exe paul

Q: user is not in the sudoers file. This incident will be reported in osx mac

votefavorite

 

 

hi i am using mac osx i tried to login sudo without password i followed this tutorial and edited this code in sudoers file

chmod +w /etc/sudoers USERNAME ALL=(ALL) NOPASSWD: ALL chmod -w /etc/sudoers 

but now when i am trying to run any script with sudo command or trying to sudo -i its giving this error

user is not in the sudoers file. This incident will be reported. 

this only user am using means its root user and i tried this also

MacBook-Air:~ exepaul$ sudo chmod +w /etc/sudoers Password: exepaul is not in the sudoers file. This incident will be reported.

so please help me ;(

MacBook Air, OS X El Capitan (10.11.1)

Posted on Feb 21, 2016 6:07 PM

Close

Q: user is not in the sudoers file. This incident will be reported in osx mac

  • All replies
  • Helpful answers

  • by BobHarris,

    BobHarris BobHarris Feb 21, 2016 6:17 PM in response to exe paul
    Level 6 (19,272 points)
    Mac OS X
    Feb 21, 2016 6:17 PM in response to exe paul

    First, there is no one to report it to.  That message is for a Unix system with lots of users, and a system administrator that monitors the system activity.  That report will end up in an OS X log file, and not leave the system.

     

    To use the sudo command your account needs to be a member of the group 'admin'

    id -a

    will display your user ID and all the group ID's you are a member of.  If one of them is 80(admin), then you are a member of the group 'admin' and you should be allowed to use the sudo command.

     

    You can also check System Preferences -> Users & Groups and see if 'admin' is associated with your username.  You should see

    admin

    or

    standard

    under you username in the Users & Groups preferences panel.

     

    If you are a member of the group 'admin', then I need to ask if you used your account's password, or if you used a different password from you accounts?

  • by exe paul,

    exe paul exe paul Feb 21, 2016 6:21 PM in response to BobHarris
    Level 1 (0 points)
    Feb 21, 2016 6:21 PM in response to BobHarris

    my output of    "id -a" ( user is exepaul)

     

    MacBook-Air:pywapi-0.3.8 exepaul$ id -a

    uid=501(exepaul) gid=20(staff) groups=20(staff),501(access_bpf),12(everyone),61(localaccounts),79(_appserverus r),80(admin),81(_appserveradm),98(_lpadmin),701(com.apple.sharepoint.group.1),70 2(com.apple.sharepoint.group.2),33(_appstore),100(_lpoperator),204(_developer),3 95(com.apple.access_ftp),398(com.apple.access_screensharing),399(com.apple.acces s_ssh)

     

    and here is screenshot of my Users & Group settings

     

    https://www.dropbox.com/s/xg76t45s3530omi/Screenshot%202016-02-22%2007.51.04.png ?dl=0

  • by BobHarris,Helpful

    BobHarris BobHarris Feb 22, 2016 5:27 AM in response to exe paul
    Level 6 (19,272 points)
    Mac OS X
    Feb 22, 2016 5:27 AM in response to exe paul
    chmod +w /etc/sudoers USERNAME ALL=(ALL) NOPASSWD: ALL chmod -w /etc/sudoers

    I just looked more closely at the command you were trying to execute, and I think you are in a state that will not let you use the sudoers file anymore.

     

    If you managed to change the sudoers file's permissions, that can disable the sudo command.  The file needs to have the following permissions

    -r--r-----  1 root  wheel  compressed 2299 Aug 22  2015 /etc/sudoers

    if you managed to change them away from this setting, then the sudo command will not trust the /etc/sudoers file and refuse to operate.  Also the permissions of the parent directory /etc/ need to be secure as well

    drwxr-xr-x  106 root  wheel  - 3604 Feb 21 10:09 /etc/

    Also the sudoers file is suppose to be edited using the /usr/sbin/visudo command, as it will sanity check any sudoers file changes and prevent an invalid sudoers file from being saved.

     

    By default /usr/sbin/visudo will use the vi/Vim editor.  If that is not your preferred text editor you can specify

    EDITOR=/usr/bin/nano visudo

    and use the nano editor (or provide emacs if that is your preferred text editor)

     

    Back to the permissions.  You may need to see if you can restore the file from a backup, but that may not work.


