Borked sudo, /private/etc/sudoers zero length
Okay, so I borked /private/etc/sudoers. Could someone post the contents of this file so that I can get this to work again.
Thanks.
Welcome to Apple Discussions!!
Okay, so I borked /private/etc/sudoers.I assume it is the same on an Intel machine (can't think why not):
<pre>[ibook:/etc] root# ls -l sudoers
-r--r----- 1 root wheel 341 Sep 13 2003 sudoers
[ibook:/etc] root# more sudoers
# sudoers file.
# This file MUST be edited with the 'visudo' command as root.
# See the sudoers man page for the details on how to write a sudoers file.
# Host alias specification
# User alias specification
# Cmnd alias specification
# Defaults specification
# User privilege specification
root ALL=(ALL) ALL
%admin ALL=(ALL) ALL
[ibook:/etc] root#</pre>
Similar Messages
-
Using sudo gives "/etc/sudoers is mode 0640, should be 0440" error...
I tried to edit the sudoers file and must have done something wrong. Every time I try to use the sudo command I get the following two errors:
sudo: /etc/sudoers is mode 0640, should be 0440
and
Segmentation fault
I'm a new user. Any ideas on how I can get things fixed up again so that I can use sudo again?
Thanks in advance.Solved the issue by running the *Disk Utility* and running the *Repair Permissions* command.
-
Sudo unable to open /etc/sudoers
Whenever I try to do anything at all with sudo on my fresh x86-64 Arch install, it prints out this error:
sudo: unable to open /etc/sudoers: Permission denied
sudo: no valid sudoers sources found, quitting
sudo: unable to initialize policy plugin
This is on a fresh Arch install from the core Image CD, packages initially installed from the CD and then upgraded with #pacman -Syu. I can edit sudoers just fine with visudo, and installing outdated versions of sudo produce the same error. File permissions on both /usr/bin/sudo and /etc/sudoers both look as they should be. Also, users and user groups don't seem to be an issue.
Found this related StackExchange thread and here are the outputs of strace and ltrace if anyone can interpret them: http://unix.stackexchange.com/questions … most-files
Ltrace:
# ltrace -u notthemessiah sudo true 2>&1 | egrep '(sudo|stat|set.*[ug].*id)'
bindtextdomain("sudo", "/usr/share/locale") = "/usr/share/locale"
textdomain("sudo") = "sudo"
strlen("sudo") = 4
memcpy(0x01c6f299, "sudo", 4) = 0x01c6f299
fopen("/etc/sudo.conf", "r") = 0
__xstat(1, "/usr/lib/sudoers.so", 0x7fff6b0913d0) = 0
dlopen("/usr/lib/sudoers.so", 257) = 0x01c6f630
dlsym(0x01c6f630, "sudoers_policy") = 0x7f33e2f96960
__xstat(1, "/usr/lib/sudoers.so", 0x7fff6b0913d0) = 0
dlopen("/usr/lib/sudoers.so", 257) = 0x01c6f630
dlsym(0x01c6f630, "sudoers_io") = 0x7f33e2f969c0
fputs("sudo", 0x7f33e35296e0sudo) = 1
fputs("unable to open /etc/sudoers", 0x7f33e35296e0unable to open /etc/sudoers) = 1
fputs("sudo", 0x7f33e35296e0sudo) = 1
fputs("no valid sudoers sources found, "..., 0x7f33e35296e0no valid sudoers sources found, quitting) = 1
fputs("sudo", 0x7f33e35296e0sudo) = 1
+++ exited (status 1) +++
Strace:
