sudo: Permission Denied

[Amigalander]

I've used sudo before successfully, but suddenly it doesn't work anymore!

For example, I try setting a shutdown timer using

sudo shutdown -h +60
or
sudo pmset disksleep 30
or even just
sudo

and get

sudo: can't open /private/etc/sudoers: Permission denied

Just typing sudo alone results in the same error.

I've tried searching and following other threads on this topic to no avail. Repairing permissions from disk utility didn't help either. And sadly I'm a unix newb.

Any help would be appreciated. Thank you.

 

[dvd]

From the Terminal prompt, type:

ls -la /private/etc/sudoers

and show us what you see. When I run it, I see:

-r--r----- 1 root wheel 1135 Sep 23 19:29 /private/etc/sudoers

 

[Amigalander]

Mine is exactly the same:

-r--r----- 1 root wheel 1135 Sep 23 19:29 /private/etc/sudoers

 

[jeremy.king]

Are you a member of the wheel group, which is usually granted sudo access. You can find your groups by using the 'id' command in a Terminal window.

 

[Amigalander]

Here is my id:

uid=501(Amigalander)
gid=20(staff)
groups=20(staff),98(_lpadmin),103(com.apple.sharepoint.group.2),81(_appserveradm),102(com.apple.access_screensharing),79(_appserverusr),80(admin)

Is this correct? I don't have a very good understanding of how to interpret or manage groups. What is the wheel group?

 

[jeremy.king]

What is the wheel group?

It's what you need to be in if you want to sudo.

Is this your personal machine or a lab/school computer? To add your user to the list of sudoers or to the wheel group, you will need to login with an Administrator account and either make your current account an administrator account or do some command line hackery.


Heres your command to add your user to the wheel group in Leopard.

sudo dscl . -append /Groups/wheel GroupMembership Amigalander

 

[HawaiiMacAddict]

Aloha Amigalander,

It looks as if you have an administrator account, which is really all you need. I've run sudo before with my administrator account and all I needed to do was enter my administrator account's password.

One thing you can do is create another administrator account, log into that account, then try the sudo. If that works, you may want to transfer everything from your current account to the new administrator account. You can even use sudo as a standard user - you first have to su into an administrator account, then issue the sudo command.

One question - how long has this issue affected you? You may want to try to think back to the last time you were able to use the sudo command, then think forward to the first time you knew you could not, then consider the changes you made to your account/system in the interim. You may have inadvertently taken that access away from your user account. BTW, I am in the same groups as you, but can issue the sudo command successfully - try the new administrator account and let us know of your progress.

HawaiiMacAddict

 

[BlackDan]

It's what you need to be in if you want to sudo.

Is this your personal machine or a lab/school computer? To add your user to the list of sudoers or to the wheel group, you will need to login with an Administrator account and either make your current account an administrator account or do some command line hackery.


Heres your command to add your user to the wheel group in Leopard.

sudo dscl . -append /Groups/wheel GroupMembership Amigalander

using sudo to get yourself in the sudoers list?? I guess that's not really going to work....

Maybe if you can do it on another user acount, you can. I ALWAYS keep a spare Admin account on my machine.

 

[jeremy.king]

using sudo to get yourself in the sudoers list?? I guess that's not really going to work....

Reread my post

 

[BlackDan]

Reread my post

I misread. I thought you meant: log on as an admin OR run this command. Need.. more... sleep...

 

[Amigalander]

Is this your personal machine or a lab/school computer?

It's my personal 3 month old iMac. I haven't added any users. So as far as I know, I'm an admin -- especially since sudo USED to work.

Sudo stopped working about 1 week ago, probably about the time I set up "back to my mac" with screen sharing and file sharing.

I've tried reverting back to the original file sharing and BtMM settings, re-running disk repair permissions, restarting, repairing permissions again, but nothing seems to make any difference

Is it possible the file sharing setting messed with groups?

 

[dvd]

I don't think this is a group problem, I think it's a problem accessing the /private/etc/sudoers file itself. I'm not in the wheel group and sudo works fine for me. And your 'id' output shows that your account is already set up as an administrator.

The permissions for the file were fine, let's check the parent directories:

ls -lad /private/etc /private

Should result in:
drwxr-xr-x@ 6 root wheel 204 Nov 29 22:15 /private
drwxr-xr-x 87 root wheel 2958 Feb 19 19:27 /private/etc

Oh and while you're at it, do a:

ls -la /usr/bin/sudo

-r-s--x--x 1 root wheel 211232 Sep 23 19:29 /usr/bin/sudo

PS, it's the admin group that you need to be in to use sudo, not wheel:
sudo grep admin /private/etc/sudoers
%admin ALL=(ALL) ALL

 

[Amigalander]

I wish I found a discrepency...

