Insufficient privileges?

John B Brown jbb at vcn.com
Fri Apr 29 09:22:49 PDT 2011



Bayard Bell wrote:
> On 29 Apr 2011, at 16:38, John B Brown wrote:
> 
>> Bayard Bell wrote:
>>> On 29 Apr 2011, at 02:43, John B Brown wrote:
>>>> Dear Bradley,
>>>>
>>>> 	There is no root group on my machine, and I added myself to wheel group using 'Preferences.' I left the 'wheel' group sudoers lines untouched. I added my user name to sudoers. "jbb     ALL=(ALL) NOPASSWD: ALL"
>>>>
>>>> 	There is no tree '/Local' on my machine. sudo is in the same place. There is no subtree labeled 'Default/Groups.' I use 'locate' for system search. What system are you on? Mine is Snow Leopard;
>>> /Local isn't a directory tree, it's a namespace for DirectoryServices that accesses the BSD files (and some local XML data) for name service and config data. Does dscl actually give you an error when you attempt a command like:
>>> dscl localhost -read /Local/Default/Groups/wheel GroupMembership
>>> If so, what's the error? The diagnostics given here seem exactly what you need to get to the bottom of any problems you're having.
>> jbb at pinball:~
>> (1): % dscl -read /Local/Default/Groups/wheel GroupMembership
>> Cannot open remote host, error: DSOpenDirServiceErr
>> jbb at pinball:~
>> (2): % sudo dscl -read /Local/Default/Groups/wheel GroupMembership
>> Cannot open remote host, error: DSOpenDirServiceErr
>>
>> 	Whatever that means. As you can see by other notes, groups works me.
> 
> You mis-copied the syntax: it's "dscl localhost -read ...". The output to groups or id should be equivalent, but this is checking resolution against the group vs. against the user. Off the top of my head, I couldn't tell you which way sudo does the resolution, but it's usually a good sanity check to resolve both ways in case something's flakey with the name service data.
> 
> Could you also provide the output for the grep against /etc/sudoers to show which lines for the wheel group have been uncommented and their order of appearance?
> 
>>>> Bradley Giesbrecht wrote:
>>>>> John, I don't have this NOPASSWD issue. Did you add yourself to the wheel group?
>>>>> pillbox:pixilla brad$ sudo which sudo
>>>>> /usr/bin/sudo
>>>>> pillbox:pixilla brad$ sudo grep -E "^%wheel" /etc/sudoers
>>>>> %wheel	ALL=(ALL) NOPASSWD: ALL
>>>>> pillbox:pixilla brad$ dscl localhost -read /Local/Default/Groups/wheel | grep GroupMembership
>>>>> GroupMembership: root brad
>>>>> Regards,
>>>>> Bradley Giesbrecht (pixilla)
> 

jbb at pinball:~
(11): % dscl localhost -read /Local/Default/Groups/wheel GroupMembership
GroupMembership: root jbb
jbb at pinball:~
(12): %

jbb at pinball:~
(12): % egrep -n wheel /etc/sudoers
37:# Uncomment to allow people in group wheel to run all commands
38:# %wheel	ALL=(ALL) ALL
41:# %wheel	ALL=(ALL) NOPASSWD: ALL

jbb at pinball:~
(13): % ls -aFCl /etc/sudoers
-r--r-----  1 root  wheel  1274 Nov  9 10:28 /etc/sudoers
jbb at pinball:~
(14): %

	You will realize the lines are commented after much experimentation with 
sudoers settings and sudo original and MacPorts sources to find the binary that 
works best.

jbb at pinball:~
(14): % egrep -n NOPASSWD /etc/sudoers
34:jbb     ALL=(ALL) NOPASSWD: ALL
41:# %wheel	ALL=(ALL) NOPASSWD: ALL
jbb at pinball:~
(15): %
	
	Shalom,

	John B. Brown.
	[jbb at vcn.com]
	358 High Street,
	Buffalo, Wyoming
	82834

"Freedom is not worth having if it does not include
the freedom to make mistakes"  Mahatma Gandhi
"There was never a good war, or a bad peace."
Benjamin Franklin
"I wonder whether the world is being run
by smart people who are putting us on
or by imbeciles who really mean it."  Mark Twain

1-307-684-9068


More information about the macports-users mailing list