# strace -u notthemessiah sudo true 2>&1 | egrep '(sudo|set.*[ug].*id)'
execve("/usr/bin/sudo", ["sudo", "true"], [/* 22 vars */]) = 0
open("/etc/sudo.conf", O_RDONLY) = -1 ENOENT (No such file or directory)
stat("/usr/lib/sudoers.so", {st_mode=S_IFREG|0755, st_size=185352, ...}) = 0
open("/usr/lib/sudoers.so", O_RDONLY) = 3
stat("/usr/lib/sudoers.so", {st_mode=S_IFREG|0755, st_size=185352, ...}) = 0
open("/usr/share/locale/en_US.UTF-8/LC_MESSAGES/sudoers.mo", O_RDONLY) = -1 ENOENT (No such file or directory)
open("/usr/share/locale/en_US.utf8/LC_MESSAGES/sudoers.mo", O_RDONLY) = -1 ENOENT (No such file or directory)
open("/usr/share/locale/en_US/LC_MESSAGES/sudoers.mo", O_RDONLY) = -1 ENOENT (No such file or directory)
open("/usr/share/locale/en.UTF-8/LC_MESSAGES/sudoers.mo", O_RDONLY) = -1 ENOENT (No such file or directory)
open("/usr/share/locale/en.utf8/LC_MESSAGES/sudoers.mo", O_RDONLY) = -1 ENOENT (No such file or directory)
open("/usr/share/locale/en/LC_MESSAGES/sudoers.mo", O_RDONLY) = -1 ENOENT (No such file or directory)
lstat("/etc/sudoers", {st_mode=S_IFREG|0440, st_size=2849, ...}) = 0
setresgid(4294967295, 0, 4294967295) = 0
setresuid(0, 1, 4294967295) = 0
open("/etc/sudoers", O_RDONLY) = -1 EACCES (Permission denied)
setresuid(4294967295, 0, 4294967295) = 0
write(2, "sudo", 4sudo) = 4
write(2, "unable to open /etc/sudoers", 27unable to open /etc/sudoers) = 27
setresuid(4294967295, 1, 4294967295) = 0
setresgid(4294967295, 0, 4294967295) = 0
setresuid(4294967295, 0, 4294967295) = 0
setresuid(1000, 0, 4294967295) = 0
setresgid(1000, 1000, 1000) = 0
write(2, "sudo", 4sudo) = 4
write(2, "no valid sudoers sources found, "..., 40no valid sudoers sources found, quitting) = 40
open("/usr/share/locale/en_US.UTF-8/LC_MESSAGES/sudo.mo", O_RDONLY) = -1 ENOENT (No such file or directory)
open("/usr/share/locale/en_US.utf8/LC_MESSAGES/sudo.mo", O_RDONLY) = -1 ENOENT (No such file or directory)
open("/usr/share/locale/en_US/LC_MESSAGES/sudo.mo", O_RDONLY) = -1 ENOENT (No such file or directory)
open("/usr/share/locale/en.UTF-8/LC_MESSAGES/sudo.mo", O_RDONLY) = -1 ENOENT (No such file or directory)
open("/usr/share/locale/en.utf8/LC_MESSAGES/sudo.mo", O_RDONLY) = -1 ENOENT (No such file or directory)
open("/usr/share/locale/en/LC_MESSAGES/sudo.mo", O_RDONLY) = -1 ENOENT (No such file or directory)
write(2, "sudo", 4sudo) = 4No, I used visudoers and everything relating to that correctly. It's just probably something that happened while installing the core packages from the install CD that caused problems. As of now, I just reinstalled Arch on a new partition (this was a fairly fresh install) and it seems to work just fine. I was willing to continue to test the issue, but resizing the partition seems to have corrupted it somehow.
-
Remote rsync via sudo only works temporarily after touching or opening /etc/sudoers
Hi,
We are running an rsync backup of an OS X 10.9.1 Server from a Linux server via cron. Root is not enabled on the OS X server and the password for the admin user is handled via keys ala: http://www.linuxproblem.org/art_9.html . Rsync on the OS X server is version 3.0.6, plucked from Carbon Copy Cloner.
