sudo: Permission Denied

Discussion in 'macOS' started by Amigalander, Mar 4, 2008.

  1. Amigalander macrumors regular

    Joined:
    Jan 13, 2008
    #1
    I've used sudo before successfully, but suddenly it doesn't work anymore!

    For example, I try setting a shutdown timer using
    Code:
    sudo shutdown -h +60
    or
    sudo pmset disksleep 30
    or even just
    sudo
    and get
    Code:
    sudo: can't open /private/etc/sudoers: Permission denied
    Just typing sudo alone results in the same error.

    I've tried searching and following other threads on this topic to no avail. Repairing permissions from disk utility didn't help either. And sadly I'm a unix newb.

    Any help would be appreciated. Thank you.
     
  2. dvd macrumors regular

    dvd

    Joined:
    Oct 12, 2007
    Location:
    Massachusetts
    #2
    From the Terminal prompt, type:

    ls -la /private/etc/sudoers

    and show us what you see. When I run it, I see:

    -r--r----- 1 root wheel 1135 Sep 23 19:29 /private/etc/sudoers
     
  3. Amigalander thread starter macrumors regular

    Joined:
    Jan 13, 2008
    #3
    Mine is exactly the same:

    -r--r----- 1 root wheel 1135 Sep 23 19:29 /private/etc/sudoers
     
  4. jeremy.king macrumors 603

    jeremy.king

    Joined:
    Jul 23, 2002
    Location:
    Fuquay Varina, NC
    #4
    Are you a member of the wheel group, which is usually granted sudo access. You can find your groups by using the 'id' command in a Terminal window.
     
  5. Amigalander thread starter macrumors regular

    Joined:
    Jan 13, 2008
    #5
    Here is my id:

    uid=501(Amigalander)
    gid=20(staff)
    groups=20(staff),98(_lpadmin),103(com.apple.sharepoint.group.2),81(_appserveradm),102(com.apple.access_screensharing),79(_appserverusr),80(admin)

    Is this correct? I don't have a very good understanding of how to interpret or manage groups. What is the wheel group?
     
  6. jeremy.king macrumors 603

    jeremy.king

    Joined:
    Jul 23, 2002
    Location:
    Fuquay Varina, NC
    #6
    It's what you need to be in if you want to sudo.

    Is this your personal machine or a lab/school computer? To add your user to the list of sudoers or to the wheel group, you will need to login with an Administrator account and either make your current account an administrator account or do some command line hackery.


    Heres your command to add your user to the wheel group in Leopard.
    Code:
    sudo dscl . -append /Groups/wheel GroupMembership Amigalander
    
     
  7. HawaiiMacAddict macrumors 6502a

    Joined:
    Dec 28, 2006
    Location:
    On one of my Macs of course
    #7
    Aloha Amigalander,

    It looks as if you have an administrator account, which is really all you need. I've run sudo before with my administrator account and all I needed to do was enter my administrator account's password.

    One thing you can do is create another administrator account, log into that account, then try the sudo. If that works, you may want to transfer everything from your current account to the new administrator account. You can even use sudo as a standard user - you first have to su into an administrator account, then issue the sudo command.

    One question - how long has this issue affected you? You may want to try to think back to the last time you were able to use the sudo command, then think forward to the first time you knew you could not, then consider the changes you made to your account/system in the interim. You may have inadvertently taken that access away from your user account. BTW, I am in the same groups as you, but can issue the sudo command successfully - try the new administrator account and let us know of your progress.

    HawaiiMacAddict
     
  8. BlackDan macrumors 6502

    Joined:
    Aug 20, 2004
    Location:
    Belgium
    #8

    using sudo to get yourself in the sudoers list?? :confused: I guess that's not really going to work....

    Maybe if you can do it on another user acount, you can. I ALWAYS keep a spare Admin account on my machine.
     
  9. jeremy.king macrumors 603

    jeremy.king

    Joined:
    Jul 23, 2002
    Location:
    Fuquay Varina, NC
    #9
    Reread my post ;)
     
  10. BlackDan macrumors 6502

    Joined:
    Aug 20, 2004
    Location:
    Belgium
    #10
    I misread. I thought you meant: log on as an admin OR run this command. Need.. more... sleep... ;)
     
  11. Amigalander thread starter macrumors regular

    Joined:
    Jan 13, 2008
    #11
    It's my personal 3 month old iMac. I haven't added any users. So as far as I know, I'm an admin -- especially since sudo USED to work.

    Sudo stopped working about 1 week ago, probably about the time I set up "back to my mac" with screen sharing and file sharing.

    I've tried reverting back to the original file sharing and BtMM settings, re-running disk repair permissions, restarting, repairing permissions again, but nothing seems to make any difference :(

    Is it possible the file sharing setting messed with groups?
     
  12. dvd macrumors regular

    dvd

    Joined:
    Oct 12, 2007
    Location:
    Massachusetts
    #12
    I don't think this is a group problem, I think it's a problem accessing the /private/etc/sudoers file itself. I'm not in the wheel group and sudo works fine for me. And your 'id' output shows that your account is already set up as an administrator.

