Looks like no one’s replied in a while. To start the conversation again, simply ask a new question.

Add user to a Group

Hello All, I am going crazy and I know there has to be something very simple that I'm missing. I am the only users on this computer the only other accounts are root and guest. The user profile shows my name and Admin as the type of account. When I try to use "sudo" in terminal it asks for my password and denies it and says to cntr C to exit....i think. I did an id in terminal and it shows me as id 501 gid 501 but I am not listed in the Admin group 80.

How do I add myself to group 80?

Thanks, Glynn

iBook 14.1 G3 700mhz, G4 1.33Gz,iMac G5 2.1Gz 2Gm, Macbook 2.3 Gz, Mac OS X (10.4.11)

Posted on May 13, 2008 9:32 AM

Reply
23 replies

May 13, 2008 2:42 PM in response to Glynn

First, a caveat: if you are the only admin user and you are not in group admin (and you do not know why), your system likely has serious issues which may cause you all kinds of problems and may have security implications. You would be well-advised to reinstall the OS in this case.

Assuming you are on Tiger...

Before you make changes, you must make sure that the NetInfo database is backed up. This is one of the daily cron jobs but you should ensure that it has run and, if it were me, I would copy the backups to other names to make sure they do not get overwritten. (Just in case you screw up the database and before you can restore from backup, the daily job backs up your new version overwriting the backup.) You can find details in /etc/periodic/daily/500.daily - scroll down to "Backing up the NetInfo database". Get the location of the backups, check they exist and copy them to other names leaving them in the backup directory and making sure the ownership and permissions are the same on the backups you create as on those created by the cron job. The likely location is /var/backups and the backups will be named *.nidump (e.g. localhost.nidump etc.). You will have to su to root as you can't sudo, cd into the directory and copy the files to other names.

Now open NetInfo Manager. Figure out what you are going to do before authenticating. Note that I'm not sure this method will work - it shouldn't, in fact, but try it. Highlight the local domain in the far left column ("/"), then "groups" in the next column, then "admin" in the right column. Underneath, you will see a line with "Users" on the left. Highlight this. Click the lock to authenticate. Choose "Insert new value" from the Directory menu. Type your short user name. Click the lock to deauthenticate. You will be asked if you are sure you want to make the changes/update this copy. Confirm this.

This assumes you have not changed things too much from the Tiger defaults. E.g. that you have not changed the sources the system looks at for information about users and groups. If you have changed things from the Apple defaults, obviously you may need to make different changes.

As I say, this shouldn't work as the NetInfo Manager shouldn't let you authenticate. I don't know if you can use the root username and password. If not, you can make the changes from the command line after suing to root.

- cfr

May 13, 2008 2:51 PM in response to Glynn

From the command line, you should be able to do something like this (as root):

root# dscl . -append /Groups/admin GroupMembership <your username>

Then check if that succeeded by using the "id" command.

This may not restore sudo capability to you, however. I'd also check the /private/etc/sudoers file and ensure that your username is indeed listed there...

May 13, 2008 3:57 PM in response to glsmith

Interesting. Is dscl (relatively) new? It exists in Tiger, apparently. I was thinking of using the NetInfo specific commands to achieve this which have disappeared in Leopard. When did dscl appear? It strikes me as clearer than the ni-- commands so I'm wondering why I've never seen this method mentioned before! The manpage says 2003 but it doesn't even seem to be listed in my book on Tiger...

- cfr

May 13, 2008 4:48 PM in response to glsmith

Thanks, I tried entering:
sh-2.3#dscl .-append /Groups/admin GroupMembership HomeFolderName

And it returns:Cannot open remote host, error: DSOpenDirServiceErr

I also ran:
sudo cat /etc/sudoers

And the return is still:

WARNING: Improper use of the sudo command could lead to data loss
or the deletion of important system files. Please double-check your
typing when using sudo. Type "man sudo" for more information.

To proceed, enter your password, or type Ctrl-C to abort.


The sudoers file reads like this:

# Host alias specification

# User alias specification

# Cmnd alias specification

# Defaults specification
Defaults env_reset
Defaults env_keep += "BLOCKSIZE"
Defaults env_keep += "COLORFGBG COLORTERM"
Defaults env_keep += " _CF_USER_TEXTENCODING"
Defaults env_keep += "CHARSET LANG LANGUAGE LC_ALL LC_COLLATE LC_CTYPE"
Defaults env_keep += "LC_MESSAGES LC_MONETARY LC_NUMERIC LC_TIME"
Defaults env_keep += "LINES COLUMNS"
Defaults env_keep += "LSCOLORS"
Defaults env_keep += "SSH AUTHSOCK"
Defaults env_keep += "TZ"
Defaults env_keep += "DISPLAY XAUTHORIZATION XAUTHORITY"
Defaults env_keep += "EDITOR VISUAL"

# Runas alias specification

# User privilege specification
root ALL=(ALL) ALL
%admin ALL=(ALL) ALL

# Uncomment to allow people in group wheel to run all commands
# %wheel ALL=(ALL) ALL

# Same thing without a password
# %wheel ALL=(ALL) NOPASSWD: ALL

I looked into using visudo to edit the file but the options given in --help do not say how to open and edit the file.