The rsync command run from the Linux server is:
rsync -aHXxsh --delete -e "ssh -t" --rsync-path="sudo /usr/local/bin/rsync -v" [email protected]:/Volumes/files/ /backup/files/
Our issue is that this works fine only temporarily after having either opened or touched the sudoers file on the OS X server. After a bit of time passes however (~10-15 minutes), we start seeing: "no tty present and no askpass program specified" responses and the rsync fails. OS X Server log entries showing the error, the touch command that fixes it (sudo visudo fixes it as well), then the successful rsync are:
1/28/14 8:13:06.493 AM sudo[5596]: admin_user : no tty present and no askpass program specified ; TTY=unknown ; PWD=/Users/admin_user ; USER=root ; COMMAND=/usr/local/bin/rsync -v --server --sender -slHogDtpXrxe.is
1/28/14 8:13:13.286 AM sudo[5598]: admin_user : TTY=ttys000 ; PWD=/private/etc ; USER=root ; COMMAND=/usr/bin/touch ./sudoers
1/28/14 8:13:15.360 AM sudo[5607]: admin_user : TTY=unknown ; PWD=/Users/admin_user ; USER=root ; COMMAND=/usr/local/bin/rsync -v --server --sender -slHogDtpXrxe.is
The OS X server is running Backblaze and Time Machine and the issue persists with both Backblaze paused and Time Machine turned off, and also after reboots.
Does anyone have any ideas on a cause for this? Or even how to better troubleshoot it?
Thanks in advance and all best.Thank very much Linc.
We have exempted the admin account from the password requirement for the rsync 3.0.6 command, which is from the depths of Carbon Copy Cloner and does support ACLs, xattrs, file-flags, etc.
Understood the admin account could now overwrite suoders via rsync, but for our environment am willing to accept this until the approach is revised.
I wasn't aware sudo cached authorization for all sessions of the same user (ie: once logged in via a terminal checking the sudoers file and the same user logging in again via the backup script), so that was very helpful for tracking down our issue, which is now resolved.
Your work here is always informative! All best and thanks again. -
[SOLVED] Unable to use SUDO: issues with /etc/sudoers
I have reinstalled Arch_64 and I have run into some problems with SUDO.
I get the following errors when I try to use sudo:
sudo : unable to stat /etc/sudoers : Permission Denied
sudo : no valid sudoers sources found, quitting
sudo : unable to initialize policy plugin
Here's what I have done with it so far:
* I added USERNAME (myself) to the 'wheel' group
* I uncommented %wheel ALL=(ALL) All using visudo
As it was not working for me I also:
* # chown -c root:root /etc/sudoers
* # chmod -c 0440 /etc/sudoers
* Since that too did not work, I recommented %wheel and added USERNAME ALL=(ALL) ALL just under the line root ALL=(ALL) ALL and repeated the above steps. The above problem persists.
* I checked with visudo -c and it says "/etc/sudoers parsed ok".
I have been through the WIKI and the forums but still unable to figure out whats going wrong.
I will appreciate if the forum can guide me to solution and help me resolve this issue.
Thanks.
Last edited by fantab (2012-11-20 09:00:56)Had exactly the same problem with a new Arch_64 install a few months ago, which turned out to be a problem with permissions on / (which i changed with chmod) - can't remember the details, but it was this post that put me on to a solution:
http://archlinuxarm.org/forum/viewtopic … =20#p19727 -
In the context of restoring a drive from a backup, i copied /etc/sudoers from my backup. Now it does not work due to the permissions not being correct (even though it was copied via sudo cp -rp)
Most likely you have Office 2004 which are PPC-only applications and will not work in Lion. Upgrade to Office 2011. Other alternatives are:
Apple's iWork suite (Pages, Numbers, and Keynote.)
Open Office (Office 2007-like suite compatible with OS X.)
NeoOffice (similar to Open Office.)
LibreOffice (a new direction for the Open Office suite.) -
I am trying to empty my trash but it wouldn't . so I ran this command sudo rm -rf ~/.Trash/* in the terminal
I got an error message
"sudo: unable to stat /etc/sudoers: No such file or directory
sudo: no valid sudoers sources found, quitting"
does anyone have a clue? thanksFirst, never use the shell (Terminal) to empty the Trash. It's dangerous and unnecessary, and it usually doesn't work.
A necessary system file is missing. If you know how that happened, restore it from a backup. Otherwise, see below.
