Sudoers file corrupt?

Discussion in 'macOS Sierra (10.12)' started by davvanc, Apr 4, 2017.

  1. davvanc macrumors member

    Joined:
    Oct 29, 2015
    #1
    EtraCheck has produced a red line showing the results below:
    /etc/sudoers, File size 2235 but expected 1563
    I have looked at the content and there is nothing suspicious in that file, but the size is wrong.
    Using the editor (forgot the name now, was it VI?) for those kind of files is beyond me. Is there any way to get a new file with the correct size, other than a clean install?
     
  2. MacUser2525 macrumors 68000

    MacUser2525

    Joined:
    Mar 17, 2007
    Location:
    Canada
    #2
    The program would have been visudo which locks the file during editing to prevent problems if another user tries to edit at same time and as always if it is not broke do not fix it. In other words if you have no problems using sudo on the command line ignore that warning. Now you can always do a fresh install and import all your settings again but if doing so I would suggest the first thing you do is run that third party program again to confirm, if it says the same then it is useless for that checking.
     
  3. davvanc thread starter macrumors member

    Joined:
    Oct 29, 2015
    #3
    Thanks for the well-thoughtout reply. I did do a clean install but then let the install program import all my data and settings from another disk, an El Capitan install with that over-sized "sudoers" file, which resulted in the use of that file in the new Sierra install. As far as I can tell, there is no problem running "sudo" from the command line and, as you suggested, it may well be OK just to ignore that warning from EtraCheck.
     
  4. fivenotrump macrumors 6502

    Joined:
    Apr 15, 2009
    Location:
    Central England
    #4
    There should be a clean version of the sudoers file at /etc/sudoers~orig : copy this to /etc/sudoers .

    If you need to make local changes, for example changing the timeout, edit /etc/sudoers using visudo to delete the comment marker '#' on the bottom line
    #includedir /private/etc/sudoers.d
    so that it becomes
    includedir /private/etc/sudoers.d

    Now put your local changes into a file in this directory, for example /etc/sudoers.d/timeout might contain
    Defaults timestamp_timeout = 30
     
  5. davvanc thread starter macrumors member

    Joined:
    Oct 29, 2015
    #5
    Thanks so much! That did it, deleted the bad one, copied the old "~org" file without the "~org" and rebooted.
    Now EtraCheck doesn't show that red line!
    Thanks again.:apple:;):apple:
     
  6. KALLT macrumors 601

    Joined:
    Sep 23, 2008
    #6
    Just to clarify: sudoers is one of those configuration files that the system installer does not overwrite upon updating the system. This is completely normal. Instead, a copy of the newer version is left in the same directory, with `~orig` appended to the file name. You can choose to swap them if you want to, but it is not required.

    What EtreCheck does is compare the file size of the sudoers file to its standard size. It cannot distinguish between an outdated, but genuine, and a compromised file.
     

Share This Page