Message was edited by: Glynn

May 13, 2008 5:06 PM in response to Glynn

You should be able to cat the sudoers file as root, without needing sudo to do it. Try it as the root user and you won't get that error. Looking at the output of that file, it doesn't appear like your username is in there. That's going to prevent you from using sudo. "visudo" is just a wrapper around the "vi" editor, and is designed to open all the correct things for you -- all you need to do (as root) is type "visudo" at the command prompt and add the appropriate information. Type "man visudo" for more information.

As for the dscl command, it could be the formatting of the post, but there should be a space between the utility ("dscl"), the datasource (".") and the comman ("-append"). You could also try a simpler command to list the current properties of the admin group:

root# dscl . -read /Groups/admin

Does that invocation work?

This works for me on a 10.5.2 system, and a 10.4.11 system, so if it's not a simple formatting issue than perhaps there's more messed up on your system than just group affiliation...

May 13, 2008 6:55 PM in response to Glynn

Glynn wrote:
Thanks, I tried entering:
sh-2.3#dscl .-append /Groups/admin GroupMembership HomeFolderName

And it returns:Cannot open remote host, error: DSOpenDirServiceErr

I also ran:
sudo cat /etc/sudoers

And the return is still:

WARNING: Improper use of the sudo command could lead to data loss
or the deletion of important system files. Please double-check your
typing when using sudo. Type "man sudo" for more information.

To proceed, enter your password, or type Ctrl-C to abort.


This is normal. It happens the first time a user uses sudo. If you've never used sudo (successfully) before, this is what you would see. The question is: what happens if you enter your password?

The sudoers file reads like this:


You're reading this after suing to root?

# Host alias specification

# User alias specification

# Cmnd alias specification

# Defaults specification
Defaults env_reset
Defaults env_keep += "BLOCKSIZE"
Defaults env_keep += "COLORFGBG COLORTERM"
Defaults env_keep += " _CF_USER_TEXTENCODING"
Defaults env_keep += "CHARSET LANG LANGUAGE LC_ALL LC_COLLATE LC_CTYPE"
Defaults env_keep += "LC_MESSAGES LC_MONETARY LC_NUMERIC LC_TIME"
Defaults env_keep += "LINES COLUMNS"
Defaults env_keep += "LSCOLORS"
Defaults env_keep += "SSH AUTHSOCK"
Defaults env_keep += "TZ"
Defaults env_keep += "DISPLAY XAUTHORIZATION XAUTHORITY"
Defaults env_keep += "EDITOR VISUAL"

# Runas alias specification

# User privilege specification
root ALL=(ALL) ALL
%admin ALL=(ALL) ALL

# Uncomment to allow people in group wheel to run all commands
# %wheel ALL=(ALL) ALL

# Same thing without a password
# %wheel ALL=(ALL) NOPASSWD: ALL


This looks OK to me. It isn't what I have but I'm on Tiger. Can somebody on Leopard compare?

You do not need to be personally named in the sudoers file. You're already covered by what's here.

Earlier, you said "I did an id in terminal and it shows me as id 501 gid 501". I don't think this is correct. Setting non-membership of the Admin group aside, you appear to be in your own, personal group - but that's not supposed to be so on Leopard. Because you listed Tiger in your specs, I thought this looked right - on Tiger, all users are in a personal, unique-to-each group. But that's not supposed to be so on Leopard. You should be in the Staff group instead. Did you upgrade from Tiger and, if so, what options did you select during the install process?

- cfr

May 14, 2008 6:32 AM in response to glsmith

glsmith wrote:
Based on that file, he's only ok if he's a member of the admin group, which is the whole problem 🙂


There is clearly a "problem" here that no one has addressed. They just jumped into dscl, trying to fix things, before investigating exactly what the problem is. No one should have to run dscl to get sudo running unless there were serious problems to begin with. Those problems will remain and surface at some later date.

I don't run Tiger anymore so I don't know what the default setup looks like. But I do know that a user can be a member of multiple groups. I also know that an Admin user should be able to do sudo. If not, there is a problem that probably isn't going to be fixed by dscl.

May 14, 2008 6:58 AM in response to etresoft

etresoft wrote:
glsmith wrote:
Based on that file, he's only ok if he's a member of the admin group, which is the whole problem 🙂


There is clearly a "problem" here that no one has addressed. They just jumped into dscl, trying to fix things, before investigating exactly what the problem is. No one should have to run dscl to get sudo running unless there were serious problems to begin with. Those problems will remain and surface at some later date.


Quite. Which is why I said,
First, a caveat: if you are the only admin user and you are not in group admin (and you do not know why), your system likely has serious issues which may cause you all kinds of problems and may have security implications. You would be well-advised to reinstall the OS in this case.


But you are right that the point seems to have been lost since.

- cfr

May 14, 2008 7:02 AM in response to glsmith

glsmith wrote:
It's roughly the same on Leopard.


He is on Leopard. The file looks different on Tiger.

Based on that file, he's only ok if he's a member of the admin group, which is the whole problem 🙂


Indeed. I only meant that I thought trying to fix the problem by editing the sudoers file was a bad idea.

I'm still curious why the dscl command didn't work for him. Maybe it's PEBKAC.


There is clearly something very wrong on his system.

- cfr

Add user to a Group

Welcome to Apple Support Community
A forum where Apple customers help each other with their products. Get started with your Apple ID.