~> ls -lad /private/etc /private
drwxr-xr-x@ 6 root wheel 204 Nov 1 21:29 /private
drwxr-xr-x 89 root wheel 3026 Mar 5 11:53 /private/etc


~> ls -la /usr/bin/sudo
-r-s--x--x 1 root wheel 211232 Sep 23 19:29 /usr/bin/sudo

~> sudo grep admin /private/etc/sudoers
sudo: can't open /private/etc/sudoers: Permission denied

but it looks like everything matches yours.

 

[dvd]

Ouch, I'm a bit stumped. Googling around, it appears you aren't the first to have this happen to them. No clear fixes, though, other than to perform an Archive and Install, which seems a bit extreme.

Just to bottom out on the obvious permissions path, let's make sure / is okay:

$ ls -lad /
drwxrwxr-t@ 32 root admin 1156 Feb 18 15:07 /

 

[Amigalander]

Hmm, now we get a different result!

~> ls -lad /
drwx---rwx+ 33 root admin 1190 Feb 14 23:38 /


Does this means my group (is this the admin group?) is missing permissions to read, write, & execute on the root folder?

P.S. There's no way I'm reinstalling, as I'm a firm believer that all problems are fixable, given enough help that is

 

[dvd]

Now we're getting somewhere!

Reboot into single user mode (hold Option S while booting until it switches to text mode)

At the single user prompt, type: /sbin/fsck -fy

This checks the filesystem integrity

Then type: /sbin/mount -wu /

This mounts the root filesystem as read/writable.

Next type: /bin/chmod 1775 /

This will correct the permissions for your / directory

Type: /bin/sync

This will make sure the change is written to the filesystem

Type: exit

Your mac will continue booting as normal and life should be good! Sudo should work. At this point, do a repair permissions to correct anything else that may not be right. The repair permissions probably does not work right now because you can't get admin authority due to the incorrect permissions.

 

[Amigalander]

It worked!!

Thanks dvd! It's an honor to have patient, helpful, and knowledgeable people like you in the Mac community

P.S. After the fix, Repair Permissions found nothing to repair (other than the standard 3 ACL issues).

Hopefully others having this issue will be better able to track down their permissions problem now.

 

[dvd]

Cool. Happy to help!

I'm wondering if when you set up file sharing, you shared out your root directory accidentally and somehow in the process those perms got stomped.

Like you said, now we know what to look for in any event.

 

[dasboot]

Sudo permission denied

Hello, I am having a nearly identical issue and after nearly an entire day searching forums I have landed here, I believe dvd's advice use the key but it isn't *quite* working for me. "/sbin/mount -wu /" worked but at the chmod command I was met with an "operation not permitted" message. Any information on how I can get around this would be GREATLY appreciated. My MacBook running 10.5.4 will not to past grey apple screen and I am doing everything in single user mode. Tapping this out ok my iPod touch.... Dvd, help if your out there. Or anyone. Thanks!

Now we're getting somewhere!

Reboot into single user mode (hold Option S while booting until it switches to text mode)

At the single user prompt, type: /sbin/fsck -fy

This checks the filesystem integrity

Then type: /sbin/mount -wu /

This mounts the root filesystem as read/writable.

Next type: /bin/chmod 1775 /

This will correct the permissions for your / directory

Type: /bin/sync

This will make sure the change is written to the filesystem

Type: exit

Your mac will continue booting as normal and life should be good! Sudo should work. At this point, do a repair permissions to correct anything else that may not be right. The repair permissions probably does not work right now because you can't get admin authority due to the incorrect permissions.

 

[BlackDan]

Hello, I am having a nearly identical issue and after nearly an entire day searching forums I have landed here, I believe dvd's advice use the key but it isn't *quite* working for me. "/sbin/mount -wu /" worked but at the chmod command I was met with an "operation not permitted" message. Any information on how I can get around this would be GREATLY appreciated. My MacBook running 10.5.4 will not to past grey apple screen and I am doing everything in single user mode. Tapping this out ok my iPod touch.... Dvd, help if your out there. Or anyone. Thanks!

Instead of doing all this by hand I usually run Applejack to do all this command-line mojo. give it a whirl. Got me out of trouble lotsa times.

install, reboot while holding command+s, then at the prompt type: "applejack AUTO restart"
Now sit back and enjoy the show.

Good luck!

 

[dasboot]

One Possible solution

this rather simple solution it worked for me....

- Clone the affected machine to an external drive using Carbon Copy Cloner

- reinstall Leopard (erase & install) on the original machine

- now, using leopard Migration Assistant import the user accounts you want from the Clone. DESELECT everything except the user folder files - i.e. Do Not re-import anything from the old Library or system folder *only* the files.

virtually Everything will be identical to the way it was - except the permissions are now correct and eveything is working

It worked for me

 

[MV82]

Permissions problem i think?

