macOS - Fix for sudo command error: "unable to initialize PAM: No such file or directory" (Intel+M1)

fix-for-sudo-command-error-unable-to-initialize-pam-no-such-file-or-directory.md

In most cases, the sudo command displays the error unable to initialize PAM: No such file or directory mostly appears when the pluggable authentication module file /etc/pam.d/sudo has been edited with a typo or an incorrect PAM module.

Via Single-User-Mode > Terminal

If you have an older Mac, you can boot into single-user mode, which allows you to access the command line mode of macOS directly, bypassing the UI.

• Press and hold down the COMMAND + S keys until you see commands being executed in the Terminal.

• Open the sudo file with vi /Volumes/Macintosh\ - Data/etc/pam.d/, fix what's wrong, save and close the file by switching from INSERT to the COMMAND mode with the ESC key, type :wq!, and hit enter.

• Close the Terminal via the menu from the top of the screen

• Restart your machine

• Back into the UI, open your Terminal, and verify the file content fix with cat /etc/pam.d/sudo. If everything looks good, give it a try by running: sudo whoami.

Via Recovery Mode > Terminal

On modern M1 Silicon machines, there is no single-user mode available, which is why the following steps differ here.

• Boot into recovery mode by pressing and holding the power button on your Mac until you see Loading startup options.

• Click on Options, and then click on Continue.

• If requested, enter the password for an administrator account. This will take you to the macOS Utilities screen.

• Go to "Disk Utility" and check if "Macintosh - Data" is mounted; if not, mount it by clicking the "Mount" button in the top right corner.

• Close "Disk Utility" and return to "macOS Utilities".

• Access the Terminal by selecting it from the menu at the top of the screen and launch the Terminal.

• Open the sudo file with vi /Volumes/Macintosh\ - Data/etc/pam.d/, correct any errors, save and close the file by switching from INSERT to the COMMAND mode using the ESC key, typing :wq!, and pressing enter.

• Close the Terminal using the menu at the top of the screen

• Restart your machine

• Go back to the UI, open your Terminal, and verify the file content fix with cat /etc/pam.d/sudo. If everything looks good, give it a try by running: sudo whoami.

Cheers \w

Make sure Data volume is mounted. Then just vi /Volumes/Macintosh/Data/private/etc/pam.d/sudo. In my case, Macintosh was Macintosh HD.

This may be late in the game, to simplify, issue the following from terminal

• open '/System/Library/CoreServices/Applications/Directory Utility.app'

• To enable the root user, choose Edit > Enable Root User from the Directory Utility menu bar

• su root

• vi /etc/pam.d/sudo

Once you make your changes, go back to Directory Utility and Edit > Disable Root User

saved my first week on a new job!

@benibr good to hear 👋

Okay so what i did on my M2 silicon Mac is:

• open /etc/pam.d/
• Then with finder i right clicked the 'sudo' file and opened it via Sublime Text, fixed the typo and 'command+s' out of it

That surprisingly worked...

@regerind top!!!!

@crisnaIITD 👍🏻

@rr0ss0rr Never too late to help a fellow surfer. This was enough to save me from rebooting into safe mode. I enabled ssh to be able to login, but seems root has (wisely) been disabled and without sudo I couldn't change sshd settings anyhow (catch22). Just using su was a great simplification. Thanks!

@regerind Same thing: never thought about using the UI for low-level stuff like this, but good reminder. Thanks!

This is unecessarily longer and more complicated than it needs to be to fix the issue of not being able to use Sudo. Here's how to fix it:

1. Make a new file in nano called sudo in terminal

• Type nano ~/sudo and then paste this into the file:

# sudo: auth account password session
auth       sufficient     pam_tid.so
auth       sufficient     pam_smartcard.so
auth       required       pam_opendirectory.so
account    required       pam_permit.so
password   required       pam_deny.so
session    required       pam_permit.so

Press control + O to save and control + X to quit

2. In Finder, go to your menubar: Go > Go To Folder and enter this directory in: /etc/pam.d

Now move the sudo file you saved in your home folder and move it to that folder. You will be asked for your password or Touch ID. Once the sudo file is successfully replaced, it should be good to go. You can type sudo whoami in terminal to verify it is working now.

