Insufficient privileges?

John B Brown jbb at
Fri Apr 29 09:22:49 PDT 2011

Bayard Bell wrote:
> On 29 Apr 2011, at 16:38, John B Brown wrote:
>> Bayard Bell wrote:
>>> On 29 Apr 2011, at 02:43, John B Brown wrote:
>>>> Dear Bradley,
>>>> 	There is no root group on my machine, and I added myself to wheel group using 'Preferences.' I left the 'wheel' group sudoers lines untouched. I added my user name to sudoers. "jbb     ALL=(ALL) NOPASSWD: ALL"
>>>> 	There is no tree '/Local' on my machine. sudo is in the same place. There is no subtree labeled 'Default/Groups.' I use 'locate' for system search. What system are you on? Mine is Snow Leopard;
>>> /Local isn't a directory tree, it's a namespace for DirectoryServices that accesses the BSD files (and some local XML data) for name service and config data. Does dscl actually give you an error when you attempt a command like:
>>> dscl localhost -read /Local/Default/Groups/wheel GroupMembership
>>> If so, what's the error? The diagnostics given here seem exactly what you need to get to the bottom of any problems you're having.
>> jbb at pinball:~
>> (1): % dscl -read /Local/Default/Groups/wheel GroupMembership
>> Cannot open remote host, error: DSOpenDirServiceErr
>> jbb at pinball:~
>> (2): % sudo dscl -read /Local/Default/Groups/wheel GroupMembership
>> Cannot open remote host, error: DSOpenDirServiceErr
>> 	Whatever that means. As you can see by other notes, groups works me.
> You mis-copied the syntax: it's "dscl localhost -read ...". The output to groups or id should be equivalent, but this is checking resolution against the group vs. against the user. Off the top of my head, I couldn't tell you which way sudo does the resolution, but it's usually a good sanity check to resolve both ways in case something's flakey with the name service data.
> Could you also provide the output for the grep against /etc/sudoers to show which lines for the wheel group have been uncommented and their order of appearance?
>>>> Bradley Giesbrecht wrote:
>>>>> John, I don't have this NOPASSWD issue. Did you add yourself to the wheel group?
>>>>> pillbox:pixilla brad$ sudo which sudo
>>>>> /usr/bin/sudo
>>>>> pillbox:pixilla brad$ sudo grep -E "^%wheel" /etc/sudoers
>>>>> %wheel	ALL=(ALL) NOPASSWD: ALL
>>>>> pillbox:pixilla brad$ dscl localhost -read /Local/Default/Groups/wheel | grep GroupMembership
>>>>> GroupMembership: root brad
>>>>> Regards,
>>>>> Bradley Giesbrecht (pixilla)

jbb at pinball:~
(11): % dscl localhost -read /Local/Default/Groups/wheel GroupMembership
GroupMembership: root jbb
jbb at pinball:~
(12): %

jbb at pinball:~
(12): % egrep -n wheel /etc/sudoers
37:# Uncomment to allow people in group wheel to run all commands
38:# %wheel	ALL=(ALL) ALL
41:# %wheel	ALL=(ALL) NOPASSWD: ALL

jbb at pinball:~
(13): % ls -aFCl /etc/sudoers
-r--r-----  1 root  wheel  1274 Nov  9 10:28 /etc/sudoers
jbb at pinball:~
(14): %

	You will realize the lines are commented after much experimentation with 
sudoers settings and sudo original and MacPorts sources to find the binary that 
works best.

jbb at pinball:~
(14): % egrep -n NOPASSWD /etc/sudoers
34:jbb     ALL=(ALL) NOPASSWD: ALL
41:# %wheel	ALL=(ALL) NOPASSWD: ALL
jbb at pinball:~
(15): %

	John B. Brown.
	[jbb at]
	358 High Street,
	Buffalo, Wyoming

"Freedom is not worth having if it does not include
the freedom to make mistakes"  Mahatma Gandhi
"There was never a good war, or a bad peace."
Benjamin Franklin
"I wonder whether the world is being run
by smart people who are putting us on
or by imbeciles who really mean it."  Mark Twain


More information about the macports-users mailing list