Unix Hell Week for the Mac User, Day II
 

I was trying to set up sendmail for the first time (see thread in this section http://forums.macosxhints.com/showth...&threadid=3738) and ended up following instructions of Chris Stone of the O'Reilly network (referenced in the thread cited above).

I ended up with a functioning sendmail but huge clumps of my startup hard drive restricted to read-only.

Somewhere or other came across mention of an Apple utility http://docs.info.apple.com/article.html?artnum=106900 that restores permissions to Apple default, downloaded it and ran it. (Miracle of miracles, sendmail still worked).

Now I just downloaded and installed Fink to see what that's all about (& especially to check out the world of X Window apps) and after installing opened a new Terminal window and tried to run sudo dselect and I get this:

I run the Apple utility again and reboot. I do an ls of my home directory and try to sudo cp a randomly chosen file sitting in my home directory:

What the hell?

the su facility can get you to a root shell. have you enabled root in Netinfo Manager? if so, can you run su ?

[localhost:~] ahunter% su
Password:
[localhost:/Users/ahunter] root# chmod 440 /ect/sudoers
chmod: /ect/sudoers: No such file or directory
[localhost:/Users/ahunter] root#

What is this "mode" thing anyway?

c'mon, we'll need to see a modicum of effort. spelling ?!

% chmod 440 /ect/sudoers # not ect , but etc

get to know your filesystem...

% ls /etc/

Most embarrassing. :o And "ectetera".

OK, this time without typos...

you didn't happen to run BatCHmod on your root dir did you? {sigh, i hate that utility}. gid 80 is admin.

let's try and fix the owner:group of the sudoers file

OK, I'm not completely helpless:

::launch BatChmod; drag copy of sudoers onto it::

It is owned by root but group = admin [?] and both root and admin group have r but no w and also no x

Shouldn't group be wheel?

eh? stop what you're doing. you're making this more complicated and worse. all we want to do is make the file at /etc/sudoers owner:group root:wheel, and read only for owner and group. it's should be a very secure file.

stay away from batchmod. and don't copy files to the root dir.

just follow the chown command above.

and delete that sudoers turd that you copied to the root dir.

Regarding the possibility that I BatchModded the whole root directory at some point: entirely believeable, except that I've sudo'd stuff off and on for the last couple days and didn't get error messages when I did.

Thank you mervTormel. I don't know whether to send you a bottle of scotch or go sacrifice a floppy disk at a crossroads at midnight while muttering obscure opaque Unix incantations.

Bloody command line interface.


God I hate being a newbie. The last time I felt this dumb was when System 4 was new and I thought the external floppy port on my SE was the serial port.

Thank you for your patience.

your welcome. agave tequilla, please. though i'm scottish, scotch tastes like burning tires to me.

command line is arcane, at first, but after a time, or a few times anyway, it's quite handy and elegant.

but, go slow, have some patience, read the man pages, make small changes and test test test.

it's okay to be a newbie. that's why this site is here. we want to make these kinds of things more trivial-er. and after you sober up and review this thread and the errors you got and the man pages for the commands, you'll see that it is rather trivial. it's not rocket science or feminist theory, but it is in the neighborhood of brain surgery :D

i should also note that sudo is a very fussy command because of the huge security implications involved.

also, beware that there may be some more file ownership/permission claymore mines waiting for your footfall. that the sudoers file got the way it did is a signal that perhaps more files are improperly owned/moded.

but, just post back here and we'll try and fix you up.

cheers <clink> { place pint tumbler back in computer's handy cup-holder }

--
"A computer lets you make more mistakes faster than any invention in human history -- with the possible exceptions of handguns and tequila."
- Mitch Ratliffe

:D This thread is a gas. merv, you're a saint! (and not saint duo, a diferent saint)

edit: What exactly is the Apple privilege thing doing since it's not fixing his ownership issues?

well, the apple repair priv util operates on the notion that installs and updates drop bom (bill of materials) files in /library/receipts/*.pkg

see % man lsbom

so, if no package in there references /etc/sudoers, that file will not be evaluated and whacked by apple repair priv util.

and there is no guarantee that an install is going to leave a .bom turd in
/library/receipts nor that a user will allow them to exist/remain ( user removes receipts )

grok?

grok.
And I would consider the utility practically worthless....

Almost off-topic, but not. Maybe. Perhaps.
 

I don't ring my own bell, but I thought this might help you a bit, AHunter, regarding file modes:

http://www.mikey-san.net/mirth/trink...ckup_guide.pdf

It's actually an outline of backup methods on the command-line, but I go into what file modes are, a little, anyway. It might help to clear it up, since the man pages for chmod and chown kinda suck if you don't already know what they do.

not entirely. i ran it and am still analyzing what it did. some good, some bad, but if you're a user who does mess with utils like BatChmod, this may resolve some problems. it's a complete rip of Larry Prall's chkstuff, which was a lifesaver for some fools who ran Batchmod on root dir and changed all ownership/perms to wackiness, foolishly.

we are learning much about dependencies and the folly of fooling with them. foolishly.

