MacPorts shell mode

Christopher Jones jonesc at
Thu Oct 19 17:28:02 UTC 2017

> If you really want to run a command without typing your password,
> configure the sudoers file accordingly. There are plenty of guides on
> the web on how to do this, or see 'man sudoers' and 'man visudo'.
> Be aware of the security implications such a configuration has. Allowing
> to run port without sudo effectively allows to run any command as root,
> as it is trivial to execute other binaries.

Not true. In fact it is the exact opposite, more secure, if configured correctly.

You can configure sudo so *only* /opt/local/bin/port is allowed to run without a password. Any other use of sudo still requires the password. 

The reason doing this is more secure is because you can run ‘sudo port XYZ’ without entering any password, which means any subsequent sudo command will require authentication with a password. As a example

> sudo port XYZ
> sudo rm -rf /opt/local

has a very different outcome in the two cases… If you have configured sudo to allow the first to run without a password, the second will prompt you, at which point you might reconsider what you are doing… 

To enable this update your sudoers file with the last line below

## User privilege specification
root    ALL=(ALL) ALL
%admin  ALL=(ALL) ALL
chris   ALL=(ALL) NOPASSWD: /opt/local/bin/port


> Rainer

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <>

More information about the macports-users mailing list