https://rancher.com/ logo
g

glamorous-airline-82307

08/23/2022, 1:54 PM
Morning everyone -- I'm a bit stuck with an error when trying to initialize Rancher Desktop on my Mac. Rancher Desktop: v1.5.1 Mac: Monterey (12.5.1) - x86 Relevant Error:
Copy code
msg="failed to run [sudo --user root --group wheel --non-interactive /bin/mkdir -m 775 -p /private/var/run]: stdout=\\"\\", stderr=\\"sudo: a password is required\\\\n\\": exit status 1"\n',
Full Error:
Copy code
2022-08-23T13:36:31.050Z: Error starting lima: Error: /Applications/Rancher <http://Desktop.app/Contents/Resources/resources/darwin/lima/bin/limactl|Desktop.app/Contents/Resources/resources/darwin/lima/bin/limactl> exited with code 1
    at ChildProcess.<anonymous> (/Applications/Rancher <http://Desktop.app/Contents/Resources/app.asar/dist/app/background.js:17:142946|Desktop.app/Contents/Resources/app.asar/dist/app/background.js:17:142946>)
    at ChildProcess.emit (node:events:390:28)
    at Process.ChildProcess._handle.onexit (node:internal/child_process:290:12) {
  stdout: '',
  stderr: 'time="2022-08-23T07:36:30-06:00" level=info msg="Using the existing instance \\"0\\""\n' +
    'time="2022-08-23T07:36:30-06:00" level=info msg="Starting switch daemon for \\"rancher-desktop-bridged_en0\\" network"\n' +
    'time="2022-08-23T07:36:31-06:00" level=fatal msg="failed to run [sudo --user root --group wheel --non-interactive /bin/mkdir -m 775 -p /private/var/run]: stdout=\\"\\", stderr=\\"sudo: a password is required\\\\n\\": exit status 1"\n',
  code: 1,
  command: [
    '/Applications/Rancher <http://Desktop.app/Contents/Resources/resources/darwin/lima/bin/limactl|Desktop.app/Contents/Resources/resources/darwin/lima/bin/limactl>',
    'start',
    '--tty=false',
    '0'
  ]
}
This began happening after updating my Mac from 12.4 to 12.5.1. I've verified that I have
sudoer
permission on my local account. Running the command
sudo --user root --group wheel --non-interactive /bin/mkdir -m 775 -p /private/var/run
manually results in the same message. The
/private/var/run
folder already exists, is owned by
root
, and has both read and write permissions on it. I've tried both resetting Rancher and reinstalling it as well. This error occurs shortly after getting a prompt to grant administrative access to Rancher. Any ideas?
q

quick-keyboard-83126

08/23/2022, 2:07 PM
Check
/etc/sudoers.d/*
, there's probably another file that's forcing the password requirement
g

glamorous-airline-82307

08/23/2022, 2:13 PM
hmm interesting. The only file in that directory is
zzzzz-rancher-desktop-lima
. Looking at the file, I see this entry at the top
Copy code
%everyone ALL=(root:wheel) NOPASSWD:NOSETENV: /bin/mkdir -m 775 -p /private/var/run
That looks correct, although I'm not all that familiar with this file.
q

quick-keyboard-83126

08/23/2022, 2:14 PM
Yeah, that's correct, maybe check
/etc/sudoers
itself to see if there's something that's overriding the
NOPASSWD
field?
I mean, arguably the code could check to see if the directory exists and has the right permissions and not bother using sudo if it doesn't need to make the directory, but, right now i'm more interested in why
sudo
isn't doing what we expect.
(If you're curious about the file format, you can try to read
man sudoers
, but it's a long doc, and in general what you're looking for is something that sticks out like a sore thumb.)
g

glamorous-airline-82307

08/23/2022, 2:19 PM
ahh
/etc/sudoers
is empty. I'm guessing there should be a reference in that file to
Copy code
/private/etc/sudoers.d
?
/private/etc/sudoers
is also empty
q

quick-keyboard-83126

08/23/2022, 2:20 PM
is it really empty? `sudo cat /etc/sudoers|pbcopy`:
Copy code
#
# Sample /etc/sudoers file.
#
# This file MUST be edited with the 'visudo' command as root.
#
# See the sudoers man page for the details on how to write a sudoers file.

