Insufficient privileges?

Bayard Bell buffer.g.overflow at googlemail.com
Fri Apr 29 08:48:52 PDT 2011 

On 29 Apr 2011, at 16:38, John B Brown wrote:

> Bayard Bell wrote:
>> On 29 Apr 2011, at 02:43, John B Brown wrote:
>>> Dear Bradley,
>>> 
>>> 	There is no root group on my machine, and I added myself to wheel group using 'Preferences.' I left the 'wheel' group sudoers lines untouched. I added my user name to sudoers. "jbb     ALL=(ALL) NOPASSWD: ALL"
>>> 
>>> 	There is no tree '/Local' on my machine. sudo is in the same place. There is no subtree labeled 'Default/Groups.' I use 'locate' for system search. What system are you on? Mine is Snow Leopard;
>> /Local isn't a directory tree, it's a namespace for DirectoryServices that accesses the BSD files (and some local XML data) for name service and config data. Does dscl actually give you an error when you attempt a command like:
>> dscl localhost -read /Local/Default/Groups/wheel GroupMembership
>> If so, what's the error? The diagnostics given here seem exactly what you need to get to the bottom of any problems you're having.
> 
> jbb at pinball:~
> (1): % dscl -read /Local/Default/Groups/wheel GroupMembership
> Cannot open remote host, error: DSOpenDirServiceErr
> jbb at pinball:~
> (2): % sudo dscl -read /Local/Default/Groups/wheel GroupMembership
> Cannot open remote host, error: DSOpenDirServiceErr
> 
> 	Whatever that means. As you can see by other notes, groups works me.

You mis-copied the syntax: it's "dscl localhost -read ...". The output to groups or id should be equivalent, but this is checking resolution against the group vs. against the user. Off the top of my head, I couldn't tell you which way sudo does the resolution, but it's usually a good sanity check to resolve both ways in case something's flakey with the name service data.

Could you also provide the output for the grep against /etc/sudoers to show which lines for the wheel group have been uncommented and their order of appearance?

>>> Bradley Giesbrecht wrote:
>>>> John, I don't have this NOPASSWD issue. Did you add yourself to the wheel group?
>>>> pillbox:pixilla brad$ sudo which sudo
>>>> /usr/bin/sudo
>>>> pillbox:pixilla brad$ sudo grep -E "^%wheel" /etc/sudoers
>>>> %wheel	ALL=(ALL) NOPASSWD: ALL
>>>> pillbox:pixilla brad$ dscl localhost -read /Local/Default/Groups/wheel | grep GroupMembership
>>>> GroupMembership: root brad
>>>> Regards,
>>>> Bradley Giesbrecht (pixilla)

-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 1515 bytes
Desc: not available
URL: <http://lists.macosforge.org/pipermail/macports-users/attachments/20110429/28065c12/attachment.bin>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: PGP.sig
Type: application/pgp-signature
Size: 841 bytes
Desc: This is a digitally signed message part
URL: <http://lists.macosforge.org/pipermail/macports-users/attachments/20110429/28065c12/attachment-0001.bin>

More information about the macports-users mailing list