/security/audit_control

-r--r--r-- /etc/security/audit_event

-r-------- /etc/security/audit_user

-r-xr-xr-x /etc/security/audit_warn

-rw-r--r-- /etc/services

-rw-r--r-- /etc/shells

-rw-r--r-- /etc/snmp/snmpd.conf

-r--r--r-- /etc/snmp/snmpd.conf.default

-rw-r--r-- /etc/ssh_config

-rw-r--r-- /etc/ssh_config~orig

-rw------- /etc/ssh_host_dsa_key

-rw-r--r-- /etc/ssh_host_dsa_key.pub

-rw------- /etc/ssh_host_key

-rw-r--r-- /etc/ssh_host_key.pub

-rw------- /etc/ssh_host_rsa_key

-rw-r--r-- /etc/ssh_host_rsa_key.pub

-rw-r--r-- /etc/sshd_config

-rw-r--r-- /etc/sshd_config~previous

-r--r----- /etc/sudoers

-rw-r--r-- /etc/syslog.conf

-rw-r--r-- /etc/ttys

-rw-r--r-- /etc/xtab

-r--r--r-- /etc/zshenv

Thank for the info. When you get desperate after looking and looking you do stupid things.

I'm learning though.

I have another Question?

Disk Repair is gone in El Capitan, How do I repair permission?

Is there a command line command in the bash terminal?

Disk Utility in El Capitan will automatically verify/repair permissions if needed, otherwise it is silent, without any user override. A command-line solution remains. So does another.

I tries sudo /usr/libexec/repair_package --verify --standard-pkgs /

I got this terminal response: repair_packages: Some package(s) must be specified.