# sudo problems getting desparate!?



## buchan (Jul 24, 2003)

Ok Here it is I don't know if I have the right forum but here it goes... 

I am running 10.2.6 and I have been having this problem for a while.  If I try and sudo anything I enter in the password and I get the following ...


> sudo vipw
> Password:
> Sorry, try again.
> Password:
> ...



in my syslog file I see the following but really have no idea what it means...


> Jul 24 12:26:15 X sudo:    chris : 3 incorrect password attempts ; TTY=ttyp3 ; PWD=/Users/chris ; USER=root ; COMMAND=/usr/sbin/vipw



I can su - and enter roots password with no problem sudo simply won't allow me to do anything.  

I am a member of the admin group so as far as I can tell this should work.  All other admin users have the same problem on this machine.

Any ideas would be welcome.  I can provide any other info you may need... just let me know.

Thanks


----------



## Darkshadow (Jul 24, 2003)

When you use sudo, you put in your admin password, not root's password.


----------



## slur (Jul 25, 2003)

*man sudo*


----------



## buchan (Jul 25, 2003)

There is no admin user... My user is part of the Admin group which acording to the sudoers file is allowed to sudo.  

Thanks I already found a way around the problem by changing the sudoers file to allow my user to sudo without having to enter a password.  I know this is a security risk but this machine is not accessable to the outside world.

Oh and slur... Thanks for that piece of advice I hadn't ever thought of that ... IT SOLVED NOTHING. 

Isn't it great that because I am a newbie (to this site) I automaticly know nothing.  GD RTFM people piss me off.


----------



## DeltaMac (Jul 25, 2003)

Pardon my ignorance, but wouldn't being part of the admin group make this an admin account by definition? Logged in as an admin user, sudo with the root user's password does not work for me, I have to use the password for the logged-in admin user.  Are you always logged in as a root user?  (Apologize for my rudimentary unix user knowledge, I just know what works and what doesn't work with (my setup of) OS X and sudo (again, my config may not be a normal setup)


----------



## buchan (Jul 25, 2003)

Thanks DeltaMac... that was a true fix.  That actually works  

Its strange though... you would think that sudo would want the root password not the current user password???  You are telling the system to do something as root but only verifying that you are a admin user.  I guess thats it.

Thanks again DeltaMac


----------



## DeltaMac (Jul 25, 2003)

Sudo is for a one time use, must be invoked each time you use it with an admin password, temporarily makes you a superuser, which is not the same as being a root user - I think the only way you can sudo with root, is if the terminal asked for user name at that time.  
Advanced readers, Is there any action that requires a sudo when you are a ROOT user?


----------



## Darkshadow (Jul 25, 2003)

No, when you're root, you have all the rights already that sudo gives you, so there's no reason at all to use it.


----------



## DeltaMac (Jul 25, 2003)

That's about what I thought, but I had no background to assume there's no difference.  Thanks


----------



## btoneill (Jul 28, 2003)

> _Originally posted by buchan _
> *Its strange though... you would think that sudo would want the root password not the current user password???  *



The whole point of sudo is to keep people from having root's password, to control what people can do with root privs, and to keep track of root privs. If you have 10 admins, and you give them all root password, if one leaves, you have to change the password on all the computers, if you have 200 boxes, that can take awhile. But, if they don't know the local root password, all you have to do is disable their account. You can also allow people to run specific commands as root, but not others. If you want someone to be able to stop/start apache but not do anything else, you can give them sudo access to the apachectl command. They'd run 'sudo /opt/apache/bin/apachectl stop' to  stop apache, which would run as root, anything else they tried to run with sudo would be denied.

This being said, sudo being used by most people on a home desktop is overkill and can give the impression of "why did they do this stupid thing?", but when you look at how it is used in larger installations it makes sense. It's much easier to design things with large scale in mind, then try to add in large scale things as an afterthought, just look at windows to see what happens when you try to turn a purely desktop OS into an enterprise wide OS. 

Brian


----------



## podmate (Jul 29, 2003)

I also had the same problem.  
There was no root user account.
I was able to use sudo just fine for months, then after one of the apple updates I lost the ability to sudo.  
No user on my computer was able to use sudo for anything.  su worked, but sudo was unusable.

I finally had to 'safe boot'.  And make a root user.  Now sudo works, but of course I have a root user hanging around and visible on the log-in screen as other.


----------



## slur (Aug 5, 2003)

Everything noted here except the bit about losing sudo after a system update is covered in...

*man sudo* !

_"By default, sudo requires that users authenticate themselves with a password (NOTE: by default this is the user's password, not the root password)."_

So me give good advice.


----------

