Insufficient privileges?

John B Brown jbb at vcn.com
Thu Apr 28 18:43:59 PDT 2011 

Dear Bradley,

	There is no root group on my machine, and I added myself to wheel group using 
'Preferences.' I left the 'wheel' group sudoers lines untouched. I added my user 
name to sudoers. "jbb     ALL=(ALL) NOPASSWD: ALL"

	There is no tree '/Local' on my machine. sudo is in the same place. There is no 
subtree labeled 'Default/Groups.' I use 'locate' for system search. What system 
are you on? Mine is Snow Leopard;

  System Version:	Mac OS X 10.6.7 (10J869)
  Kernel Version:	Darwin 10.7.0

jbb at pinball:~
(3): % groups
staff com.apple.access_screensharing com.apple.sharepoint.group.1 _developer 
_lpoperator _lpadmin _appserveradm admin _appserverusr localaccounts everyone wheel
jbb at pinball:~
(4): %

	Shalom,

	John B. Brown.
	[jbb at vcn.com]
	358 High Street,
	Buffalo, Wyoming
	82834

"Freedom is not worth having if it does not include
the freedom to make mistakes"  Mahatma Gandhi
"There was never a good war, or a bad peace."
Benjamin Franklin
"I wonder whether the world is being run
by smart people who are putting us on
or by imbeciles who really mean it."  Mark Twain

1-307-684-9068


Bradley Giesbrecht wrote:
> On Apr 28, 2011, at 12:42 PM, John B Brown wrote:
> 
>> Dear Alex,
>>
>> 	In the original source for sudo there is a configure condition that must be met for group members;
>>
>> "--with-exempt=group     no passwd needed for users in this group"
>>
>> 	Which condition do you think Apple set for this? Your group 'sudoers' or 'wheel' or some other condition? I suspect this condition is unset as delivered by Apple.
>>
>> 	Or, possibly, this original configuration is unnecessary? Just a waste of programming space?
>>
>> 	Some errors come from reworking an original program for proprietary motives, and ignoring the original configuration conditions. The group I use for purposes of system maintenance is 'wheel.' The original version includes in a sudoers script;
>>
>> "
>> # Uncomment to allow people in group wheel to run all commands
>> # %wheel        ALL=(ALL) ALL
>>
>> # Same thing without a password
>> # %wheel        ALL=(ALL) NOPASSWD: ALL
>> "
>>
>> 	Uncommenting the wheel lines in sudoers using the Apple delivered sudo does not provide NOPASSWD action for group 'wheel.' Compiling original source with '--with-exempt=wheel' provides wheel with NOPASSWD action. Under that condition /etc/sudoers seems to work correctly. Apples compile seems not to provide that correct action.
>>
>> 	Myself, I don't use those 'wheel' lines in sudoers. I set my user for the second condition above. That way, as member of group wheel, I get to use sudo without a password because I compile sudo source using --with-exempt=wheel. Otherwise, I will be asked for a password.
>>
>> 	Or maybe its an Apple OS group permissions thing and mine are not correctly set?
> 
> John, I don't have this NOPASSWD issue. Did you add yourself to the wheel group?
> 
> pillbox:pixilla brad$ sudo which sudo
> /usr/bin/sudo
> pillbox:pixilla brad$ sudo grep -E "^%wheel" /etc/sudoers 
> %wheel	ALL=(ALL) NOPASSWD: ALL
> pillbox:pixilla brad$ dscl localhost -read /Local/Default/Groups/wheel | grep GroupMembership
> GroupMembership: root brad
> 
> 
> Regards,
> Bradley Giesbrecht (pixilla)
> 
> 
> 
> 
>

More information about the macports-users mailing list