This message was deleted.
# rancher-desktop
a
This message was deleted.
q
Check
/etc/sudoers.d/*
, there's probably another file that's forcing the password requirement
g
hmm interesting. The only file in that directory is
zzzzz-rancher-desktop-lima
. Looking at the file, I see this entry at the top
Copy code
%everyone ALL=(root:wheel) NOPASSWD:NOSETENV: /bin/mkdir -m 775 -p /private/var/run
That looks correct, although I'm not all that familiar with this file.
q
Yeah, that's correct, maybe check
/etc/sudoers
itself to see if there's something that's overriding the
NOPASSWD
field?
I mean, arguably the code could check to see if the directory exists and has the right permissions and not bother using sudo if it doesn't need to make the directory, but, right now i'm more interested in why
sudo
isn't doing what we expect.
(If you're curious about the file format, you can try to read
man sudoers
, but it's a long doc, and in general what you're looking for is something that sticks out like a sore thumb.)
g
ahh
/etc/sudoers
is empty. I'm guessing there should be a reference in that file to
Copy code
/private/etc/sudoers.d
?
/private/etc/sudoers
is also empty
q
is it really empty? `sudo cat /etc/sudoers|pbcopy`:
Copy code
#
# Sample /etc/sudoers file.
#
# This file MUST be edited with the 'visudo' command as root.
#
# See the sudoers man page for the details on how to write a sudoers file.

##
# Override built-in defaults
##
Defaults	env_reset
Defaults	env_keep += "BLOCKSIZE"
Defaults	env_keep += "COLORFGBG COLORTERM"
Defaults	env_keep += "__CF_USER_TEXT_ENCODING"
Defaults	env_keep += "CHARSET LANG LANGUAGE LC_ALL LC_COLLATE LC_CTYPE"
Defaults	env_keep += "LC_MESSAGES LC_MONETARY LC_NUMERIC LC_TIME"
Defaults	env_keep += "LINES COLUMNS"
Defaults	env_keep += "LSCOLORS"
Defaults	env_keep += "SSH_AUTH_SOCK"
Defaults	env_keep += "TZ"
Defaults	env_keep += "DISPLAY XAUTHORIZATION XAUTHORITY"
Defaults	env_keep += "EDITOR VISUAL"
Defaults	env_keep += "HOME MAIL"

Defaults	lecture_file = "/etc/sudo_lecture"

##
# User alias specification
##
# User_Alias	FULLTIMERS = millert, mikef, dowdy

##
# Runas alias specification
##
# Runas_Alias	OP = root, operator

##
# Host alias specification
##
# Host_Alias	CUNETS = 128.138.0.0/255.255.0.0
# Host_Alias	CSNETS = 128.138.243.0, 128.138.204.0/24, 128.138.242.0
# Host_Alias	SERVERS = master, mail, www, ns
# Host_Alias	CDROM = orion, perseus, hercules

##
# Cmnd alias specification
##
# Cmnd_Alias	PAGERS = /usr/bin/more, /usr/bin/pg, /usr/bin/less

##
# User specification
##

# root and users in group wheel can run anything on any machine as any user
root		ALL = (ALL) ALL
%admin		ALL = (ALL) ALL

## Read drop-in files from /private/etc/sudoers.d
## (the '#' here does not indicate a comment)
#includedir /private/etc/sudoers.d
g
Yes - it is empty, and it shouldn't be. Guessing that is likely the issue.
q
You can try the above and see if that "fixes" it
I'm not entirely certain, because i don't see anything interesting beyond these two lines:
Copy code
root		ALL = (ALL) ALL
%admin		ALL = (ALL) ALL
oh!
Copy code
## (the '#' here does not indicate a comment)
#includedir /private/etc/sudoers.d
bizarre file formats are bizarre! -- so yes, the fact that it's empty is indeed the problem πŸ™‚
g
Awesome, thanks. I should be able to grab the contents from a co-worker too, but good to know. As to why updating my Mac removed that file .... guessing that isn't normal and something was just weird on my machine. Really appreciate the help!!!
q
Yeah, definitely don't trust random stranger on the internet for this file πŸ™‚
g
lol πŸ™‚
Definitely see if you can find out why this file was eaten. It obviously shouldn't be πŸ™‚
g
oh cool, thanks
q
No guarantees. Filing a bug is cheap. I only fix a small handful of bugs I file πŸ™‚
g
Turns out that at least one other person at my work had a similar issue. I think something between the latest OS update and security software/policies caused the sudoers file to get overwritten. Restoring it resolved the issue, and I like the idea in the ticket about checking at install time.
q
I'd complain to IT πŸ™‚ it sounds like their software is breaking the system, and they should know.
g
Lol, you should see the threads in our Teams channel between developers on Macs and their views about IT adding security policies and software.
q
2 large companies ago, the Windows IT policies were really heavy handed, but the Mac ones weren't, so I got a mac, installed virtualbox, and installed (IT managed) Windows in a VM. IT could play in a sandbox, and I had a working computer for everything else. For my desktop, I installed Open Solaris and got the machine moved to an official developer network so it could have unfiltered internet access (and maybe a promise not to talk to the internal stuff?)
Large IT is really good at making a mess of things and not much else. (A large company we deal w/ has an IT that managed to break Windows certificate handling by replacing Windows Update, which meant that when their web browser wandered around the internet it couldn't automatically grow its Roots based on the Windows Update list)
355 Views