If you don't already have a current backup, back up all data, then reinstall the OS.* You don't need to erase the startup volume, and you won't need the backup unless something goes wrong. If the system was upgraded from an older version of OS X, you may need the Apple ID and password you used.
If you use FileVault 2, then before running the Installer you must launch Disk Utility and select the icon of the FileVault startup volume ("Macintosh HD," unless you gave it a different name.) It will be nested below another icon with the same name. Click the Unlock button in the toolbar and enter your login password when prompted. Then quit Disk Utility to be returned to the main Recovery screen.
There are ways to back up a computer that isn't fully functional. Ask if you need guidance.
If you installed the Java runtime distributed by Apple and still need it, you'll have to reinstall it. The same goes for Xcode. All other data will be preserved.
*The linked support article refers to OS X 10.10 ("Yosemite"), but the procedure is the same for OS X 10.7 ("Lion") and later. -
How do i fix this sudo: /opt/local/etc/sudoers is owned by uid 501, should be 0
sudo is broken
With the following commands from Single User mode:
mount -uw /
chown root /opt/local/etc/sudoers
or from the DVD:
chown root /Volumes/Macintosh\ HD/opt/local/etc/sudoers
assuming Macintosh HD is the drive's name.
(58851) -
Error with command "sudo: /etc/sudoers is mode 0777, should be 0440 Segmentation fault"
I don't know what to do... I installed XAMPP for Mac and then Joomla, I had some problems and I changed the permissions to some folders, so everything was working well, later I turned off my MacBook and when turned on some parts of Joomla was not working (http://localhost/administrator) neither MySQL Server (http://localhost/phpmyadmin), so I entered to a console and I tried to change the permissions again but when I try to be superuser I can't, the error that means is:
sudo: /etc/sudoers is mode 0777, should be 0440 Segmentation fault
Sorry, I don't speak english, I tried to explain my error the better i could.What is an SO disk? Do you mean your install disks? If so, don't use them. Run Disk Utility from your hard drive. The only time you should run Disk Utility from an install disk is when you need to repair the filesystem. When running Repair Permissions, it should be run from your hard drive so that the permissions it fixes correspond with your updated OS version.
-
/private/etc/cups folder is missing
I am working tech support for a college and a faculty member currently working abroad called in with a problem that Microsoft Word for Mac would lock up everytime he tried to save or print a file. I remoted into his machine and I tried the usual suspects and was able to determine that nothing would print at all from any app, and in fact when I went to system preferences and tried to open the printers, it locked up system preferences. Digging deeper, I discovered that I was getting this message in console:
com.apple.launchd[1] (org.cups.cupsd) Throttling respawn: Will start in 10 seconds
The error kept repeating. I researched and found this thread:
https://discussions.apple.com/thread/2151368?start=0&tstart=0
Which led me to try these terminal commands:
sudo cp /etc/cups/cupsd.conf /etc/cups/cupsd.conf.old
sudo cp /etc/cups/cupsd.conf.default /etc/cups/cupsd.conf
I got an error in terminal that "No such file or directory existed"
So I checked and sure enough, inside of /private/etc/ there was no folder for cups. Its just gone. I assume that the folder being missing is the root of the problem, but I cant figure out how to get it back for him, especially considering that I am trying to assist him remotely. Any help or advice would be appreciated.# Become root
sudo -s
cd /private/etc
# Make the tar archive in /Users/Shared
tar -cjvf /Users/Shared/cups.tar.bz2 cups
# Exit being the root user
exit
cd /Users/Shared
# Check the contents of the tar archive
tar -tvf /Users/Shared/cups.tar.bz2
drwxr-xr-x 0 root _lp 0 May 6 17:33 cups/
dr-x--x--x 0 _lp admin 0 May 7 18:05 cups/certs/
-rw-r--r-- 0 root _lp 4524 Jan 20 2012 cups/cupsd.conf
-rw-r--r-- 0 root _lp 4380 Dec 23 2011 cups/cupsd.conf.O
-rw-r--r-- 0 root _lp 5978 May 13 2010 cups/cupsd.conf.bak
-rw-r--r-- 0 root _lp 6091 Jul 6 2011 cups/cupsd.conf.default
drwxr-xr-x 0 root _lp 0 May 13 2010 cups/interfaces/
drwxr-xr-x 0 root _lp 0 Apr 30 10:10 cups/ppd/
-rw------- 0 root _lp 1624 May 6 17:33 cups/printers.conf
-rw------- 0 root _lp 1624 May 5 16:53 cups/printers.conf.O
-rw-r--r-- 0 root _lp 172 May 13 2010 cups/snmp.conf
-rw-r--r-- 0 root _lp 52273 Jan 13 06:43 cups/ppd/Brother_HL_5140_series.ppd
-rw-r--r-- 0 root _lp 1072994 Apr 30 10:10 cups/ppd/HP_Photosmart_C4200_series.ppd
-rw-r--r-- 0 root _lp 1072931 Apr 21 13:08 cups/ppd/HP_Photosmart_C4200_series.ppd.O
-r--r----- 0 root admin 32 May 7 18:05 cups/certs/0 -
I cannot locate /private/etc/hosts.
