help with sudo

Question

help with sudo

I would like to edit the sudo file in Mojave,

I want total sudo rights in all areas, period. I have been trying for over 2 years and

all I get is short answers from all over the place and I cannot edit any files without a

permissions error: Also cannot edit a single file using Xcode for years. I always see this message:

“Controls.h” is locked for editing and you may not be able to save your changes. Do you want to unlock it?

Here is a copy of my sudoers file as I was tutored to do today,,,

Can someone please tell me where I am going wrong...... I have never been able to get this working for years, Also SIP is disabled!

Thank You

#

# Sample /etc/sudoers file.

#

# This file MUST be edited with the 'visudo' command as root.

#

# See the sudoers man page for the details on how to write a sudoers file.

##

# Override built-in defaults

##

Defaults env_reset

Defaults env_keep += "BLOCKSIZE"

Defaults env_keep += "COLORFGBG COLORTERM"

Defaults env_keep += "__CF_USER_TEXT_ENCODING"

Defaults env_keep += "CHARSET LANG LANGUAGE LC_ALL LC_COLLATE LC_CTYPE"

Defaults env_keep += "LC_MESSAGES LC_MONETARY LC_NUMERIC LC_TIME"

Defaults env_keep += "LINES COLUMNS"

Defaults env_keep += "LSCOLORS"

Defaults env_keep += "SSH_AUTH_SOCK"

Defaults env_keep += "TZ"

Defaults env_keep += "DISPLAY XAUTHORIZATION XAUTHORITY"

Defaults env_keep += "EDITOR VISUAL"

Defaults env_keep += "HOME MAIL"

Defaults lecture_file = "/etc/sudo_lecture"

##

# User alias specification

##

# User_Alias FULLTIMERS = millert, mikef, dowdy

##

# Runas alias specification

##

# Runas_Alias OP = root, operator

##

# Host alias specification

##

# Host_Alias CUNETS = 128.138.0.0/255.255.0.0

# Host_Alias CSNETS = 128.138.243.0, 128.138.204.0/24, 128.138.242.0

# Host_Alias SERVERS = master, mail, www, ns

# Host_Alias CDROM = orion, perseus, hercules

##

# Cmnd alias specification

##

# Cmnd_Alias PAGERS = /usr/bin/more, /usr/bin/pg, /usr/bin/less

##

# User specification

##

# root and users in group wheel can run anything on any machine as any user

root ALL = (ALL) ALL

%admin ALL = (ALL) ALL

djave ALL = (ALL) ALL

username ALL = (ALL) ALL

%wheel ALL = (ALL) ALL

## Read drop-in files from /private/etc/sudoers.d

## (the '#' here does not indicate a comment)

#includedir /private/etc/sudoers.d

Defaults timestamp_timeout=0

iMac Line (2012 and Later)

Posted on Dec 20, 2018 2:45 AM

Reply

Answer 1

Top-ranking reply

MrHoffman

Level 10

149,263 points

Dec 22, 2018 9:38 AM in response to eugenejazzy22

Whatever is happening here with Xcode probably isn’t going to be resolved with sudoers changes.

If controls.h is your osn local include file, then try restarting Xcode, and if that doesn’t clear this then reboot and try again.

If that does not clear this—and your comment about “years” may well mean exactly this—and if this is a local file of yours and not part of macOS, then I’d tend to suspect an odd ownership on the file, or that the protections or the immutable attribute has been set. To see that, use the command,like and the ls command, with the switches -ale@ and see what the ownership and settings there might be. ls -ale@ /path/to/controls.h

If the settings differ from other files in your Xcode project and you can’t sort out how tomrevert the settings on this file, post the output here and I or somebody else can help with the chmod or chown or xattr command, or whatever has happened to this file. This if this controls.h file is local to your Xcode environment and not part of macOS.

If the above resolves this, then I’d also suggest reverting the sudoers edit, and any SIP changes.

Xcode and sudo don’t mix, in general.

If controls.h is not your file but rather part of macOS, then it would appear that you want full and unrestricted access to everything in a macOS install, and I’d the and in all seriousness suggest considering Linux or BSD as your platform. I make that comment seriously, and not as a joke or as a brush-off. Those and some other operating systems are excellent choices and are intend for and far better suited to folks that want and need complete system access and want and need to the ability to change and tailor and tweak and customize any aspects of the operating system environment. macOS and Xcode, not so much.

I’ve tried this path myself too, and it gets to be a hassle and particularly as Apple drifts toward tighter security settings and tighter app build settings and sandboxing. With Apple and macOS, you’re going to be tussling with Apple and the increasing security of macOS at each step of the path you’re on and potentially with each upgrade, if you want and need complete and unrestricted system-wide access.

More generally, Xcode wouldn’t be used to edit files protected by SIP. If you need to alter a system definition, then it’d be more common to make a local snapshot of that file and make your changes there, or tweak the setting after the include file has been processed, and then add that directory into the include path in Xcode or within clang itself, or add thatmtweak into the local coce. (See the clang -I include path switch, or -isystem for the system include path, or some other switches depending on your particular build requirements. Xcode has build settings for at least thr most common of these, too.)

As an example of the include path support in Xcode... There are some descriptions around of using OpenSSL in Xcode apps, and referencing the OpenSSL includes from within Xcode, and those would serve as a foundation for what you’re doung here; overriding the includes with your own changes and updates. If this is what you’re up to, I can dig up the Xcode build settings for this as I have a project doing something similar.

If youncould provide a little more background on this controls.h file, I might be able to provide a way to resolve this too, if the above does not address the problem.

Reply

Answer 2

Dec 20, 2018 3:54 AM in response to eugenejazzy22

The Mac operating system runs on top of a Unix layer and therefore uses the Unix security model. This allows multiple user accounts with varying levels of access.

Guest
Normal user (not an Administrator)
Administrator
Root aka SuperUser (normally hidden)

Originally an Administrator level user was able to use the sudo command and then get root level control which originally would have allowed modifying practically any file.

More recently (actually several years ago) Apple have added additional security mechanisms because sadly the facts of life are that there are bad people out there and Apple quite rightly is trying to protect you against them. One of the main newer security measures is called SIP - System Integrity Protection this prevents in normal operation even root from modifying parts of the Mac operating system. It is however possible to partially or totally disable SIP.

Obviously disabling SIP reduces the protection your computer provides. However as you seem to be a developer due to your mentioning XCode I would presume you know what you are doing and are willing to accept this risk. So here is a link to instructions on how to disable SIP. See here - https://www.imore.com/how-turn-system-integrity-protection-macos

Before you do that, it is possible to 'Lock' a file to prevent modification, this might be the issue with this particular file. The option is in the Get Info window. See this article - http://osxdaily.com/2010/08/11/lock-files-and-folders-in-mac-os-x/

Mojave has added a whole bunch of additional security measures, for example an app now needs specific permission in order to access other folders. This is a big area but see this article for some details on this - https://tidbits.com/2018/09/10/mojaves-new-security-and-privacy-protections-face-usability-challenges/

Reply