Fixing sudo access on a Google Compute Engine VM
Normally when you ssh into a google vm, your user will automatically have sudo access. This stopped working on one VM and no one fessed up to messing anything up so I had to fix it.
How does it work?
If you look in /etc/group You will see something like this:
$ cat /etc/group | grep sudo
sudo:x:27:
google-sudoers:x:1000:someone,someoneelse,anotheruser,whoever
The users automatically added to the instance are listed under the google-sudoers group.
How does this group have sudo access? Check the /etc/sudoers file and you will see that it includes the directory /etc/sudoers.d
$ sudo cat /etc/sudoers | grep @
# See sudoers(5) for more information on "@include" directives:
@includedir /etc/sudoers.d
Looking in that directory and it will contain the file google_sudoers
$ sudo ls /etc/sudoers.d/ -l
total 8
-r--r----- 1 root root 958 Jan 14 2023 README
-r--r----- 1 root root 43 Sep 29 19:15 google_sudoers
Looking in that file you will find the entry that includes the google-sudoers group.
$ sudo cat /etc/sudoers.d/google_sudoers
%google-sudoers ALL=(ALL:ALL) NOPASSWD:ALL
So the google-sudoers group is added and doesn't require password authentication when using sudo. What happened on this particular vm was that someone cleared out the google-sudoers group.
How to quickly add myself back in?
Just added this line as a startup script to the VM and restarted the VM.
gpasswd --add daniel google-sudoers
Viola! I now have access and can manually fix it for any other accounts.