I am trying to look at hosts file for clues as to why MAMP is not working. but this entire directory structure is not there. I feel quite confused because I have worked with the hosts file before. Any advice is extremely appreciated.
I did sudo nano /private/etc/hosts. it wasn't working before, but now it is! Very weird. Any ideas about setting up mamp and why it world not be working?
-
BAD parse error: zero-length content
Hi there!
Unfortunately I have a problem with JavaMail which I can not reproduce. Therefore, I don't have any 'debug' output of JavaMail. But maybe some of you have a clue for me. :)
This is the error stack (just a snippet) which I get from JavaMail:
javax.mail.MessagingException: A244 BAD parse error: zero-length content;
nested exception is:
com.sun.mail.iap.BadCommandException: A244 BAD parse error: zero-length content
at com.sun.mail.imap.IMAPFolder.getMessagesByUID(IMAPFolder.java:1938)
at org.zimbra.exchange.service.source.ExtendedEmailSyncSource.getMessagesByUID(ExtendedEmailSyncSource.java:1751)
at java.lang.Thread.run(Thread.java:619)
Caused by: com.sun.mail.iap.BadCommandException: A244 BAD parse error: zero-length content
at com.sun.mail.iap.Protocol.handleResult(Protocol.java:343)
at com.sun.mail.imap.protocol.IMAPProtocol.fetchSequenceNumbers(IMAPProtocol.java:1284)
at com.sun.mail.imap.IMAPFolder.getMessagesByUID(IMAPFolder.java:1920)
... 13 moreAnd this is my getMessagesByUID method:
private Message[] getMessagesByUID(long[] uids, IMAPFolder f)
throws StoreClosedException {
Message[] result = new Message[0];
try {
result = f.getMessagesByUID(uids);
} catch (StoreClosedException e) {
throw e;
} catch (MessagingException e) {
log.trace("The messages could not be fetched from the server.", e);
} catch (Exception e) {
log.error("An unexpected error occurd. "
+ e.getClass().getSimpleName(), e);
return (result);
}My problem is that I can not reproduce the error and so I don't know why the error is thrown. According to the JavaDoc it should return a 'null' entry for messages where it can not find the UID.
thanks for your help.The error message is coming from your IMAP server. It seems to be complaining about the
message that JavaMail sent it. The getMessagesByUID method will send an IMAP FETCH
command. That command doesn't include any variable length content, so I don't know what
exactly the server could be complaining about.
Perhaps your server has a log file that might have more information?
Otherwise, you'll probably need to capture the debug output so that you can examine it later
the next time this problem occurs. -
Terminal Error: Unable to read "/private/etc/cups/cups-files.conf" due to errors.
