How to Fix a Hosed /etc/sudoers File on Mac OSX
来源:互联网 发布:人性的弱点知乎 编辑:程序博客网 时间:2024/05/16 12:34
I just did something pretty stupid. I edited /etc/sudoers file directly from within my non-root user account.
I did
sudo vim /etc/sudoers
and added the following to it:
Cmnd_Alias GEM_INSTALL = /usr/bin/gem install *Cmnd_Alias GEM_UNINSTALL = /usr/bin/gem uninstall *vitaly ALL=NOPASSWD GEM_INSTALLvitaly ALL=NOPASSWD GEM_UNINSTALL
The intention was to grant myself permissions to install gems w/o entering password. I know its insecure, but this is security-vs-convinience kind of thing and I only intended to leave it there for a couple of hours while I do some heavy gem development.
Anyway, experienced unix users might have spotted the syntax error in my sudoers edits. I forgot the : just after the NOPASSWD. But the problem is even more basic then that. I shouldn't have beed editing the file directly. I should have known better. And now I'm paying the price:
$ sudo>>> sudoers file: syntax error, line 36 <<<>>> sudoers file: syntax error, line 37 <<<sudo: parse error in /private/etc/sudoers near line 36$ sudo vim /etc/sudoers>>> sudoers file: syntax error, line 36 <<<>>> sudoers file: syntax error, line 37 <<<sudo: parse error in /private/etc/sudoers near line 36
OOPS!
Now the sudoers file is broken and I can't even fix it since I was using sudo to edit it!
Never do that! :)
Use the visudo command. it will check the file syntax before 'commiting' it.
Now what?
I looked at the net and the general consensus is that you need to boot into a single-user mode to fix it. I really really didn't want to do it. I have 4G of RAM and so I'm usually running dozens of programs and its a pain to close and reopen them all after boot. I'm lazy :)
Then I thought there might be a better way.
First I checked the permissions on the sudoers file:
$ ls -l /etc/sudoers -r--r-----+ 1 root wheel 1302 Sep 28 17:20 /etc/sudoers
and only 'root' is in the group wheel, so no luck here.
I also couldn't 'su root' since my root user doesn't have a password. duh!
But then it appeared to me that I might be able to circumvent this protection by leveraging my OS X 'admin' status. After all it ought to count for something :).
I opened "/etc" folder in finder (Go -> Go to Folder...), then opened sudoers file properties. Opening the lock there doesn't require to be a root. Its enough to be an Admin and my Admin user does have a password! So I was easily able to grant myself permission to edit the file:
after that I just edited the file with vim again to comment the edits
vim /etc/sudoers
Then I did what I was supposed to do from the beginning, I used the 'visudo' at last:
sudo visudo
Last thing was to restore original permissions on the file in finder.
- How to Fix a Hosed /etc/sudoers File on Mac OSX
- How to install YAWS on Mac OSX
- How to install Maven on Mac OSX
- How to install Maven on Mac OSX
- How to run cpp-tests on Mac OSX
- How to fix a "Duplicated Symbols" error on binary files
- How to fix a "Duplicated Symbols" error on binary files
- How to fix "'user' is not in sudoers" in CentOS
- How To Convert DMG To ISO on Mac OSX, Windows and Linux
- How to create a filesystem on a file
- How to fix QX File Extension
- How to Install mcrypt for php on Mac OSX Lion 10.8 & 10.7 Development Server
- How to setup multiple sites hosted on your Mac with OSX 10.8 + (MAMP Part 5)
- how to add a swap file on linux
- How to open a large text file on Linux
- svn : how to set the executable bit on a file?
- Fix a Dualboot issue for Mac Mini Ubuntu+OSX
- How to fix and recover a “corrupt history file” in zsh?
- 广告标示符(IDFA-identifierForIdentifier)
- Eclipse 一直提示 loading descriptor for 的解决方法
- 嵌入式C编程经典面试题
- Android无线调试 ADBWIFI
- MATLAB】MATLAB的自带数据及可生成数据的函数
- How to Fix a Hosed /etc/sudoers File on Mac OSX
- been 和being 的用法
- Spice工作原理及代码剖析:02 Spice网络事件处理模型
- 【SSH项目实战】国税协同平台-31.我要投诉功能1
- Struts2:OGNL
- STM8 通用输入输出口(GPIO)
- 资料汇总
- 111
- jquery管理搜索框的值