|
sudo password not accepted
I've been trying to fix a problem with Personal Web Sharing in OS X 10.3.3, but I seem to have dug myself a deeper hole. Whenever a password is requested after calling a 'sudo' command, the following occurs:
Mac:~ George$ sudo apachectl restart Password: Sorry, try again. Password: Sorry, try again. Password: Sorry, try again. sudo: 3 incorrect password attempts I'm sure the password is correct, because I've used it many times with sudo before. Any help would be very much appreciated. Many Thanks, George |
What do you get when you type the command id at the command prompt? If you're not in the right group then you won't be able to sudo (but I'm not sure if you'd get that error).
|
Thanks for the super-fast reply. This is what I get:
uid=501(George) gid=501(George) groups=501(George), 79(appserverusr), 80(admin), 81(appserveradm) |
Well you're in the admin group, which should be able to sudo. So another question.
If you enter the command cat /etc/sudoers is there a line in there somewhere that looks like %admin ALL=(ALL) ALL ? psst, anyone who knows what they're talking about, feel free to step in, as I'm shooting blindly. ;) |
Mac:~ George$ cat /etc/sudoers
cat: /etc/sudoers: Permission denied |
OK, try ls -l /etc/sudoers (that's "LS -L" but lowercase)
|
-r--r----- 1 root wheel 341 13 Sep 2003 /etc/sudoers
|
Well the reason you have no permission to read /etc/sudoers is because you're not in the right group. At this point I'd suggest going into the NetInfo utility and adding yourself to the wheel group. But it's been a while since I've done this, so I can't write decent instructions from work (I'm on Windows here (ick)).
The NetInfo utility will let you really hose up your account, so don't just go in there and start changing things. And I'm not even sure that's the issue here at all. I didn't have to modify my sudoers file to be able to sudo -- the admin group was there by default. One other thing to try, though, is to do something in the Finder that would require your password. Just to make sure you really do have the correct one -- not that I don't think you're correct, just to narrow down possibilities. For example you could try to change your password in the Accounts preference pane. I believe it will ask for your old password, and if it's wrong you will still be logged in (you just won't be able to change the password). Feel free to ask if this didn't make a lot of sense. ;) I'm trying to write quickly, since I'm supposed to be working... |
You know, after I re-read your initial post, it occurs to me that you used to be able to sudo ("I've used it many times with sudo before" was the key here) so obviously something changed between then and now.
Installed any apps lately? Edit configuration files? Forget to wave a rubber chicken over the computer while performing the latest voodoo chants, perhaps? |
Well, I've been trying to follow various forums on getting Web Sharing to work, so I think the problem maybe from one of the commands I typed. I can't recall the exact point at which sudo stopped working, but it may be from one of these commands:
$ ps -auxww | grep http $ sudo killall httpd $ ps -auxww | grep http $ killall -9 httpd As for adding myself to the 'wheel' group (I'm not sure if you still think it's relevant now, in light of your last post), I can see the 'wheel' group listed under 'groups', but I'm not sure how to add my account to it. I'm a very recent convert from Windows, so my competence with the Mac OS isn't all that great. I changed my password, but sudo rejects both the new and old passwords. |
Quote:
Code:
$ ls -l /etc/sudoers Since you have an admin account, use a finder window (with shift-command-g) to look at /etc/ and then do a getinfo on the sudoers file then look in the permissions section, under 'details' and click on the little lock, change the owner to yourself (you may need to authenticate here), then go back to the terminal and cat the file. Show us what it says. PS. Remember to switch the ownership back to 'system' when you are done! |
Ahh, excellent. I was thinking I was going to be flailing around in here trying to find decent solutions... ;)
I thought of changing ownership of the sudoers file, but I always do that from the command line, which requires sudo. I'd completely forgotten about the ability to do this sort of thing from the Get Info window... :o I guess at some point I must have added myself to the wheel group (using the NetInfo Manager): uid=501(nkuvu) gid=501(nkuvu) groups=501(nkuvu), 0(wheel), 80(admin) Hmm... |
This is what I get when ownership of 'sudoers' is set to myself:
Code:
Mac:~ George$ cat /etc/sudoers |
Quick note, the primary reason for adding a user to the wheel group is to allow that user to be able to su to root...
|
Well, your sudoers file looks correct.
What happens when you try to su (just su, not sudo) to yourself? I.E. Code:
$ su GeorgeCode:
nidump -r /name=users/uid=501 / |
"$ su George" gives me exactly the same thing as you put, i.e. it accepts the password.
