macports user ...

Rainer Müller raimue at macports.org
Mon Sep 30 11:19:28 PDT 2013


On 2013-09-30 16:36, Peter Danecek wrote:
> 
> Sorry for this post, which maybe somewhat off-topic, but I am a bit confused now. I had never to go into these details on MacOS so far.
> 
> --- snip ---
> 
> petr% cat /etc/group | grep admin
> admin:*:80:root
> _lpadmin:*:98:
> 
> petr% id
> uid=502(petr) gid=20(staff) groups=20(staff),401(com.apple.access_screensharing),402(com.apple.access_ssh),12(everyone),33(_appstore),61(localaccounts),79(_appserverusr),80(admin),81(_appserveradm),98(_lpadmin),100(_lpoperator),204(_developer)
> 
> petr% sudo -u macports ls
> sudo: unable to change to runas uid (503, 503): Operation not permitted
> sudo: unable to execute /bin/ls: Operation not permitted

Which sudo is this? I can reproduce the problem if I install the 'sudo'
port. It works fine for becoming root, but not any other user.

$ /opt/local/bin/sudo whoami
root
$ /opt/local/bin/sudo -u macports whoami
sudo: unable to change to runas uid (502, 502): Operation not permitted
sudo: unable to execute /usr/bin/whoami: Operation not permitted
$ /usr/bin/sudo -u macports whoami
macports

This seems to be a bug with sudo distributed in the port (which also
uses /opt/local/etc/sudoers, but the defaults should be compatible). On
a quick check, seems like nobody noticed this before as no ticket was
filed yet.

Please try again with the explicit /usr/bin/sudo, which works for me.

> I have a admin account, so I guess I am part of the group admin.
> Well, there is no entry in /etc/group. I assume it is somewhere else.
> LDAP? Anyway, from `id` I would assume I am part of group admin and
> /etc/sudoers contains the line specified below as well.

Yes, Mac OS X uses a directory service, even if you are only using a
single machine. The header in the files /etc/{passwd,group} even tell
you that on a recent release this data is actually provided by
opendirectoryd(8). :-)

You can query the directory service using the dscl(1) utility, for
example like
  $ dscl . -read /Users/macports
to get all details about the macports user.

Rainer




More information about the macports-dev mailing list