Issue
The permission of the /etc directory has been changed to 600, making the /etc/sudoers file inaccessible and preventing privilege escalation to root.
Resolution
The /etc directory is a critical part of the operating system, containing core services and default configuration files. When the permission of /etc is set to 600, other processes (e.g., sudo) lose access to this directory because the execute (x) permission is missing, which can lead to service malfunctions.
This issue can be resolved by modifying the permission of the /etc directory using a user data script executed by the cloud-init process during instance boot.
The steps are as follows:
Open the Amazon EC2 Console (https://console.aws.amazon.com/ec2/) and select the instance where the issue occurred.
Click the “Instance state” button at the top and select “Stop instance” to stop the instance.
Click the “Actions” button, then go to “Instance settings” > “Edit user data” to open the user data editor.
Paste the following content into the “New user data” text box and click the “Save” button to apply.
==Content Start== Content-Type: multipart/mixed; boundary="//" MIME-Version: 1.0 --// Content-Type: text/cloud-config; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Content-Disposition: attachment; filename="cloud-config.txt" #cloud-config cloud_final_modules: [scripts-user, always] --// Content-Type: text/x-shellscript; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Content-Disposition: attachment; filename="userdata.txt" #!/bin/bash PATH=$PATH:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin: chmod 755 /etc --// ==Content End==
Click the “Instance state” button again and select “Start instance” to start the instance.
After the instance starts, connect to it and verify that it works properly. If confirmed, repeat the steps to remove the user data script.
Reference
Why am I unable to run sudo commands on my EC2 Linux instance?
https://aws.amazon.com/premiumsupport/knowledge-center/ec2-sudo-commands/