..and "$ nidump -r /name=users/uid=501 /" gives: Code:
Mac:~ George$ nidump -r /name=users/uid=501 / |
Hmmm, interesting...
How about... Code:
$ which sudoAhh, one other thing, since you have access via the admin stuff, have you tried to create a new user (with admin rights) and seeing if it can sudo? |
The first two commands are fine. The third command "$ ll /usr/bin/sudo" gives:
Code:
Mac:~ gkamel$ ll /usr/bin/sudoThe fourth command "$ /usr/bin/sudo ls" gives: Code:
Mac:~ gkamel$ /usr/bin/sudo ls |
The lecture should only happen once per user. And the ll is a commonly used abbreviation for the ls -l that I asked you to enter for the sudoers file.
So what's the output of ls -l /usr/bin/sudo ? |
Quote:
Code:
Mac:~ George$ ls -l /usr/bin/sudo |
For me.. (10.3.3)
Code:
yellow% ls -l /usr/bin/sudo |
I ran Disk Utility from the Mac OS X CD, and repaired disk permissions, and so I now get:
Code:
Mac:~ George$ ls -l /usr/bin/sudoAs an aside, does anyone know why the timestamp on the above output is 2 hours behind the actual system time, as displayed in the menu bar? It doesn't bother me, but I'm just interested to know! |
Yep, I have the same as yellow and stetner. Well, the date is from when I reinstalled the OS.
-r-s--x--x 1 root wheel 96540 27 Apr 23:14 /usr/bin/sudo |
Well the permissions are the same, but the file sizes are still different.
|
Quote:
This may be perfectly normal difference between UK/US versions of OSX, I really don't know. So, no panicking. What does "sudo -V" return? For me: Code:
yellow% sudo -V |
Code:
Mac:~ George$ sudo -VIs upgrading recommended? If so, simple instructions would be very much appreciated. Thanks. |
I find it very odd that you have an old version of sudo, yet you're running 10.3.3. Even the Jaguar boxes I checked are running 1.6.6.
|
I found this in the FAQ on the sudo web site, but I'm having trouble making any sense of it:
Quote:
|
Here we go again...
Code:
[pm @ Sao: ~] % grepbom sudo |
Definitely sounds like something replaced your good sudo with an older version, one that probably doesn't know how to handle 10.3's new shadow password method. The config.h is actually something you would edit when compiling sudo, so you probably won't be finding it on your system.
As sao hints, your best bet is to get sudo out of the Essentials package via something like Pacifist. |
I opened the Essentials.pkg with Pacifist, Authorized, and then located the 'sudo' file, but it says that 'Package contains no files to extract', and the 'Extract To...' button is grayed-out.
Also, sao, were you 'hinting' that I should extract files other than sudo? I tried typing 'grepbom sudo', but the command is not recognised. |
OK, I got the file from the Mac OS X install CD, and it works perfectly!
Thanks very much for all your help, guys. |
OK, that is great, but the question is where did the bad sudo come from? Had you installed it or has somebody been hacking at your machine?
|
Quote:
|
I definitely didn't install it, and I doubt it's the latter as I'm behind a hardware firewall (well, at least I hope it's not the latter!).
|
hi,
i have the same problem relating to sudo not working and its only after i installed the "websharing 1.0" update from the apple website (ssh doesnt work anymore either). I take it i need to install the essentials package again or is it the sudo.pkg? I got my panther os shipped with my powerbook so my only two options are re-install osX or software restore and software restore doesnt correct the problem (i ran it to test anyway). So, is there anyway i can get the required package (e.g from a website) or could someone email it to me please if its not too big? any helps great, jeremy |
That Web Sharing Update has the exact size sudo binary George83 reported earlier...
However, that thing really shouldn't be installed on 10.3 (and probably not even 10.2), since it was released in July 2001. |
i guess he probably installed that as well. It didnt say anything about compatibility with a certain os version so i just ran the instaler for it - big mistake. So..... is it possible to get the package i need to run without re-installing the whole os again?
jeremy |
Hi, I am in precisely the same situation as our protagonist, George. I have followed your diagnosis through two pages of commands and have generated results identical to those George found. In regard to what I thought was an unrelated matter, I just posted a message to Jeremy (http://forums.macosxhints.com/showthread.php?t=24315) about a problem we are both having with OpenSSL. But your comment about the Web Sharing Update made me realize the cause of the problem for George, Jeremy and me (I think). I have mistakenly installed this update, meant for 10.1, over my 10.3.4. You can probably guess that I don't make my living as a system admin. Assuming that this is the underlying problem for me at least, how can I undo what that installation did? Thanks for your patience.
