Morning everyone -- I'm a bit stuck with an error when trying to initialize Rancher Desktop on my Mac. Rancher Desktop: v1.5.1 Mac: Monterey (12.5.1) - x86 Relevant Error:

msg="failed to run [sudo --user root --group wheel --non-interactive /bin/mkdir -m 775 -p /private/var/run]: stdout=\\"\\", stderr=\\"sudo: a password is required\\\\n\\": exit status 1"\n',

Full Error:

2022-08-23T13:36:31.050Z: Error starting lima: Error: /Applications/Rancher <http://Desktop.app/Contents/Resources/resources/darwin/lima/bin/limactl|Desktop.app/Contents/Resources/resources/darwin/lima/bin/limactl> exited with code 1
    at ChildProcess.<anonymous> (/Applications/Rancher <http://Desktop.app/Contents/Resources/app.asar/dist/app/background.js:17:142946|Desktop.app/Contents/Resources/app.asar/dist/app/background.js:17:142946>)
    at ChildProcess.emit (node:events:390:28)
    at Process.ChildProcess._handle.onexit (node:internal/child_process:290:12) {
  stdout: '',
  stderr: 'time="2022-08-23T07:36:30-06:00" level=info msg="Using the existing instance \\"0\\""\n' +
    'time="2022-08-23T07:36:30-06:00" level=info msg="Starting switch daemon for \\"rancher-desktop-bridged_en0\\" network"\n' +
    'time="2022-08-23T07:36:31-06:00" level=fatal msg="failed to run [sudo --user root --group wheel --non-interactive /bin/mkdir -m 775 -p /private/var/run]: stdout=\\"\\", stderr=\\"sudo: a password is required\\\\n\\": exit status 1"\n',
  code: 1,
  command: [
    '/Applications/Rancher <http://Desktop.app/Contents/Resources/resources/darwin/lima/bin/limactl|Desktop.app/Contents/Resources/resources/darwin/lima/bin/limactl>',
    'start',
    '--tty=false',
    '0'
  ]
}

This began happening after updating my Mac from 12.4 to 12.5.1. I've verified that I have

sudoer

permission on my local account. Running the command

sudo --user root --group wheel --non-interactive /bin/mkdir -m 775 -p /private/var/run

manually results in the same message. The

/private/var/run

folder already exists, is owned by

root

, and has both read and write permissions on it. I've tried both resetting Rancher and reinstalling it as well. This error occurs shortly after getting a prompt to grant administrative access to Rancher. Any ideas?

Check

/etc/sudoers.d/*

, there's probably another file that's forcing the password requirement

hmm interesting. The only file in that directory is

zzzzz-rancher-desktop-lima

. Looking at the file, I see this entry at the top

%everyone ALL=(root:wheel) NOPASSWD:NOSETENV: /bin/mkdir -m 775 -p /private/var/run

That looks correct, although I'm not all that familiar with this file.

Yeah, that's correct, maybe check

/etc/sudoers

itself to see if there's something that's overriding the

NOPASSWD

field?

ahh

/etc/sudoers

is empty. I'm guessing there should be a reference in that file to

/private/etc/sudoers.d

?

is it really empty? `sudo cat /etc/sudoers|pbcopy`:

#
# Sample /etc/sudoers file.
#
# This file MUST be edited with the 'visudo' command as root.
#
# See the sudoers man page for the details on how to write a sudoers file.

##
# Override built-in defaults
##
Defaults	env_reset
Defaults	env_keep += "BLOCKSIZE"
Defaults	env_keep += "COLORFGBG COLORTERM"
Defaults	env_keep += "__CF_USER_TEXT_ENCODING"
Defaults	env_keep += "CHARSET LANG LANGUAGE LC_ALL LC_COLLATE LC_CTYPE"
Defaults	env_keep += "LC_MESSAGES LC_MONETARY LC_NUMERIC LC_TIME"
Defaults	env_keep += "LINES COLUMNS"
Defaults	env_keep += "LSCOLORS"
Defaults	env_keep += "SSH_AUTH_SOCK"
Defaults	env_keep += "TZ"
Defaults	env_keep += "DISPLAY XAUTHORIZATION XAUTHORITY"
Defaults	env_keep += "EDITOR VISUAL"
Defaults	env_keep += "HOME MAIL"

Defaults	lecture_file = "/etc/sudo_lecture"

##
# User alias specification
##
# User_Alias	FULLTIMERS = millert, mikef, dowdy

##
# Runas alias specification
##
# Runas_Alias	OP = root, operator

##
# Host alias specification
##
# Host_Alias	CUNETS = 128.138.0.0/255.255.0.0
# Host_Alias	CSNETS = 128.138.243.0, 128.138.204.0/24, 128.138.242.0
# Host_Alias	SERVERS = master, mail, www, ns
# Host_Alias	CDROM = orion, perseus, hercules

##
# Cmnd alias specification
##
# Cmnd_Alias	PAGERS = /usr/bin/more, /usr/bin/pg, /usr/bin/less

##
# User specification
##

# root and users in group wheel can run anything on any machine as any user
root		ALL = (ALL) ALL
%admin		ALL = (ALL) ALL

## Read drop-in files from /private/etc/sudoers.d
## (the '#' here does not indicate a comment)
#includedir /private/etc/sudoers.d

Yes - it is empty, and it shouldn't be. Guessing that is likely the issue.

You can try the above and see if that "fixes" it

Awesome, thanks. I should be able to grab the contents from a co-worker too, but good to know. As to why updating my Mac removed that file .... guessing that isn't normal and something was just weird on my machine. Really appreciate the help!!!

Yeah, definitely don't trust random stranger on the internet for this file 🙂

lol 🙂

oh cool, thanks

No guarantees. Filing a bug is cheap. I only fix a small handful of bugs I file 🙂

Turns out that at least one other person at my work had a similar issue. I think something between the latest OS update and security software/policies caused the sudoers file to get overwritten. Restoring it resolved the issue, and I like the idea in the ticket about checking at install time.

I'd complain to IT 🙂 it sounds like their software is breaking the system, and they should know.

Lol, you should see the threads in our Teams channel between developers on Macs and their views about IT adding security policies and software.

2 large companies ago, the Windows IT policies were really heavy handed, but the Mac ones weren't, so I got a mac, installed virtualbox, and installed (IT managed) Windows in a VM. IT could play in a sandbox, and I had a working computer for everything else. For my desktop, I installed Open Solaris and got the machine moved to an official developer network so it could have unfiltered internet access (and maybe a promise not to talk to the internal stuff?)