Fix Broken Sudo

How does sudo work?
Cause and symptoms
Booting into recovery mode
Do the actual repair

How does sudo work?
The way that Ubuntu has implemented sudo, the /etc/sudoers file says that users in the admin group can (after a password authentication) temporarily escalate to system-wide privileges for particular tasks. And then the /etc/groups file says which users are in the admin group.

You can read more on the community documentation about Ubuntu's implementation of sudo.

Cause and symptoms
sudo breaks when one or more of the following occurs:

the /etc/sudoers file has been altered to no longer allow users in the admin group to escalate privilege
the permissions on the /etc/sudoers file are changed to something other than 0440
a user who should not have been has been taken out of the admin group

The most common way to break sudo is through going to System > Administration > Users and Groups, and removing the only admin from the admin group (in other words, unchecking the Administer the system box for the only user who is able to administer the system).

If you think it's silly that the last admin user can be so easily removed graphically from the admin group, vote for Idea #11107: Users and Groups should always make sure at least one user is in the admin group on Ubuntu Brainstorm.

If sudo is broken this way, you may notice an error saying you're not in the sudoers file and the incident is going to be reported. Or you may just see the next command prompt without any action being executed.

Booting into recovery mode
Since fixing sudo involves editing system files, and you would otherwise need sudo to do so, you'll have to boot into recovery mode to gain root (system-wide) access in order to repair sudo.

If you have a single-boot (Ubuntu is the only operating system on your computer), you may have to press the Escape key during bootup in order to see the boot menu. If you have a dual-boot (Ubuntu is installed next to Windows, another Linux operating system, or Mac OS X; and you choose at boot time which operating system to boot into), the boot menu should appear without the need to press the Escape key.

From the boot menu, select recovery mode, which is usually the second boot option.

After you select recovery mode and wait for all the boot-up processes to finish, you'll be presented with a few options. In this case, you want the Drop to root shell prompt option so press the Down arrow to get to that option, and then press Enter to select it.

The root account is the ultimate administrator and can do anything to the Ubuntu installation (including erase it), so please be careful with what commands you enter in the root terminal.

Do the actual repair
Case 1: If you'd removed your last admin user from the admin group, then type

adduser username admin

where username is your actual username.

Case 2: If you had previously edited the /etc/sudoers file and screwed it up, then type

sudo cp /etc/sudoers /etc/sudoers.backup
sudo nano /etc/sudoers

and make it sure it looks like this:

# /etc/sudoers
#
# This file MUST be edited with the 'visudo' command as root.
#
# See the man page for details on how to write a sudoers file.
#

# Host alias specification

# User alias specification

# Cmnd alias specification

# Defaults

Defaults !lecture,tty_tickets,!fqdn

# User privilege specification
root ALL=(ALL) ALL

# Members of the admin group may gain root privileges
%admin ALL=(ALL) ALL

When you're done making changes, press Control-X, Y, Enter.

Case 3: If you are trying to fix the error where it says sudo is mode _____, should be 0440, then you'll want to type

chmod 0440 /etc/sudoers

When you're done with whatever commands you needed to enter, type

exit

This will bring you back to the recovery menu.

Choose to resume a normal boot. Then you should be able to sudo again.