Whit |
Quote:
Of course, it is recommended that you make a backup of the files you care about before doing the re-install. |
OK, thats what I'll do, though I'm on panther, not jaguar.
Quote:
Whit |
i have postgresql, fink and php installed on my panther 10.3.3 machine. if i re-install osX keeping user data will these programs remain since some of their files are in the "hidden" unix directories underneath the mac interface?
jeremy |
it might help to open a new thread about this?
fink is autonomous, and safe, at /sw you'll need to know where your php and postgres are installed and if they are safe. /usr/local is considered safe/untouchable. vendor reserved root dirs: Applications/ Developer/ Library/ Network/ System/ Trash/ Users/ Volumes/ automount/ bin/ cores/ dev/ lost+found/ private/ sbin/ usr/ * * with the exception that /usr/local remains safe |
I'm having basically the same problem as well. I cannot do sudo as myself even though I'm the only administrator for this laptop (in other words, I'm the only one who uses it). I went through some of the steps to diagnose this problem.
It turns out that my uid is set to 501, and gid is set to 20. Authentication authority is set to basic. Groups=20 is set to staff; 80 to admin. Sudo seems to have the proper permission set (-r-s--x--x). There was a suggestion on making changes in NetInfo Manager but there wasn't any instructions on doing so. So, it looks like I need to change groups to 80, right? |
Did you install the WebSharing update too?
In the Terminal type: groups That will tell you what groups your admin account is in. |
Quote:
Where would I get this from? Wasn't aware that I would need to install this. Quote:
staff admin Should I be seeing something else as well? |
Quote:
Quote:
|
Quote:
As I said earlier, uid is 501, gid is 20, groups=20(staff), 80(admin) |
Ooops, missed that. Yes, the GID should be 80. I don't know if this will work or not since your admin account appears to be messed up.
To change the GID, open NetInfo Manager, select users from the center panel, select your user, click the lock to attempt to unlock NetInfo manager, double click on the "Value" of the GID field, change it to 80, cmd-S to save NetInfo. I don't know if you need to logout and log back in, assuming it works. If it doesn't let you authenticate against NetInfo Manager, do you have root enabled? |
Quote:
Made the changes, logged out/in and still doesn't work when I go into terminal under my username. I have root enabled, I believe, since I can do "sudo su -". |
Quote:
|
Quote:
|
Quote:
OpenSSH_3.6.1p1+CAN-2003-0693, SSH protocols 1.5/2.0, OpenSSL 0x0090702f |
Quote:
|
Quote:
Quote:
|
Quote:
|
Quote:
So what gives? :confused: |
Please su to root and give us the results of:
cat /etc/sudoers Do you have a line at the bottom with %admin ALL=(ALL ) ALL ? |
Quote:
Robert |
Quote:
The point of sudo is to not have to login as root (nor even enable root) in order to do things that need to be done as root. Those users that have no need to do admin things (and therefore, no need for sudo) do not need to be, nor should be, in the admin group. However, this is the default set up for the sudoers file. You can easily edit it to add particular users and enable sudo for them, yet they don't have to be part of the admin group. But that, IMO, is a colossal security risk that should be undertaken with the utmost of care. |
Just had a very similar problem and wanted to post the cause solution in case anyone else runs into it.
In my case, I was mucking around trying to get PHP/Apache running, but the version of /usr/lib/libxml2.dylib I had was out of date. So I downloaded a new one and installed that (but it was installed to /usr/local/lib). So without thinking I mv'ed the one in /usr/lib to a backup dir, thinking I'd move the one from local lib in there next. But I got sidetracked and forgot, as PHP/Apache was working fine with it in /usr/local/lib. Well, I guess sudo relies on that lib, as sudo was broken the next time I tried (always rejected my password as described above). After seeing Spotlight and Installer crashes, I realized what happened. I had to go into single user mode to move the original one back (haven't tried putting the new one in /usr/lib yet). So, anyways, I can't say how to diagnose a problem like mine, but can say if you changed anything in /usr/lib, you may see the symptoms listed in this thread. |
I wasn't able to authenticate as root in terminal but I could in any other system dialog (ex. lock icon in System Preferences). I found an easy solution that worked for me. I just changed the root password in terminal (sudo passwd root). The strange thing is my admin password worked fine to change the root password. From then on I had no issue. Hope this helps someone.
|
| All times are GMT -5. The time now is 05:48 PM. |
Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.
Site design © IDG Consumer & SMB; individuals retain copyright of their postings
but consent to the possible use of their material in other areas of IDG Consumer & SMB.