Hey guys, i was doing the same thing and i think when back to my mac was doing something it messed up my permissions and more on all my drives, i got my main to boot but i cannot access my others, and im the only user and the admin

any help i would greatly appreciate it, im relatively new to terminal so please be patient, thanks alot,

heres what i got

Mac-Pro:~ Image$ ls -alO /Volumes
total 8
drwxrwxrwt@ 5 root admin hidden 170 Feb 15 19:11 .
drwxrwxr-t 33 root admin - 1190 Feb 15 16:20 ..
lrwxr-xr-x 1 root admin - 1 Feb 15 19:11 Image -> /
drw-rw-r-- 347 root admin uchg 11866 Feb 14 12:38 MP3's
drw-rw-r-- 16 Image staff uchg 612 Feb 8 18:45 Stuff
Mac-Pro:~ Image$
Mac-Pro:~ Image$
Mac-Pro:~ Image$ id
uid=501(Image) gid=20(staff) groups=20(staff),204(_developer),100(_lpoperator),98(_lpadmin),81(_appserveradm),80(admin),79(_appserverusr),61(localaccounts),12(everyone),401(com.apple.access_screensharing),403(com.apple.sharepoint.group.1)
Mac-Pro:~ Image$
Mac-Pro:~ Image$
Mac-Pro:~ Image$
Mac-Pro:~ Image$ diskutil list
/dev/disk0
#: TYPE NAME SIZE IDENTIFIER
0: GUID_partition_scheme *1.0 TB disk0
1: EFI 209.7 MB disk0s1
2: Apple_HFS Stuff 999.9 GB disk0s2
/dev/disk1
#: TYPE NAME SIZE IDENTIFIER
0: GUID_partition_scheme *1.0 TB disk1
1: EFI 209.7 MB disk1s1
2: Apple_HFS Image 999.9 GB disk1s2
/dev/disk2
#: TYPE NAME SIZE IDENTIFIER
0: GUID_partition_scheme *500.1 GB disk2
1: EFI 209.7 MB disk2s1
2: Apple_RAID 499.8 GB disk2s2
3: Apple_Boot Boot OSX 134.2 MB disk2s3
/dev/disk3
#: TYPE NAME SIZE IDENTIFIER
0: GUID_partition_scheme *500.1 GB disk3
1: EFI 209.7 MB disk3s1
2: Apple_RAID 499.8 GB disk3s2
3: Apple_Boot Boot OSX 134.2 MB disk3s3
/dev/disk4
#: TYPE NAME SIZE IDENTIFIER
0: Apple_HFS MP3's *999.5 GB disk4
Mac-Pro:~ Image$
Mac-Pro:~ Image$
Mac-Pro:~ Image$ df
Filesystem 512-blocks Used Available Capacity Mounted on
/dev/disk1s2 1952853344 381621096 1570720248 20% /
devfs 229 229 0 100% /dev
/dev/disk0s2 1952853344 245056808 1707796536 13% /Volumes/Stuff
/dev/disk4 1952202624 930143936 1022058688 48% /Volumes/MP3's
map -hosts 0 0 0 100% /net
map auto_home 0 0 0 100% /home
Mac-Pro:~ Image$
Mac-Pro:~ Image$
Mac-Pro:~ Image$ ls -lad /
drwxrwxr-t 33 root admin 1190 Feb 15 16:20 /
Mac-Pro:~ Image$
Mac-Pro:~ Image$

 

[ro1]

THANKS dvd

It worked!!

Thanks dvd! It's an honor to have patient, helpful, and knowledgeable people like you in the Mac community

P.S. After the fix, Repair Permissions found nothing to repair (other than the standard 3 ACL issues).

Hopefully others having this issue will be better able to track down their permissions problem now.

This worked for me too. I had to hold down COMMAND S (nor option s) when restarting (& dig out a USB keyboard with faulty cs & ws) and I'm trying get the disk utility to complete the permissions verification. ?Maybe it's hung-up? It's taking forever.

Now to try to instal the system upgrade of leopard that led me into this morass.

 

[roberine]

Thnx

Great work DVD.
This also worked for me on Lion.
Did a clean install on 3 systems and they all had the SUDO problem.
Now the problem is gone.

Herb

 

[dpillai]

for complete Mac newbie

As in the 1st 24 hrs with a Mac ever like me I struggled with the same issue and the solutions above (applejack & command line arguments) did not work. My problem was that the admin password on my 10.5.8 was empty. Changed that and everything seems to be good to go. Note that I had run both the options mentioned before I changed the password.