For me.. (10.3.3)

I ran Disk Utility from the Mac OS X CD, and repaired disk permissions, and so I now get:

However, sudo still doesn't accept the password :confused:

As an aside, does anyone know why the timestamp on the above output is 2 hours behind the actual system time, as displayed in the menu bar? It doesn't bother me, but I'm just interested to know!

Yep, I have the same as yellow and stetner. Well, the date is from when I reinstalled the OS.
-r-s--x--x 1 root wheel 96540 27 Apr 23:14 /usr/bin/sudo

Well the permissions are the same, but the file sizes are still different.

I find this to be unusual and possibly problematic. I don't want to be an alarmist, but every Panther machines I've checked all have the same file size.. 96540 bytes. All the Jaguar boxes (at least the 5 I checked) had the same size too, 96384 bytes.
This may be perfectly normal difference between UK/US versions of OSX, I really don't know. So, no panicking.

What does "sudo -V" return?
For me:

The lastest version is 1.6.7p5. I tried to follow the upgrade instructions (found in the UPGRADE.txt file in the .tar.gz file), but it's over my head.

Is upgrading recommended? If so, simple instructions would be very much appreciated.

Thanks.

I find it very odd that you have an old version of sudo, yet you're running 10.3.3. Even the Jaguar boxes I checked are running 1.6.6.

I found this in the FAQ on the sudo web site, but I'm having trouble making any sense of it:


For starters, where is the config.h file located? It's not in /usr/bin/sudo... Any ideas?

Here we go again...

Definitely sounds like something replaced your good sudo with an older version, one that probably doesn't know how to handle 10.3's new shadow password method. The config.h is actually something you would edit when compiling sudo, so you probably won't be finding it on your system.

As sao hints, your best bet is to get sudo out of the Essentials package via something like Pacifist.

I opened the Essentials.pkg with Pacifist, Authorized, and then located the 'sudo' file, but it says that 'Package contains no files to extract', and the 'Extract To...' button is grayed-out.

Also, sao, were you 'hinting' that I should extract files other than sudo? I tried typing 'grepbom sudo', but the command is not recognised.

OK, I got the file from the Mac OS X install CD, and it works perfectly!

Thanks very much for all your help, guys.

OK, that is great, but the question is where did the bad sudo come from? Had you installed it or has somebody been hacking at your machine?

Definitely a good question; but do note, the 'bad' sudo already had suid-root permissions, so something had to have root already.

I definitely didn't install it, and I doubt it's the latter as I'm behind a hardware firewall (well, at least I hope it's not the latter!).

hi,
i have the same problem relating to sudo not working and its only after i installed the "websharing 1.0" update from the apple website (ssh doesnt work anymore either). I take it i need to install the essentials package again or is it the sudo.pkg? I got my panther os shipped with my powerbook so my only two options are re-install osX or software restore and software restore doesnt correct the problem (i ran it to test anyway). So, is there anyway i can get the required package (e.g from a website) or could someone email it to me please if its not too big?
any helps great,
jeremy

That Web Sharing Update has the exact size sudo binary George83 reported earlier...

However, that thing really shouldn't be installed on 10.3 (and probably not even 10.2), since it was released in July 2001.

i guess he probably installed that as well. It didnt say anything about compatibility with a certain os version so i just ran the instaler for it - big mistake. So..... is it possible to get the package i need to run without re-installing the whole os again?
jeremy

Hi, I am in precisely the same situation as our protagonist, George. I have followed your diagnosis through two pages of commands and have generated results identical to those George found. In regard to what I thought was an unrelated matter, I just posted a message to Jeremy (http://forums.macosxhints.com/showthread.php?t=24315) about a problem we are both having with OpenSSL. But your comment about the Web Sharing Update made me realize the cause of the problem for George, Jeremy and me (I think). I have mistakenly installed this update, meant for 10.1, over my 10.3.4. You can probably guess that I don't make my living as a system admin. Assuming that this is the underlying problem for me at least, how can I undo what that installation did? Thanks for your patience.

Whit

The safest thing would be to do an archive and install. I.e. reinstall Jaguar (from your install CDs) but keeping your current user data. You would then need to check Software Update (on the Apple menu) and apply all the updates that it presents to you. And it would be advisable in future to only apply updates as they are presented to you by Software Update - don't apply updates you downloaded manually unless you read very carefully about what they do.

Of course, it is recommended that you make a backup of the files you care about before doing the re-install.