macOS - Fix for sudo command error: "unable to initialize PAM: No such file or directory" (Intel+M1)

fix-for-sudo-command-error-unable-to-initialize-pam-no-such-file-or-directory.md

In most cases, the sudo command displays the error unable to initialize PAM: No such file or directory mostly appears when the pluggable authentication module file /etc/pam.d/sudo has been edited with a typo or an incorrect PAM module.

Via Single-User-Mode > Terminal

If you have an older Mac, you can boot into single-user mode, which allows you to access the command line mode of macOS directly, bypassing the UI.

• Press and hold down the COMMAND + S keys until you see commands being executed in the Terminal.

• Open the sudo file with vi /Volumes/Macintosh\ - Data/etc/pam.d/, fix what's wrong, save and close the file by switching from INSERT to the COMMAND mode with the ESC key, type :wq!, and hit enter.

• Close the Terminal via the menu from the top of the screen

• Restart your machine

• Back into the UI, open your Terminal, and verify the file content fix with cat /etc/pam.d/sudo. If everything looks good, give it a try by running: sudo whoami.

Via Recovery Mode > Terminal

On modern M1 Silicon machines, there is no single-user mode available, which is why the following steps differ here.

• Boot into recovery mode by pressing and holding the power button on your Mac until you see Loading startup options.

• Click on Options, and then click on Continue.

• If requested, enter the password for an administrator account. This will take you to the macOS Utilities screen.

• Go to "Disk Utility" and check if "Macintosh - Data" is mounted; if not, mount it by clicking the "Mount" button in the top right corner.

• Close "Disk Utility" and return to "macOS Utilities".

• Access the Terminal by selecting it from the menu at the top of the screen and launch the Terminal.

• Open the sudo file with vi /Volumes/Macintosh\ - Data/etc/pam.d/, correct any errors, save and close the file by switching from INSERT to the COMMAND mode using the ESC key, typing :wq!, and pressing enter.

• Close the Terminal using the menu at the top of the screen

• Restart your machine

• Go back to the UI, open your Terminal, and verify the file content fix with cat /etc/pam.d/sudo. If everything looks good, give it a try by running: sudo whoami.

Cheers \w

Cheers 👍

Awesome! 👍

Some heros don't wear capes!

More thanks! 🚀

in my case, was a problem with saved sudo file after edited in vim, then I saved file by echo 'auth... ' > sudo in pam.d directory

I don't understand when I open the file with vim the only thing I see is this :
~
~
~
~
~
repeatedly until you reach the bottom
I don't see anything to modify
I've never used vim before is it normal ?
when I open the file on terminal without being in recovery mode i see the file just fine however when I am in recovery mode it doesn't work

What should I do ?

I don't understand when I open the file with vim the only thing I see is this : ~ ~ ~ ~ ~ repeatedly until you reach the bottom I don't see anything to modify I've never used vim before is it normal ? when I open the file on terminal without being in recovery mode i see the file just fine however when I am in recovery mode it doesn't work

What should I do ?

have you found the solution?

I see same error.

I don't understand when I open the file with vim the only thing I see is this : ~ ~ ~ ~ ~ repeatedly until you reach the bottom I don't see anything to modify I've never used vim before is it normal ? when I open the file on terminal without being in recovery mode i see the file just fine however when I am in recovery mode it doesn't work
What should I do ?

have you found the solution?

I see same error.

Steps I followed after I realized I had a type in /etc/pam.d/sudo file.
From finder menu go to /System/Library/CoreServices/Applications
Choose “Directory Utility” from the window that opens
click on the local to Unlock it (Enter password when asked).
Go to Edit in the menu bar
Select “Enable root user”
Logout from current user
login as a root user (username: root; password: your root password)
Once logged in you can open terminal and correct your typo.
Login back to your account.. (Now it must be working fine.)
Don’t forget to “disable root user”

Hey,
have the same problem but I don't understand your solution

Hey, have the same problem but I don't understand your solution

@Ma4Muller What is it you don't understand?

Where do I find Directory Utility ? can't find it in the Applications folder.

@Ma4Muller "Disk Utility" is a menu option within the "macOS Utilities screen" and to find in the "Utilities" directory in "applications": "/System/Applications/Utilities" > "/System/Applications/Utilities/Disk Utility.app".

@bulletinmybeard Ahhh now I get it, I think, let me try.

@bulletinmybeard OMG I JUST CAN`T Connect the Dots, Holy fuck somebody needs to do a vid about this Problem. Where do I get someone to help me? I'm lost AF it seems. NEVER GONE PLAY WITH THE TERMINAL AGAIN. Do I need a new Mac, WHAT THE FUCK?!!!

@Ma4Muller You didn’t elaborate on the initial problem you’re struggling with, besides not finding the “Disk Utility” application and having “the same problem”. So you manually changed the sudo file (e.g., /private/etc/pam.d/sudo) and can’t use the sudo command anymore?!

Could you provide more details on the specific steps you took and the current state of the issue?

So I have the same problem as @sharif-bbd, after the use of vi /Volumes/Macintosh\ - Data/etc/pam.d/ in the Terminal of macOS Utilities I got this error:

2 files to edit E1187: Failed to source defaults.vim Press ENTER or type command to continue

and after hitting Enter I got that:

~
~
~
~
and so on

( I never used vim)

Make sure Data volume is mounted. Then just vi /Volumes/Macintosh/Data/private/etc/pam.d/sudo. In my case, Macintosh was Macintosh HD.