--
All men profess honesty as long as they can. To believe all men honest
would be folly. To believe none so is something worse.
-- John Quincy Adams

AHunter3,

First I want to thank MervTormel for the great help and explanation.

I just add some information I gather from the fink-users list, and maybe for more experienced users, other ways to deal with the same problem:

1-
To give root a password, do the following (this is for MacOS X...if you are using pure Darwin you will have to emulate this with nidump and niutil):

1. open /Applications/Utilities/NetInfo\ Manager.app
2. authenticate yourself by clicking on the lock
3. select /users/<youraccount>
4. copy the value for passwd
5. select /users/root
6. paste over the value for passwd
7. select /groups/wheel (it will ask you if you really want to save or
whatnot. you do)
8. are you in the users array? If not, add yourself (New Value, under the
Directory menu)
9. quit NetInfo Manager (it will ask you if you really want to save or
whatnot. you do)
10. in Terminal.app, su -
11. when it asks for the password, give yours (if it says you aren't in
wheel, quit Terminal.app and start it again... you DID follow steps
7-9, right?)
12. passwd root
13. give root a new password. It is a bad idea to have the same password
for any two accounts, *especially* root.
14. chmod 0440 /etc/sudoers
15. exit
---------

2-
You can always avoid any excessive exposure to NetInfo by using nidump and niload. In this case, dump the passwd file:

nidump passwd / > passwd.dmp

edit it, replacing whatever is in root's password with your user passwd.

niload passwd -m < passwd.dmp

And then su - with your password for root's, change it to something else, and hey presto.

You can add yourself to the group file's admin group the same way.

The only place I have found this netinfo<->flatfiles stuff to not work is adding name resolvers, but that's well documented elsewhere.
---------

3-
Do an 'su' and enter root's password. Then 'chmod 0440 /etc/sudoers'
---------

4-
If you haven't set up root, you can't use 'su', so it's harder....

Reboot holding down cmd-S.(single user mode)

When you get to a prompt, do :
fsck -y
mount -uw /
chmod 0440 /etc/sudoers
exit
--------

5-
I wanted to mention visudo (/usr/sbin/visudo). It exists to catch errors like yours before they end up breaking the system. It requires learning a little bit of how to edit with vi, but I'd argue that that's good knowledge to have if you're going to be mucking with things as root.

visudo honors $EDITOR or $VISUAL (I have both set to vim, so I'm not certain), so if you want to use another bsd level editor you can.

In bash/sh/zsh/ksh, add the following to your .profile (bash & sh, and probably zsh/ksh)
EDITOR=/sw/bin/vim
VISUAL=/sw/bin/vim
export EDITOR VISUAL

The default seems to be '%admin ALL=(ALL) ALL'.

Eventually, you could set your sudoers file like this:
This will allow you to run fink admin commands from sudo without a password. It's not for everyone as it isn't great security, but it's quite convenient.

(visudo, as well as vipassed and vigr)
--------


Cheers...

Day III
 

I can now sudo, thanks to merv, which puts me in a far more sanguine mood, but I don't seem to be quite in the clear yet:
(it lets me proceed; it asks for a password and accepts it when I give it).

Then there's FINK...

I sudo dselect and opt for "select" mode, expecting (with astonishling optimism and naiveté as it turns out) a user-friendly and self-explanatory menu of available Unix s/w. I get:
:confused:

I am under the impression that base-files, bzip2, debianutils, dpkg, and fink are the items that were installed as the base startup fink package (yes?). So I've got them & therefore don't need to install them and don't need to uninstall them...that leaves...

•*Up to date installed packages -- :confused: I just installed them, I saw it connecting to sourceforge to get them, so I assume they're up to date...

• Up to date unclassified packages -- Uh, maybe? What is this, the CIA? Well, let's have a look. What are they? Hmm, I seem to be able to select the entirety of "unclassified packages" to install, or to deselect it. Wanna buy a pig in a poke? Mystery grab bag? Chef's surprise?

•* Up to date unclassified w/o a section -- More mystery food.

OK, there must be some way to get a submenu of what programs & applications are described by those broad (and unintuitive) categorical labels. RTFM, babes, right? Go back to the Help screen...

...

Step right up folks! Put your hand in the bag and see what you get! C'mon don't be shy!

:mad:

Did I mention that I hate feeling stupid and inept?

I wasn't expecting a GUI with pulsating buttons or anything but perhaps something more like:

Application Title • gzip File Name • 25 word abstract

"Toggle 'selected' marker by typing underscored letter in App title"


::goes off to reread FAQs on Fink webby site::

mr. hunter,

please acquire finkcommander for all your gooey fink needs.

and you've still got some file mode turds, so please:
and then, please delete all traces of the bastard utility BatChmod and promise to never use it again.