##
# Override built-in defaults
##
Defaults	env_reset
Defaults	env_keep += "BLOCKSIZE"
Defaults	env_keep += "COLORFGBG COLORTERM"
Defaults	env_keep += "__CF_USER_TEXT_ENCODING"
Defaults	env_keep += "CHARSET LANG LANGUAGE LC_ALL LC_COLLATE LC_CTYPE"
Defaults	env_keep += "LC_MESSAGES LC_MONETARY LC_NUMERIC LC_TIME"
Defaults	env_keep += "LINES COLUMNS"
Defaults	env_keep += "LSCOLORS"
Defaults	env_keep += "SSH_AUTH_SOCK"
Defaults	env_keep += "TZ"
Defaults	env_keep += "DISPLAY XAUTHORIZATION XAUTHORITY"
Defaults	env_keep += "EDITOR VISUAL"
Defaults	env_keep += "HOME MAIL"

Defaults	lecture_file = "/etc/sudo_lecture"

##
# User alias specification
##
# User_Alias	FULLTIMERS = millert, mikef, dowdy

##
# Runas alias specification
##
# Runas_Alias	OP = root, operator

##
# Host alias specification
##
# Host_Alias	CUNETS = 128.138.0.0/255.255.0.0
# Host_Alias	CSNETS = 128.138.243.0, 128.138.204.0/24, 128.138.242.0
# Host_Alias	SERVERS = master, mail, www, ns
# Host_Alias	CDROM = orion, perseus, hercules

##
# Cmnd alias specification
##
# Cmnd_Alias	PAGERS = /usr/bin/more, /usr/bin/pg, /usr/bin/less

##
# User specification
##

# root and users in group wheel can run anything on any machine as any user
root		ALL = (ALL) ALL
%admin		ALL = (ALL) ALL

## Read drop-in files from /private/etc/sudoers.d
## (the '#' here does not indicate a comment)
#includedir /private/etc/sudoers.d
g

glamorous-airline-82307

08/23/2022, 2:25 PM
Yes - it is empty, and it shouldn't be. Guessing that is likely the issue.
q

quick-keyboard-83126

08/23/2022, 2:25 PM
You can try the above and see if that "fixes" it
I'm not entirely certain, because i don't see anything interesting beyond these two lines:
Copy code
root		ALL = (ALL) ALL
%admin		ALL = (ALL) ALL
oh!
Copy code
## (the '#' here does not indicate a comment)
#includedir /private/etc/sudoers.d
bizarre file formats are bizarre! -- so yes, the fact that it's empty is indeed the problem 🙂
g

glamorous-airline-82307

08/23/2022, 2:28 PM
Awesome, thanks. I should be able to grab the contents from a co-worker too, but good to know. As to why updating my Mac removed that file .... guessing that isn't normal and something was just weird on my machine. Really appreciate the help!!!
q

quick-keyboard-83126

08/23/2022, 2:28 PM
Yeah, definitely don't trust random stranger on the internet for this file 🙂
g

glamorous-airline-82307

08/23/2022, 2:29 PM
lol 🙂
Definitely see if you can find out why this file was eaten. It obviously shouldn't be 🙂
g

glamorous-airline-82307

08/23/2022, 2:39 PM
oh cool, thanks
q

quick-keyboard-83126

08/23/2022, 2:40 PM
No guarantees. Filing a bug is cheap. I only fix a small handful of bugs I file 🙂
g

glamorous-airline-82307

08/23/2022, 3:52 PM
Turns out that at least one other person at my work had a similar issue. I think something between the latest OS update and security software/policies caused the sudoers file to get overwritten. Restoring it resolved the issue, and I like the idea in the ticket about checking at install time.
q

quick-keyboard-83126

08/23/2022, 3:52 PM
I'd complain to IT 🙂 it sounds like their software is breaking the system, and they should know.
g

glamorous-airline-82307

08/23/2022, 3:54 PM
Lol, you should see the threads in our Teams channel between developers on Macs and their views about IT adding security policies and software.
q

quick-keyboard-83126

08/23/2022, 3:57 PM
2 large companies ago, the Windows IT policies were really heavy handed, but the Mac ones weren't, so I got a mac, installed virtualbox, and installed (IT managed) Windows in a VM. IT could play in a sandbox, and I had a working computer for everything else. For my desktop, I installed Open Solaris and got the machine moved to an official developer network so it could have unfiltered internet access (and maybe a promise not to talk to the internal stuff?)
Large IT is really good at making a mess of things and not much else. (A large company we deal w/ has an IT that managed to break Windows certificate handling by replacing Windows Update, which meant that when their web browser wandered around the internet it couldn't automatically grow its Roots based on the Windows Update list)
288 Views