Insufficient privileges?

Bradley Giesbrecht pixilla at macports.org
Thu Apr 28 14:18:42 PDT 2011 

On Apr 28, 2011, at 12:42 PM, John B Brown wrote:

> Dear Alex,
> 
> 	In the original source for sudo there is a configure condition that must be met for group members;
> 
> "--with-exempt=group     no passwd needed for users in this group"
> 
> 	Which condition do you think Apple set for this? Your group 'sudoers' or 'wheel' or some other condition? I suspect this condition is unset as delivered by Apple.
> 
> 	Or, possibly, this original configuration is unnecessary? Just a waste of programming space?
> 
> 	Some errors come from reworking an original program for proprietary motives, and ignoring the original configuration conditions. The group I use for purposes of system maintenance is 'wheel.' The original version includes in a sudoers script;
> 
> "
> # Uncomment to allow people in group wheel to run all commands
> # %wheel        ALL=(ALL) ALL
> 
> # Same thing without a password
> # %wheel        ALL=(ALL) NOPASSWD: ALL
> "
> 
> 	Uncommenting the wheel lines in sudoers using the Apple delivered sudo does not provide NOPASSWD action for group 'wheel.' Compiling original source with '--with-exempt=wheel' provides wheel with NOPASSWD action. Under that condition /etc/sudoers seems to work correctly. Apples compile seems not to provide that correct action.
> 
> 	Myself, I don't use those 'wheel' lines in sudoers. I set my user for the second condition above. That way, as member of group wheel, I get to use sudo without a password because I compile sudo source using --with-exempt=wheel. Otherwise, I will be asked for a password.
> 
> 	Or maybe its an Apple OS group permissions thing and mine are not correctly set?

John, I don't have this NOPASSWD issue. Did you add yourself to the wheel group?

pillbox:pixilla brad$ sudo which sudo
/usr/bin/sudo
pillbox:pixilla brad$ sudo grep -E "^%wheel" /etc/sudoers 
%wheel	ALL=(ALL) NOPASSWD: ALL
pillbox:pixilla brad$ dscl localhost -read /Local/Default/Groups/wheel | grep GroupMembership
GroupMembership: root brad


Regards,
Bradley Giesbrecht (pixilla)

More information about the macports-users mailing list