If you want to add TouchID as the method of using sudo, here is a bash script to simplify it and you can run this after every macOS update:

In terminal type this: nano ~/enable_touch_id.sh and then paste this in the file:

#!/bin/bash
# Add Touch ID line to beginning of sudo file.
sed -i '' '2i\
auth       sufficient     pam_tid.so\
' /etc/pam.d/sudo

Press control + O to save and control + X to quit

Next, make the script and executable: chmod +x ~/enable_touch_id.sh

Now you can run this shell script everytime you update so you dont have to do it manually.
Complements to nicholasmangold for the shell script.

This may be late in the game, to simplify, issue the following from terminal

• open '/System/Library/CoreServices/Applications/Directory Utility.app'
• To enable the root user, choose Edit > Enable Root User from the Directory Utility menu bar
• su root
• vi /etc/pam.d/sudo

Once you make your changes, go back to Directory Utility and Edit > Disable Root User

Tried your solution but it won't let me update, saying that I don't have permission.

This is unecessarily longer and more complicated than it needs to be to fix the issue of not being able to use Sudo. Here's how to fix it:

1. Make a new file in nano called sudo in terminal

• Type nano ~/sudo and then paste this into the file:

# sudo: auth account password session
auth       sufficient     pam_tid.so
auth       sufficient     pam_smartcard.so
auth       required       pam_opendirectory.so
account    required       pam_permit.so
password   required       pam_deny.so
session    required       pam_permit.so

Press control + O to save and control + X to quit

2. In Finder, go to your menubar: Go > Go To Folder and enter this directory in: /etc/pam.d

Now move the sudo file you saved in your home folder and move it to that folder. You will be asked for your password or Touch ID. Once the sudo file is successfully replaced, it should be good to go. You can type sudo whoami in terminal to verify it is working now.

If you want to add TouchID as the method of using sudo, here is a bash script to simplify it and you can run this after every macOS update:

In terminal type this: nano ~/enable_touch_id.sh and then paste this in the file:

#!/bin/bash
# Add Touch ID line to beginning of sudo file.
sed -i '' '2i\
auth       sufficient     pam_tid.so\
' /etc/pam.d/sudo

Press control + O to save and control + X to quit

Next, make the script and executable: chmod +x ~/enable_touch_id.sh

Now you can run this shell script everytime you update so you dont have to do it manually. Complements to nicholasmangold for the shell script.

Yours method worked. Cheers 🥂!!!!

This is unecessarily longer and more complicated than it needs to be to fix the issue of not being able to use Sudo. Here's how to fix it:

1. Make a new file in nano called sudo in terminal

• Type nano ~/sudo and then paste this into the file:

# sudo: auth account password session
auth       sufficient     pam_tid.so
auth       sufficient     pam_smartcard.so
auth       required       pam_opendirectory.so
account    required       pam_permit.so
password   required       pam_deny.so
session    required       pam_permit.so

Press control + O to save and control + X to quit

2. In Finder, go to your menubar: Go > Go To Folder and enter this directory in: /etc/pam.d

Now move the sudo file you saved in your home folder and move it to that folder. You will be asked for your password or Touch ID. Once the sudo file is successfully replaced, it should be good to go. You can type sudo whoami in terminal to verify it is working now.

If you want to add TouchID as the method of using sudo, here is a bash script to simplify it and you can run this after every macOS update:

In terminal type this: nano ~/enable_touch_id.sh and then paste this in the file:

#!/bin/bash
# Add Touch ID line to beginning of sudo file.
sed -i '' '2i\
auth       sufficient     pam_tid.so\
' /etc/pam.d/sudo

Press control + O to save and control + X to quit

Next, make the script and executable: chmod +x ~/enable_touch_id.sh

Now you can run this shell script everytime you update so you dont have to do it manually. Complements to nicholasmangold for the shell script.

Many thanks. You save my day 🥂