After finding out that my Kodak ESP C310 printer was no longer printing after installing OS X Yosemite, I tried entering these into the terminal to get the driver working again.
sudo sh -c 'echo "Sandboxing Relaxed" >> /etc/cups/cups-files.conf'
sudo launchctl stop org.cups.cupsd
Nothing happened the first time I tried it, so I tried it again with still no luck. Now within seconds of opening the terminal I get this message :
" /private/etc/cups/cups-files.conf"
It pops up every few seconds, so it is practically impossible for me to type anything into the terminal without it popping up right in the middle. I tried the fix from the other discussion on this issue, and that didn't work. also I'm noticing that my printer isn't even added under "printers and scanners" anymore. I tried to re-add it, but I cannot without a driver that functions with 10.10.1
Any suggestions on how I should deal with this?The permissions and ownership on /private/etc/cups/cups-files.conf should be:
/bin/ls -leO@ /private/etc/cups/cups-files.conf
-rw-r--r-- 1 root _lp compressed 3297 Mar 8 2014 /private/etc/cups/cups-files.conf
See "man cups-files" for the format of the cups-files.conf file
The contents of the /private/etc/cups/cups-files.conf file should look like:
# "$Id: cups-files.conf.in 11203 2013-07-26 21:32:33Z msweet $"
# Sample file/directory/user/group configuration file for the CUPS scheduler.
# See "man cups-files.conf" for a complete description of this file.
# List of events that are considered fatal errors for the scheduler...
#FatalErrors config
# Do we call fsync() after writing configuration or status files?
#SyncOnClose No
# Default user and group for filters/backends/helper programs; this cannot be
# any user or group that resolves to ID 0 for security reasons...
#User _lp
#Group _lp
# Administrator user group, used to match @SYSTEM in cupsd.conf policy rules...
SystemGroup admin
SystemGroupAuthKey system.print.admin
# User that is substituted for unauthenticated (remote) root accesses...
#RemoteRoot remroot
# Do we allow file: device URIs other than to /dev/null?
#FileDevice No
# Permissions for configuration and log files...
#ConfigFilePerm 0644
#LogFilePerm 0644
# Location of the file logging all access to the scheduler; may be the name
# "syslog". If not an absolute path, the value of ServerRoot is used as the
# root directory. Also see the "AccessLogLevel" directive in cupsd.conf.
AccessLog /private/var/log/cups/access_log
# Location of cache files used by the scheduler...
#CacheDir /private/var/spool/cups/cache
# Location of data files used by the scheduler...
#DataDir /usr/share/cups
# Location of the static web content served by the scheduler...
#DocumentRoot /usr/share/doc/cups
# Location of the file logging all messages produced by the scheduler and any
# helper programs; may be the name "syslog". If not an absolute path, the value
# of ServerRoot is used as the root directory. Also see the "LogLevel"
# directive in cupsd.conf.
ErrorLog /private/var/log/cups/error_log
# Location of fonts used by older print filters...
#FontPath /usr/share/cups/fonts
# Location of LPD configuration
#LPDConfigFile launchd:///System/Library/LaunchDaemons/org.cups.cups-lpd.plist
# Location of the file logging all pages printed by the scheduler and any
# helper programs; may be the name "syslog". If not an absolute path, the value
# of ServerRoot is used as the root directory. Also see the "PageLogFormat"
# directive in cupsd.conf.
PageLog /private/var/log/cups/page_log
# Location of the file listing all of the local printers...
#Printcap /Library/Preferences/org.cups.printers.plist
# Format of the Printcap file...
#PrintcapFormat bsd
#PrintcapFormat plist
#PrintcapFormat solaris
# Location of all spool files...
#RequestRoot /private/var/spool/cups
# Location of helper programs...
#ServerBin /usr/libexec/cups
# SSL/TLS certificate for the scheduler...
#ServerCertificate /Library/Keychains/System.keychain
# SSL/TLS private key for the scheduler...
#ServerKey
# Location of other configuration files...
#ServerRoot /private/etc/cups
# Location of Samba configuration file...
#SMBConfigFile
# Location of scheduler state files...
#StateDir /private/etc/cups
# Location of scheduler/helper temporary files. This directory is emptied on
# scheduler startup and cannot be one of the standard (public) temporary
# directory locations for security reasons...
#TempDir /private/var/spool/cups/tmp
# End of "$Id: cups-files.conf.in 11203 2013-07-26 21:32:33Z msweet $". -
Question about an entry in /etc/sudoers
I have the following entry in my /etc/sudoers:
user ALL=(ALL) ALL
Now I am not sure what that actually does. Could you explain it to me?I'm guessing "user" is your username. That allows you to use sudo with any command. It is possible to set finer restrictions for some users.
