Sudo and admin users

May 27, '04 08:41:00AM

Contributed by: gshenaut

I recently downloaded a perl script called adduser, which was intended to mimic the classic BSD script of the same name. However, after it ran, I discovered I no longer had any working admin user accounts on the system! I couldn't authenticate as an admin user, nor could I run sudo. The script had munged the /groups/admin entry in the netinfo database to read root,greg, and the commas somehow were blocking it from matching either root or greg (btw, I'm Greg). The problem was, how to fix the netinfo entry without being an admin user.

Well, what I ended up doing was booting into single user mode and editing the /etc/sudoers file (using /usr/sbin/visudo) to contain a line explicitly giving greg sudo privileges via greg ALL=(ALL) ALL. Then, after rebooting, I ran sudo niutil -createprop /groups/admin users root greg, and everything was rosy again. Note that the standard sudoers file contains entries for root and for %admin, meaning members of the admin group. This explains why both admin status and sudo capability went away as a result of the runaway script.

Putting an explicit name into the sudoers file saved the day for me, maybe it'll help someone else someday.

Update from robg: Please see the attached comments for a revised adduser script that doesn't cause these issues, and thanks to Cap'n Hector for submitting it!

Comments (8)


Mac OS X Hints
http://hints.macworld.com/article.php?story=20040525025110521