pixilla at macports.org
Thu Apr 28 14:18:42 PDT 2011
On Apr 28, 2011, at 12:42 PM, John B Brown wrote:
> Dear Alex,
> In the original source for sudo there is a configure condition that must be met for group members;
> "--with-exempt=group no passwd needed for users in this group"
> Which condition do you think Apple set for this? Your group 'sudoers' or 'wheel' or some other condition? I suspect this condition is unset as delivered by Apple.
> Or, possibly, this original configuration is unnecessary? Just a waste of programming space?
> Some errors come from reworking an original program for proprietary motives, and ignoring the original configuration conditions. The group I use for purposes of system maintenance is 'wheel.' The original version includes in a sudoers script;
> # Uncomment to allow people in group wheel to run all commands
> # %wheel ALL=(ALL) ALL
> # Same thing without a password
> # %wheel ALL=(ALL) NOPASSWD: ALL
> Uncommenting the wheel lines in sudoers using the Apple delivered sudo does not provide NOPASSWD action for group 'wheel.' Compiling original source with '--with-exempt=wheel' provides wheel with NOPASSWD action. Under that condition /etc/sudoers seems to work correctly. Apples compile seems not to provide that correct action.
> Myself, I don't use those 'wheel' lines in sudoers. I set my user for the second condition above. That way, as member of group wheel, I get to use sudo without a password because I compile sudo source using --with-exempt=wheel. Otherwise, I will be asked for a password.
> Or maybe its an Apple OS group permissions thing and mine are not correctly set?
John, I don't have this NOPASSWD issue. Did you add yourself to the wheel group?
pillbox:pixilla brad$ sudo which sudo
pillbox:pixilla brad$ sudo grep -E "^%wheel" /etc/sudoers
%wheel ALL=(ALL) NOPASSWD: ALL
pillbox:pixilla brad$ dscl localhost -read /Local/Default/Groups/wheel | grep GroupMembership
GroupMembership: root brad
Bradley Giesbrecht (pixilla)
More information about the macports-users