Insufficient privileges?

Alexander Skwar alexanders.mailinglists+nospam at gmail.com
Mon Apr 18 11:50:05 PDT 2011 

John,

That's not true. Sudoers does work as advertised. My non-admin user is
in a custom "sudoers" group and I *am* able to use sudo. Without
having to use su first. I am using the apple sudo.

>From my sudoers http://nopaste.dk/p3153 :

# Defaults specification
Defaults        env_reset
Defaults        env_keep += "BLOCKSIZE"
Defaults        env_keep += "COLORFGBG COLORTERM"
Defaults        env_keep += "__CF_USER_TEXT_ENCODING"
Defaults        env_keep += "CHARSET LANG LANGUAGE LC_ALL LC_COLLATE LC_CTYPE"
Defaults        env_keep += "LC_MESSAGES LC_MONETARY LC_NUMERIC LC_TIME"
Defaults        env_keep += "LINES COLUMNS"
Defaults        env_keep += "LSCOLORS"
Defaults        env_keep += "SSH_AUTH_SOCK"
Defaults        env_keep += "TZ"
Defaults        env_keep += "DISPLAY XAUTHORIZATION XAUTHORITY"
Defaults        env_keep += "EDITOR VISUAL"

# Runas alias specification

# User privilege specification
root    ALL=(ALL) ALL
%admin  ALL=(ALL) ALL

# Uncomment to allow people in group wheel to run all commands
# %wheel        ALL=(ALL)       ALL

# Same thing without a password
# %wheel        ALL=(ALL)       NOPASSWD: ALL
%sudoers        ALL=(ALL)       NOPASSWD: ALL

id http://nopaste.me/paste/13423264574dac87ba2ab0e :

MacBook-Pro:~ alex$ id
uid=502(alex) gid=20(staff)
groups=20(staff),103(com.apple.sharepoint.group.3),405(com.apple.sharepoint.group.7),404(com.apple.sharepoint.group.6),61(localaccounts),12(everyone),403(com.apple.sharepoint.group.5),101(com.apple.sharepoint.group.1),102(com.apple.sharepoint.group.2),667(wir),402(com.apple.sharepoint.group.4),666(sudoers)


As you can see, I'm member of the "666 sudoers" group
and can run sudo because of this.

Regards,
Alexander

On Mon, Apr 18, 2011 at 20:15, John B Brown <jbb at vcn.com> wrote:
>
>
> Daniel J. Luke wrote:
>>
>> On Apr 18, 2011, at 1:30 PM, John B Brown wrote:
>>>
>>>        I've found the 'native' sudo to be insufficient. My solution is a
>>> complete compile and install right over the Apple version.
>>
>> I highly recommend that no one ever do this.
>>
>> If you replace Apple software with your own software, things may work.
>> Things may also break unexpectedly.
>>
>> Things probably will break in the future (as any future Apple software
>> update may replace or remove your software).
>>
>>> The important setting in the configure line is --with-exempt=[group] to
>>> get a fully useful sudo without the necessity of using 'su.'
>>
>> That configure flag lets a group use sudo without entering a password and
>> has nothing to do with using 'su' or not.
>>
>> Both what you describe as wanting (be able to use sudo without 'su'-ing to
>> someone else), and what you describe setting (being able to use sudo without
>> entering a password) can be configured in sudo's configuration file
>> /etc/sudoers
>>
>
>        Unfortunately, No, sudoers does not work as advertised. Witness the
> original complaint.
>
>        However, claiming the sky will fall if you chose what you want in
> your computer is ridiculous! Recompile fixes a myriad of "Apple knows best"
> crap.
>
>        Or did you invest in that expensive CS degree to stop thinking?
>
>> --
>> Daniel J. Luke
>>       +========================================================+
>>            | *---------------- dluke at geeklair.net ----------------* |
>>                    | *-------------- http://www.geeklair.net -------------*
>> |
>>  +========================================================+
>>        |   Opinions expressed are mine and do not necessarily   |
>>                |          reflect the opinions of my employer.          |
>>
>>  +========================================================+
>>
>>
>>
>>
>
>
>
>        Shalom,
>
>        John B. Brown.
>        [jbb at vcn.com]
>        358 High Street,
>        Buffalo, Wyoming
>        82834
>
> "Freedom is not worth having if it does not include
> the freedom to make mistakes"  Mahatma Gandhi
> "There was never a good war, or a bad peace."
> Benjamin Franklin
> "I wonder whether the world is being run
> by smart people who are putting us on
> or by imbeciles who really mean it."  Mark Twain
>
> 1-307-684-9068
> _______________________________________________
> macports-users mailing list
> macports-users at lists.macosforge.org
> http://lists.macosforge.org/mailman/listinfo.cgi/macports-users
>



-- 
Alexander
--
↯    Lifestream (Twitter, Blog, …) ↣ http://alexs77.soup.io/     ↯
↯ Chat (Jabber/Google Talk) ↣ a.skwar at gmail.com , AIM: alexws77  ↯

More information about the macports-users mailing list