Using SUDO In Terminal - Mavericks

Thanks. As for a new thread, this seemed related enough as some of what I was doing (and confused with) overlapped the OP, but I can certainly see the case for a different thread. (also didn't know I could close them, so now I know how to use the board properly)

As far as what I did looking horribly wrong, well, yes. Nothing I posted was what I was trying to do, simply the facts I was trying to gather when 1) a command failed when trying to create a directory, and 2) trying (the old-fashioned way) to su root to execute the command resulted in discovering that su root didn't work. I posted all that so any responders would have as much as I knew at that point.

So, my takeaways from this are:

1. Using sudo is equivaletn to and not less than su root followed by a command
2. sudo doesn't tolerate changing users within the command, so you have to su admin first
3. root really is not needed for anything
4. My original problem had nothing to do with user permissions and may be related to file or directory attributes
5. Any problems I have sorting that out will go in a new thread
6. The reason for su root not working, even though I've tested root's ability to login, remains unexplained, but need not be worried about past curiosity.

Thanks for your patience, and apologies for the pseudo-hijack. Pun intended.

The sudo command will use your password of your admin account. Always has. This has been based on the sudoers file (/etc/sudoers), which is automatically maintained for administrative users.

The root user has not been recommended for many years, and Apple has gone out of their way to hide it and keep it locked down. A shared root account throws security auditing out the window, too.

Why can I login with my administrative account, but the same password does not work when SUDO is used in Terminal when I am logged in as myself (non-administrator)?

Your non-administrator account does NOT have 'admin' as a group, and as a result your non-administrator account is not authorized via the /etc/sudoers file.

Your terminal session MUST be owned by a user with 'admin' privileges or sudo will not work for them.

If you give your non-admin account access via the /etc/sudoers file, then you have effectively turned your non-admin account an admin account. If that is what you want to do, then you might as well not use a non-admin account.

There are differences between only adding a user to the Administrator group and setting that users account to Allow user to administer this system in Users & Groups as far as OS X is concerned.

A user in the Administrator group is still treated as a standard user by the system. So if you want your day to day interaction with the system to be none adiminstrative but occasionally need to run sudo from the terminal adding the user to the Administrator groups seems like the way to go.

isd503 wrote:

Before Mavericks, I could run an administrative command in Terminal, it would prompt me for a password, I would type the password to my admin account and everything worked fine.

Then at some point the non administrator account was added to the Administrator group because sudo has worked this way forever.

As I wrote above add the user to the Administrator group in Users & Groups and it wil be ablr to run sudo but still be treated as a standard account by OS X.

BTW what is it that you are doing that needs you to start programs as root? In many cases this isn;t really necessary and other ways can be found to accomplish the task.

Besides the rccharles su suggestion:

     su admin_account_short_name
     password: admin_account_password

You can also use ssh if you have remote login enabled

     ssh admin_account_short_name@localhost privileged command you want to run and arguments

That's actually for slow shutdowns, not boots.

Taking random defaults write advice from the Internet, especially when your modifying system level stuff is not something to be down likely, especially on a brand new OS install and when there are no instructions given for how to undo this.

If you start getting weird symptoms now how will you know this isn;t the cause or contributing to it an how will you go back to the original settings?

Slow boots? Look for site-local modifications, add-on enhancements and related; at whatever baggage is part of the local startup. More often than not, there's add-on software that's starting up that's lengthening the boot time.

Look at the boot logs.

Perform a verbose bootstrap.

Figure out what's wrong or come up with a theory, try some specific changes to prove or disprove the theory, reset the changes back if the tests don't work out, and try another change.

Try a clean Mavericks install, and compare how fast that boots.

Look for the usual sorts of hardware bottlenecks, too. Slow disks. Insufficient free memory that then forces memory reclamation. Slow networks. Slow processors. Etc.

No-cost short-cuts to better system performance? Those are really rare.

Trying things out is good, learnt a lot doing just that. Having backups is good, makes us all brave.

But the article you linked to is specifically geared toward shutdown not boot. Given the changes being made there is no reason to expect that to have any affect on boot times or anything else that has to do with boot.

While trying things out is a good way to learn blindly following instructions you find on the web is a recipe for disaster, even with backups.

regards

I'm having a root issue in Mavericks and have read this topic carefully. Here's what I have:

* Standard user for day-to-day tasks

* admin user for config and installations

* root enabled

* No groups defined at all

Problem:

` sudo root`

fails to authenticate

Here's what I've found

* I can log into the GUI from startup as root using the root password that I set when enabling root

* I can `su admin` and then sudo

* I can navigate the 14,000 steps to where root is enabled/disabled and where root's password can be reset by an admin, and have done that, and rebooted and tested by logging in on startup.

* `sudoers` contains root and %admin (I don't know what the % does. Relevant contents:

# User privilege specification

root ALL=(ALL) ALL

%admin ALL=(ALL) ALL

I have no idea why root won't authenticate for su.

It would be best to start your own discussion on your issue.

I am not entirely sure what you are trying to do, but it looks horribly wrong. You don't need root for anything. it shouldn't be disabled. There is an old Apple Support document telling people how to enable it. It should be deleted.

If you need to act as root, you can just prefix any command with sudo from an Administrator account. You can even do "sudo bash" if that is what you want.

As Steve Jobs would say, "Your using it wrong" 🙂

sudo is followed by a command, not the account name.

And by default sudo ALWAYS makes you root, so you do not need to tell sudo about root.

If you are logged into your 'admin' account, then

sudo command -options arg1 arg2 ...
Password: your_admin_password_which_you_are_logged_into

If you are using your standard (non-admin) account, then you will have to become an admin first

su your_admin_account_name
Password: your_admin_account_password
sudo command -options arg1 arg2 ...

And as etresoft says, you should really start your own thread, so that you do not confuse your needs with the previous OP's needs, and so you can control when you think your issue is solved. Hijacking someone else's thread gives you no control.

Message was edited by: BobHarris