This may be late in the game, to simplify, issue the following from terminal

• open '/System/Library/CoreServices/Applications/Directory Utility.app'

• To enable the root user, choose Edit > Enable Root User from the Directory Utility menu bar

• su root

• vi /etc/pam.d/sudo

Once you make your changes, go back to Directory Utility and Edit > Disable Root User

saved my first week on a new job!

@benibr good to hear 👋

Okay so what i did on my M2 silicon Mac is:

• open /etc/pam.d/
• Then with finder i right clicked the 'sudo' file and opened it via Sublime Text, fixed the typo and 'command+s' out of it

That surprisingly worked...

@regerind top!!!!

@crisnaIITD 👍🏻

@rr0ss0rr Never too late to help a fellow surfer. This was enough to save me from rebooting into safe mode. I enabled ssh to be able to login, but seems root has (wisely) been disabled and without sudo I couldn't change sshd settings anyhow (catch22). Just using su was a great simplification. Thanks!

@regerind Same thing: never thought about using the UI for low-level stuff like this, but good reminder. Thanks!

This is unecessarily longer and more complicated than it needs to be to fix the issue of not being able to use Sudo. Here's how to fix it:

1. Make a new file in nano called sudo in terminal

• Type nano ~/sudo and then paste this into the file:

# sudo: auth account password session
auth       sufficient     pam_tid.so
auth       sufficient     pam_smartcard.so
auth       required       pam_opendirectory.so
account    required       pam_permit.so
password   required       pam_deny.so
session    required       pam_permit.so

Press control + O to save and control + X to quit

2. In Finder, go to your menubar: Go > Go To Folder and enter this directory in: /etc/pam.d

Now move the sudo file you saved in your home folder and move it to that folder. You will be asked for your password or Touch ID. Once the sudo file is successfully replaced, it should be good to go. You can type sudo whoami in terminal to verify it is working now.

If you want to add TouchID as the method of using sudo, here is a bash script to simplify it and you can run this after every macOS update:

In terminal type this: nano ~/enable_touch_id.sh and then paste this in the file:

#!/bin/bash
# Add Touch ID line to beginning of sudo file.
sed -i '' '2i\
auth       sufficient     pam_tid.so\
' /etc/pam.d/sudo

Press control + O to save and control + X to quit

Next, make the script and executable: chmod +x ~/enable_touch_id.sh

Now you can run this shell script everytime you update so you dont have to do it manually.
Complements to nicholasmangold for the shell script.

This may be late in the game, to simplify, issue the following from terminal

• open '/System/Library/CoreServices/Applications/Directory Utility.app'
• To enable the root user, choose Edit > Enable Root User from the Directory Utility menu bar
• su root
• vi /etc/pam.d/sudo

Once you make your changes, go back to Directory Utility and Edit > Disable Root User

Tried your solution but it won't let me update, saying that I don't have permission.

This is unecessarily longer and more complicated than it needs to be to fix the issue of not being able to use Sudo. Here's how to fix it:

1. Make a new file in nano called sudo in terminal

• Type nano ~/sudo and then paste this into the file:

# sudo: auth account password session
auth       sufficient     pam_tid.so
auth       sufficient     pam_smartcard.so
auth       required       pam_opendirectory.so
account    required       pam_permit.so
password   required       pam_deny.so
session    required       pam_permit.so

Press control + O to save and control + X to quit

2. In Finder, go to your menubar: Go > Go To Folder and enter this directory in: /etc/pam.d

Now move the sudo file you saved in your home folder and move it to that folder. You will be asked for your password or Touch ID. Once the sudo file is successfully replaced, it should be good to go. You can type sudo whoami in terminal to verify it is working now.

If you want to add TouchID as the method of using sudo, here is a bash script to simplify it and you can run this after every macOS update:

In terminal type this: nano ~/enable_touch_id.sh and then paste this in the file:

#!/bin/bash
# Add Touch ID line to beginning of sudo file.
sed -i '' '2i\
auth       sufficient     pam_tid.so\
' /etc/pam.d/sudo

Press control + O to save and control + X to quit

Next, make the script and executable: chmod +x ~/enable_touch_id.sh

Now you can run this shell script everytime you update so you dont have to do it manually. Complements to nicholasmangold for the shell script.

Yours method worked. Cheers 🥂!!!!

This is unecessarily longer and more complicated than it needs to be to fix the issue of not being able to use Sudo. Here's how to fix it:

1. Make a new file in nano called sudo in terminal

• Type nano ~/sudo and then paste this into the file:

# sudo: auth account password session
auth       sufficient     pam_tid.so
auth       sufficient     pam_smartcard.so
auth       required       pam_opendirectory.so
account    required       pam_permit.so
password   required       pam_deny.so
session    required       pam_permit.so

Press control + O to save and control + X to quit

2. In Finder, go to your menubar: Go > Go To Folder and enter this directory in: /etc/pam.d

Now move the sudo file you saved in your home folder and move it to that folder. You will be asked for your password or Touch ID. Once the sudo file is successfully replaced, it should be good to go. You can type sudo whoami in terminal to verify it is working now.

If you want to add TouchID as the method of using sudo, here is a bash script to simplify it and you can run this after every macOS update:

In terminal type this: nano ~/enable_touch_id.sh and then paste this in the file:

#!/bin/bash
# Add Touch ID line to beginning of sudo file.
sed -i '' '2i\
auth       sufficient     pam_tid.so\
' /etc/pam.d/sudo

Press control + O to save and control + X to quit

Next, make the script and executable: chmod +x ~/enable_touch_id.sh

Now you can run this shell script everytime you update so you dont have to do it manually. Complements to nicholasmangold for the shell script.

Many thanks. You save my day 🥂