Dear Alex,
In the original source for sudo there is a configure condition that must be met
for group members;
"--with-exempt=group no passwd needed for users in this group"
Which condition do you think Apple set for this? Your group 'sudoers' or
'wheel' or some other condition? I suspect this condition is unset as delivered
by Apple.
Or, possibly, this original configuration is unnecessary? Just a waste of
programming space?
Some errors come from reworking an original program for proprietary motives,
and ignoring the original configuration conditions. The group I use for purposes
of system maintenance is 'wheel.' The original version includes in a sudoers script;
"
# Uncomment to allow people in group wheel to run all commands
# %wheel ALL=(ALL) ALL
# Same thing without a password
# %wheel ALL=(ALL) NOPASSWD: ALL
"
Uncommenting the wheel lines in sudoers using the Apple delivered sudo does not
provide NOPASSWD action for group 'wheel.' Compiling original source with
'--with-exempt=wheel' provides wheel with NOPASSWD action. Under that condition
/etc/sudoers seems to work correctly. Apples compile seems not to provide that
correct action.
Myself, I don't use those 'wheel' lines in sudoers. I set my user for the
second condition above. That way, as member of group wheel, I get to use sudo
without a password because I compile sudo source using --with-exempt=wheel.
Otherwise, I will be asked for a password.
Or maybe its an Apple OS group permissions thing and mine are not
correctly set?
Shalom,
John B. Brown.
[[email protected]]
358 High Street,
Buffalo, Wyoming
82834
"Freedom is not worth having if it does not include
the freedom to make mistakes" Mahatma Gandhi
"There was never a good war, or a bad peace."
Benjamin Franklin
"I wonder whether the world is being run
by smart people who are putting us on
or by imbeciles who really mean it." Mark Twain
1-307-684-9068
Alexander Skwar wrote:
John,
I manually created the 666/sudoers group. And I added my user to this
group as well.
This allowed me to use the original Apple sudo using my user without
being prompted for a password.
And THIS shows, that your statement simply is wrong. sudoers does work
as advertised.
Best regards,
Alexander
On Tue, Apr 19, 2011 at 18:59, John B Brown <[email protected]> wrote:
Dear Alex,
There is no sudoers group on my machine, there is no group with the
number 666 as group number, being a member of wheel group with 'NOPASSWD'
allowed still didn't work.
I simply compiled back in the original options for sudo. Only then
did I get 'NOPASSWD' privilege as a wheel group member for real.
Shalom,
John B. Brown.
[[email protected]]
358 High Street,
Buffalo, Wyoming
82834
"Freedom is not worth having if it does not include
the freedom to make mistakes" Mahatma Gandhi
"There was never a good war, or a bad peace."
Benjamin Franklin
"I wonder whether the world is being run
by smart people who are putting us on
or by imbeciles who really mean it." Mark Twain
1-307-684-9068
Alexander Skwar wrote:
John,
That's not true. Sudoers does work as advertised. My non-admin user is
in a custom "sudoers" group and I *am* able to use sudo. Without
having to use su first. I am using the apple sudo.
From my sudoers http://nopaste.dk/p3153 :
# Defaults specification
Defaults env_reset
Defaults env_keep += "BLOCKSIZE"
Defaults env_keep += "COLORFGBG COLORTERM"
Defaults env_keep += "__CF_USER_TEXT_ENCODING"
Defaults env_keep += "CHARSET LANG LANGUAGE LC_ALL LC_COLLATE
LC_CTYPE"
Defaults env_keep += "LC_MESSAGES LC_MONETARY LC_NUMERIC LC_TIME"
Defaults env_keep += "LINES COLUMNS"
Defaults env_keep += "LSCOLORS"
Defaults env_keep += "SSH_AUTH_SOCK"
Defaults env_keep += "TZ"
Defaults env_keep += "DISPLAY XAUTHORIZATION XAUTHORITY"
Defaults env_keep += "EDITOR VISUAL"
# Runas alias specification
# User privilege specification
root ALL=(ALL) ALL
%admin ALL=(ALL) ALL
# Uncomment to allow people in group wheel to run all commands
# %wheel ALL=(ALL) ALL
# Same thing without a password
# %wheel ALL=(ALL) NOPASSWD: ALL
%sudoers ALL=(ALL) NOPASSWD: ALL
id http://nopaste.me/paste/13423264574dac87ba2ab0e :
MacBook-Pro:~ alex$ id
uid=502(alex) gid=20(staff)
groups=20(staff),103(com.apple.sharepoint.group.3),405(com.apple.sharepoint.group.7),404(com.apple.sharepoint.group.6),61(localaccounts),12(everyone),403(com.apple.sharepoint.group.5),101(com.apple.sharepoint.group.1),102(com.apple.sharepoint.group.2),667(wir),402(com.apple.sharepoint.group.4),666(sudoers)
As you can see, I'm member of the "666 sudoers" group
and can run sudo because of this.
Regards,
Alexander
On Mon, Apr 18, 2011 at 20:15, John B Brown <[email protected]> wrote:
Daniel J. Luke wrote:
On Apr 18, 2011, at 1:30 PM, John B Brown wrote:
I've found the 'native' sudo to be insufficient. My solution is a
complete compile and install right over the Apple version.
I highly recommend that no one ever do this.
If you replace Apple software with your own software, things may work.
Things may also break unexpectedly.
Things probably will break in the future (as any future Apple software
update may replace or remove your software).
The important setting in the configure line is --with-exempt=[group] to
get a fully useful sudo without the necessity of using 'su.'
That configure flag lets a group use sudo without entering a password
and
has nothing to do with using 'su' or not.
Both what you describe as wanting (be able to use sudo without 'su'-ing
to
someone else), and what you describe setting (being able to use sudo
without
entering a password) can be configured in sudo's configuration file
/etc/sudoers
Unfortunately, No, sudoers does not work as advertised. Witness
the
original complaint.
However, claiming the sky will fall if you chose what you want in
your computer is ridiculous! Recompile fixes a myriad of "Apple knows
best"
crap.
Or did you invest in that expensive CS degree to stop thinking?
--
Daniel J. Luke
+========================================================+
| *---------------- [email protected] ----------------* |
| *-------------- http://www.geeklair.net-------------*
|
+========================================================+
| Opinions expressed are mine and do not necessarily |
| reflect the opinions of my employer. |
+========================================================+
Shalom,
John B. Brown.
[[email protected]]
358 High Street,
Buffalo, Wyoming
82834
"Freedom is not worth having if it does not include
the freedom to make mistakes" Mahatma Gandhi
"There was never a good war, or a bad peace."
Benjamin Franklin
"I wonder whether the world is being run
by smart people who are putting us on
or by imbeciles who really mean it." Mark Twain
1-307-684-9068
_______________________________________________
macports-users mailing list
[email protected]
http://lists.macosforge.org/mailman/listinfo.cgi/macports-users
_______________________________________________
macports-users mailing list
[email protected]
http://lists.macosforge.org/mailman/listinfo.cgi/macports-users