-
/etc/sudoers, users accounts' permissions
Hello everyone,
I'm using a standard account for my daily use operations and an administrator account to manage my PC since I started using Mac OS X because this was my standard configuration with Windows, GNU/Linux and *BSD OSs.
On the other hand I've a little problem tring to use 'sudo' command, I can't use it when I'm logged on with filippo (the non-admin accout) and to use 'sudo' command I've to digit:
$su amministratore
$sudo <command>
it's boring, so I decided to modify /etc/sudoers file.
NB: amministratore is the only one admin account on my PC.
I've added this line in the configuration file:
filippo ALL=(ALL) PASSWD: ALL
I can now execute every command using:
$sudo <command>
directly from filippo account, but there are some drawbacks, I need to insert no password although I've put PASSWD option (and this isn't a good idea).
How can I modify /etc/sudoers to permit filippo using directly:
$sudo <commnad>
and inserting amministratore's password?
Filippo
PS: sorry for my little English but I don't use it so much.
MacBook (Black) Mac OS X (10.4) Core 2 Duo T7200 (2.00 GHz, 4 MB L2) - 1 GB DDR2-667 - 120 GBI have wondered if this was possible as well - to have a password separate from the login password to use 'sudo'. The closest I could find was the 'rootpw' option, where 'sudo' prompts for the "root" password instead of the user's password. Unfortunately, this option only works if the "root" account is enabled, which of course isn't recommended.
Even less recommended, setting 'runas_default' and 'runaspw' in '/etc/sudoers' where the 'runas_default' user is a clone of "root" also seems to work, but it is difficult to predict how various services will interpret that user (eg. many are set to block "root" login by default, but will they block the clone by default?). Doing this without further testing may well leave some glaring security hole open.
Actually the main reason I'm posting is to make sure people are aware that using 'sudo' (invoking "root" privileges) or even just 'su adminuser' (invoking "admin" privileges) from a non-admin account unlocks secure pref panes (except "Accounts") and the "Finder" ("Get Info"), effectively giving the GUI user "root" access to files via "Finder" (this is apparently a feature). As far as I know, there is no way to revoke this right (well, there is, but there is sort of a catch-22), except to wait for five minutes for the rights to time out. Unless you can be confident that you will always remember to remain with your computer for five minutes after using 'sudo' or 'su adminuser', it would be recommended that users log in to an "admin" account whenever performing administrative tasks if you are in a setting where other users have access to your computer.
Maybe you are looking for
-
Iphone footage into Final Cut Express
I left a question earlier in this forum and would like to update (hopefully that's proper process!). I'll repeat the question, in case: I'm trying to get footage from iPhone 4 to Final Cut Express. I'm using MPEG Streamclip 1.9.2. In the tutorial I f
-
Scaling support for surface pro 3
I'm running the latest version of Windows 8.1 and the latest version of iTunes 12 for Windows. I was hoping with the update, scaling support would be included for high DPI devices like the Surface Pro 3. I was in the Apple store and the retina macboo
-
Dosent automatically reconnect to the internet
I noticed this problem posted in Apple News and apparently they are fixing it in the new models, does anyone else have the same problem at the moment - at first my MBP didnt have this problem but now i have to open ststem prefs and select a network e
-
B-tree catalog error, missing folder icons, item in use errors - Related?
Hi, I have a B&WG3 running 10.3.9 and two hard drives. I can boot from one drive into OS 9.2.X. The other drive is also bootable into 10.3.9, and is partitioned. There are 25 Gigs free on the partition containing 10.3.9. I went to update to 10.4 and
-
I updated my laptop and now the majority of my contents seem to have been wiped. Is there anything I can do to recover them? My backup was connected at the time so it has already backed-up to the computer's present state. Most photos/ Itunes/ Mail.