    The alternative is to boot into single user mode

    Boot holding Command-S

    /sbin/mount -uw /       # to make the disk read/write (be careful in this mode as you are root all the time)

    /usr/sbin/visudo                # to fix the sudoers file

    /bin/ls -l /etc/sudoers         # to check the permissions

    /bin/chmod 440 /etc/sudoers     # set the correct permissions if necessary (visudo may do it for you)

    /sbin/reboot                    # when you are done

  • by BobHarris,Solvedanswer

    BobHarris BobHarris Feb 22, 2016 5:27 AM in response to exe paul
    Level 6 (19,272 points)
    Mac OS X
    Feb 22, 2016 5:27 AM in response to exe paul

    And this is what the sudoers file looks like when it is unmodified

    ## sudoers file.
    ##
    ## This file MUST be edited with the 'visudo' command as root.
    ## Failure to use 'visudo' may result in syntax or file permission errors
    ## that prevent sudo from running.
    ##
    ## See the sudoers man page for the details on how to write a sudoers file.
    ##
    
    ##
    ## Host alias specification
    ##
    ## Groups of machines. These may include host names (optionally with wildcards),
    ## IP addresses, network numbers or netgroups.
    # Host_Alias    WEBSERVERS = www1, www2, www3
    
    ##
    ## User alias specification
    ##
    ## Groups of users.  These may consist of user names, uids, Unix groups,
    ## or netgroups.
    # User_Alias    ADMINS = millert, dowdy, mikef
    
    ##
    ## Cmnd alias specification
    ##
    ## Groups of commands.  Often used to group related commands together.
    # Cmnd_Alias    PROCESSES = /usr/bin/nice, /bin/kill, /usr/bin/renice, \
    #                 /usr/bin/pkill, /usr/bin/top
    
    ##
    ## Defaults specification
    ##
    
    Defaults    env_reset
    Defaults    env_keep += "BLOCKSIZE"
    Defaults    env_keep += "COLORFGBG COLORTERM"
    Defaults    env_keep += "__CF_USER_TEXT_ENCODING"
    Defaults    env_keep += "CHARSET LANG LANGUAGE LC_ALL LC_COLLATE LC_CTYPE"
    Defaults    env_keep += "LC_MESSAGES LC_MONETARY LC_NUMERIC LC_TIME"
    Defaults    env_keep += "LINES COLUMNS"
    Defaults    env_keep += "LSCOLORS"
    Defaults    env_keep += "SSH_AUTH_SOCK"
    Defaults    env_keep += "TZ"
    Defaults    env_keep += "DISPLAY XAUTHORIZATION XAUTHORITY"
    Defaults    env_keep += "EDITOR VISUAL"
    Defaults    env_keep += "HOME MAIL"
    
    Defaults    lecture_file = "/etc/sudo_lecture"
    
    ##
    ## Runas alias specification
    ##
    
    ##
    ## User privilege specification
    ##
    root ALL=(ALL) ALL
    %admin  ALL=(ALL) ALL
    
    ## Uncomment to allow members of group wheel to execute any command
    # %wheel ALL=(ALL) ALL
    
    ## Same thing without a password
    # %wheel ALL=(ALL) NOPASSWD: ALL
    
    ## Uncomment to allow members of group sudo to execute any command
    # %sudo    ALL=(ALL) ALL
    
    ## Uncomment to allow any user to run sudo if they know the password
    ## of the user they are running the command as (root by default).
    # Defaults targetpw  # Ask for the password of the target user
    # ALL ALL=(ALL) ALL  # WARNING: only use this together with 'Defaults targetpw'
    
    ## Read drop-in files from /private/etc/sudoers.d
    ## (the '#' here does not indicate a comment)
    #includedir /private/etc/sudoers.d
    
    
  • by exe paul,

    exe paul exe paul Feb 21, 2016 6:47 PM in response to BobHarris
    Level 1 (0 points)
    Feb 21, 2016 6:47 PM in response to BobHarris

    the problem i am facing i can't perform any one command which you specified above causes they all are asking sudo permission

     

    chmod +w /etc/sudoers USERNAME ALL=(ALL) NOPASSWD: ALL chmod -w /etc/sudoers



    EDITOR=/usr/bin/nano visudo


    and when i try with sudo its gives error


    exepaul is not in the sudoers file. This incident will be reported.



  • by BobHarris,

    BobHarris BobHarris Feb 21, 2016 6:52 PM in response to exe paul
    Level 6 (19,272 points)
    Mac OS X
    Feb 21, 2016 6:52 PM in response to exe paul

    The commands I gave MUST be run in "Single User Mode" by holding Command-S while booting your Mac.

     

    Single user mode runs a root, so you will have all the privileges you need to work on the sudo file without needing to use the sudo command.

     

    You might also be able to do this booting from the Recovery partition (boot holding Command-R), and from the menu select Terminal.

     

    Of course if you a recent backup you can just restore you disk with a good copy of the sudoers file.

  • by exe paul,

    exe paul exe paul Feb 22, 2016 4:26 AM in response to BobHarris
    Level 1 (0 points)
    Feb 22, 2016 4:26 AM in response to BobHarris

    when i am doing


    /usr/sbin/visudo            

     

    in single mode then sudoers file is opeing but its blank .

     

    what should i do ??

  • by BobHarris,

    BobHarris BobHarris Feb 22, 2016 8:07 AM in response to exe paul
    Level 6 (19,272 points)
    Mac OS X
    Feb 22, 2016 8:07 AM in response to exe paul

    Try

    /usr/sbin/visudo   -f /etc/sudoers

    (see: man visudo)


    In single user mode you could also look at your sudoers file

    /bin/ls -l /etc/sudoers

    /bin/cat /etc/sudoers