    The permissions for the file were fine, let's check the parent directories:

    ls -lad /private/etc /private

    Should result in:
    drwxr-xr-x@ 6 root wheel 204 Nov 29 22:15 /private
    drwxr-xr-x 87 root wheel 2958 Feb 19 19:27 /private/etc

    Oh and while you're at it, do a:

    ls -la /usr/bin/sudo

    -r-s--x--x 1 root wheel 211232 Sep 23 19:29 /usr/bin/sudo

    PS, it's the admin group that you need to be in to use sudo, not wheel:
    sudo grep admin /private/etc/sudoers
    %admin ALL=(ALL) ALL
     
  13. Amigalander thread starter macrumors regular

    Joined:
    Jan 13, 2008
    #13
    I wish I found a discrepency...

    ~> ls -lad /private/etc /private
    drwxr-xr-x@ 6 root wheel 204 Nov 1 21:29 /private
    drwxr-xr-x 89 root wheel 3026 Mar 5 11:53 /private/etc


    ~> ls -la /usr/bin/sudo
    -r-s--x--x 1 root wheel 211232 Sep 23 19:29 /usr/bin/sudo

    ~> sudo grep admin /private/etc/sudoers
    sudo: can't open /private/etc/sudoers: Permission denied


    but it looks like everything matches yours.
     
  14. dvd macrumors regular

    dvd

    Joined:
    Oct 12, 2007
    Location:
    Massachusetts
    #14
    Ouch, I'm a bit stumped. Googling around, it appears you aren't the first to have this happen to them. No clear fixes, though, other than to perform an Archive and Install, which seems a bit extreme.

    Just to bottom out on the obvious permissions path, let's make sure / is okay:

    $ ls -lad /
    drwxrwxr-t@ 32 root admin 1156 Feb 18 15:07 /
     
  15. Amigalander thread starter macrumors regular

    Joined:
    Jan 13, 2008
    #15
    Hmm, now we get a different result!

    ~> ls -lad /
    drwx---rwx+ 33 root admin 1190 Feb 14 23:38 /


    Does this means my group (is this the admin group?) is missing permissions to read, write, & execute on the root folder?

    P.S. There's no way I'm reinstalling, as I'm a firm believer that all problems are fixable, given enough help that is :)
     
  16. dvd macrumors regular

    dvd

    Joined:
    Oct 12, 2007
    Location:
    Massachusetts
    #16
    Now we're getting somewhere!

    Reboot into single user mode (hold Option S while booting until it switches to text mode)

    At the single user prompt, type: /sbin/fsck -fy

    This checks the filesystem integrity

    Then type: /sbin/mount -wu /

    This mounts the root filesystem as read/writable.

    Next type: /bin/chmod 1775 /

    This will correct the permissions for your / directory

    Type: /bin/sync

    This will make sure the change is written to the filesystem

    Type: exit

    Your mac will continue booting as normal and life should be good! Sudo should work. At this point, do a repair permissions to correct anything else that may not be right. The repair permissions probably does not work right now because you can't get admin authority due to the incorrect permissions.
     
  17. Amigalander thread starter macrumors regular

    Joined:
    Jan 13, 2008
    #17
    It worked!!

    Thanks dvd! It's an honor to have patient, helpful, and knowledgeable people like you in the Mac community :)

    P.S. After the fix, Repair Permissions found nothing to repair (other than the standard 3 ACL issues).

    Hopefully others having this issue will be better able to track down their permissions problem now.
     
  18. dvd macrumors regular

    dvd

    Joined:
    Oct 12, 2007
    Location:
    Massachusetts
    #18
    Cool. Happy to help!

    I'm wondering if when you set up file sharing, you shared out your root directory accidentally and somehow in the process those perms got stomped.

    Like you said, now we know what to look for in any event.
     
  19. dasboot macrumors newbie

    Joined:
    Sep 17, 2008
    #19
    Sudo permission denied

    Hello, I am having a nearly identical issue and after nearly an entire day searching forums I have landed here, I believe dvd's advice use the key but it isn't *quite* working for me. "/sbin/mount -wu /" worked but at the chmod command I was met with an "operation not permitted" message. Any information on how I can get around this would be GREATLY appreciated. My MacBook running 10.5.4 will not to past grey apple screen and I am doing everything in single user mode. Tapping this out ok my iPod touch.... Dvd, help if your out there. Or anyone. Thanks!

     
  20. BlackDan macrumors 6502

    Joined:
    Aug 20, 2004
    Location:
    Belgium
    #20
    Instead of doing all this by hand I usually run Applejack to do all this command-line mojo. give it a whirl. Got me out of trouble lotsa times.

    install, reboot while holding command+s, then at the prompt type: "applejack AUTO restart"
    Now sit back and enjoy the show.

    Good luck!
     
  21. dasboot macrumors newbie

    Joined:
    Sep 17, 2008
    #21
    One Possible solution

    this rather simple solution it worked for me....

    - Clone the affected machine to an external drive using Carbon Copy Cloner

    - reinstall Leopard (erase & install) on the original machine

    - now, using leopard Migration Assistant import the user accounts you want from the Clone. DESELECT everything except the user folder files - i.e. Do Not re-import anything from the old Library or system folder *only* the files.

    virtually Everything will be identical to the way it was - except the permissions are now correct and eveything is working

    It worked for me:)
     
  22. MV82 macrumors newbie

    Joined:
    Feb 15, 2010
    Location:
    New Jersey
    #22
    Permissions problem i think?

    Hey guys, i was doing the same thing and i think when back to my mac was doing something it messed up my permissions and more on all my drives, i got my main to boot but i cannot access my others, and im the only user and the admin

    any help i would greatly appreciate it, im relatively new to terminal so please be patient, thanks alot,

    heres what i got :confused:

    Mac-Pro:~ Image$ ls -alO /Volumes
    total 8
    drwxrwxrwt@ 5 root admin hidden 170 Feb 15 19:11 .
    drwxrwxr-t 33 root admin - 1190 Feb 15 16:20 ..
    lrwxr-xr-x 1 root admin - 1 Feb 15 19:11 Image -> /
    drw-rw-r-- 347 root admin uchg 11866 Feb 14 12:38 MP3's
    drw-rw-r-- 16 Image staff uchg 612 Feb 8 18:45 Stuff
    Mac-Pro:~ Image$
    Mac-Pro:~ Image$
    Mac-Pro:~ Image$ id
    uid=501(Image) gid=20(staff) groups=20(staff),204(_developer),100(_lpoperator),98(_lpadmin),81(_appserveradm),80(admin),79(_appserverusr),61(localaccounts),12(everyone),401(com.apple.access_screensharing),403(com.apple.sharepoint.group.1)
    Mac-Pro:~ Image$
    Mac-Pro:~ Image$
    Mac-Pro:~ Image$
    Mac-Pro:~ Image$ diskutil list
    /dev/disk0
    #: TYPE NAME SIZE IDENTIFIER
    0: GUID_partition_scheme *1.0 TB disk0
    1: EFI 209.7 MB disk0s1
    2: Apple_HFS Stuff 999.9 GB disk0s2
    /dev/disk1
    #: TYPE NAME SIZE IDENTIFIER
    0: GUID_partition_scheme *1.0 TB disk1
    1: EFI 209.7 MB disk1s1
    2: Apple_HFS Image 999.9 GB disk1s2
    /dev/disk2
    #: TYPE NAME SIZE IDENTIFIER
    0: GUID_partition_scheme *500.1 GB disk2
    1: EFI 209.7 MB disk2s1
    2: Apple_RAID 499.8 GB disk2s2
    3: Apple_Boot Boot OSX 134.2 MB disk2s3
    /dev/disk3
    #: TYPE NAME SIZE IDENTIFIER
    0: GUID_partition_scheme *500.1 GB disk3
    1: EFI 209.7 MB disk3s1
    2: Apple_RAID 499.8 GB disk3s2
    3: Apple_Boot Boot OSX 134.2 MB disk3s3
    /dev/disk4
    #: TYPE NAME SIZE IDENTIFIER
    0: Apple_HFS MP3's *999.5 GB disk4
    Mac-Pro:~ Image$
    Mac-Pro:~ Image$
    Mac-Pro:~ Image$ df
    Filesystem 512-blocks Used Available Capacity Mounted on
    /dev/disk1s2 1952853344 381621096 1570720248 20% /
    devfs 229 229 0 100% /dev
    /dev/disk0s2 1952853344 245056808 1707796536 13% /Volumes/Stuff
    /dev/disk4 1952202624 930143936 1022058688 48% /Volumes/MP3's
    map -hosts 0 0 0 100% /net
    map auto_home 0 0 0 100% /home
    Mac-Pro:~ Image$
    Mac-Pro:~ Image$
    Mac-Pro:~ Image$ ls -lad /
    drwxrwxr-t 33 root admin 1190 Feb 15 16:20 /
    Mac-Pro:~ Image$
    Mac-Pro:~ Image$
     
  23. ro1 macrumors newbie

    Joined:
    Sep 14, 2010
    #23
    THANKS dvd

    This worked for me too. I had to hold down COMMAND S (nor option s) when restarting (& dig out a USB keyboard with faulty cs & ws) and I'm trying get the disk utility to complete the permissions verification. ?Maybe it's hung-up? It's taking forever.

    Now to try to instal the system upgrade of leopard that led me into this morass.
     
  24. roberine macrumors newbie

    Joined:
    Jul 18, 2011
    #24
    Thnx

    Great work DVD.
    This also worked for me on Lion.
    Did a clean install on 3 systems and they all had the SUDO problem.
    Now the problem is gone.

    Herb
     
  25. dpillai macrumors newbie

    Joined:
    Aug 17, 2011
    #25
    for complete Mac newbie

    As in the 1st 24 hrs with a Mac ever like me I struggled with the same issue and the solutions above (applejack & command line arguments) did not work. My problem was that the admin password on my 10.5.8 was empty. Changed that and everything seems to be good to go. Note that I had run both the options mentioned before I changed the password.
     

Share This Page