Comments (9)
ezekg
commented on July 22, 2024
2
I believe Sierra upgraded the sudo version to 1.8, which enables tty_tickets by default.
from sudo-prompt.
jorangreef
commented on July 22, 2024
Could you try the following?
Open a Terminal window and run:
sudo -k
sudo echo hello
This should require a password.
Then close the Terminal window.
Open another Terminal window and run:
sudo echo world
What happens here?
from sudo-prompt.
ezekg
commented on July 22, 2024
How odd… it prompts me for my password a second time.
This is my /etc/sudoers,
## sudoers file.
##
## This file MUST be edited with the 'visudo' command as root.
## Failure to use 'visudo' may result in syntax or file permission errors
## that prevent sudo from running.
##
## See the sudoers man page for the details on how to write a sudoers file.
##
##
## Host alias specification
##
## Groups of machines. These may include host names (optionally with wildcards),
## IP addresses, network numbers or netgroups.
# Host_Alias WEBSERVERS = www1, www2, www3
##
## User alias specification
##
## Groups of users. These may consist of user names, uids, Unix groups,
## or netgroups.
# User_Alias ADMINS = millert, dowdy, mikef
##
## Cmnd alias specification
##
## Groups of commands. Often used to group related commands together.
# Cmnd_Alias PROCESSES = /usr/bin/nice, /bin/kill, /usr/bin/renice, \
# /usr/bin/pkill, /usr/bin/top
##
## Defaults specification
##
Defaults env_reset
Defaults env_keep += "BLOCKSIZE"
Defaults env_keep += "COLORFGBG COLORTERM"
Defaults env_keep += "__CF_USER_TEXT_ENCODING"
Defaults env_keep += "CHARSET LANG LANGUAGE LC_ALL LC_COLLATE LC_CTYPE"
Defaults env_keep += "LC_MESSAGES LC_MONETARY LC_NUMERIC LC_TIME"
Defaults env_keep += "LINES COLUMNS"
Defaults env_keep += "LSCOLORS"
Defaults env_keep += "SSH_AUTH_SOCK"
Defaults env_keep += "TZ"
Defaults env_keep += "DISPLAY XAUTHORIZATION XAUTHORITY"
Defaults env_keep += "EDITOR VISUAL"
Defaults env_keep += "HOME MAIL"
Defaults lecture_file = "/etc/sudo_lecture"
##
## Runas alias specification
##
##
## User privilege specification
##
root ALL=(ALL) ALL
%admin ALL=(ALL) ALL
## Uncomment to allow members of group wheel to execute any command
# %wheel ALL=(ALL) ALL
## Same thing without a password
# %wheel ALL=(ALL) NOPASSWD: ALL
## Uncomment to allow members of group sudo to execute any command
# %sudo ALL=(ALL) ALL
## Uncomment to allow any user to run sudo if they know the password
## of the user they are running the command as (root by default).
# Defaults targetpw # Ask for the password of the target user
# ALL ALL=(ALL) ALL # WARNING: only use this together with 'Defaults targetpw'
## Read drop-in files from /private/etc/sudoers.d
## (the '#' here does not indicate a comment)
#includedir /private/etc/sudoers.d
# Set sudo timeout (in minutes)
Defaults timestamp_timeout=5
# BEGIN vagrant-port-forward
Cmnd_Alias VAGRANT_PORT_FORWARD_ADD = /sbin/pfctl -ef -
Cmnd_Alias VAGRANT_PORT_FORWARD_REMOVE = /sbin/pfctl -F all -f *
%admin ALL=(root) NOPASSWD: VAGRANT_PORT_FORWARD_ADD, VAGRANT_PORT_FORWARD_REMOVE
# END vagrant-port-forward
# BEGIN vagrant-hostsupdater
Cmnd_Alias VAGRANT_HOSTS_ADD = /bin/sh -c echo "*" >> /etc/hosts
Cmnd_Alias VAGRANT_HOSTS_REMOVE = /usr/bin/sed -i -e /*/ d /etc/hosts
%admin ALL=(root) NOPASSWD: VAGRANT_HOSTS_ADD, VAGRANT_HOSTS_REMOVE
# END vagrant-hostsupdater
# BEGIN vagrant-nfs
Cmnd_Alias VAGRANT_EXPORTS_ADD = /usr/bin/tee -a /etc/exports
Cmnd_Alias VAGRANT_NFSD = /sbin/nfsd restart
Cmnd_Alias VAGRANT_EXPORTS_REMOVE = /usr/bin/sed -E -e /*/ d -ibak /etc/exports
%admin ALL=(root) NOPASSWD: VAGRANT_EXPORTS_ADD, VAGRANT_NFSD, VAGRANT_EXPORTS_REMOVE
# END vagrant-nfsOutput of sudo -V (Sierra uses a new version of sudo),
Sudo version 1.8.17p1
Sudoers policy plugin version 1.8.17p1
Sudoers file grammar version 45
Sudoers I/O plugin version 1.8.17p
from sudo-prompt.
jorangreef
commented on July 22, 2024
I think it might be that Sierra is now requiring TTY tickets, which is why you would see the second password prompt. In this case, there is nothing sudo-prompt can do really beyond showing the prompt when required.
Could you try the answer given below to see if that disables TTY tickets for your user and then try again?
http://serverfault.com/questions/111064/sudoers-how-to-disable-requiretty-per-user
from sudo-prompt.
ezekg
commented on July 22, 2024
It acts the same even after adding a global,
Defaults !requiretty
But after some investigation, sudo seems to work if I explicitly pass my user,
# In terminal #1: (first log in)
sudo -v
# In terminal #2: (fails, prompts again)
sudo -v
# In terminal #3: (succeeds, does not prompt)
sudo -v -u "$USER"from sudo-prompt.
jorangreef
commented on July 22, 2024
It acts the same even after adding a global
Do you mean the Terminal test case I posted above or sudo-prompt?
sudo seems to work if I explicitly pass my user
That's very interesting and might help to work around this.
from sudo-prompt.
ezekg
commented on July 22, 2024
Both. I thought the -u flag might fix the issue, but after some testing via adding -u $USER right after the -E flag, I got the following results:
command.push(`-u "${Node.process.env.USER}"`); // Works, but essentially does nothing
// Also tried,
command.push(`-u "root"`); // Continually prompts, timestamp is not respectedAlthough sudo -v -u "$USER" works, it doesn't elevate the permissions. You would need to run something like sudo -v -u root, but that still doesn't respect the timestamp. I can't figure out what changed in Sierra that would cause this.
from sudo-prompt.
ezekg
commented on July 22, 2024
After a ton of searching and comparing sudo su; sudo -V settings, it seems that Sierra enables tty_tickets by default now, causing the issues mentioned above. To fix, the following needs to be added to /etc/sudoers via sudo visudo,
Defaults !tty_tickets
from sudo-prompt.
jorangreef
commented on July 22, 2024
Thanks @ezekg
Although sudo -v -u "$USER" works, it doesn't elevate the permissions. You would need to run something like sudo -v -u root, but that still doesn't respect the timestamp. I can't figure out what changed in Sierra that would cause this.
Yes, I saw that sudo -v -u "$USER" requires the password in the 1st terminal, and not again in the 2nd terminal, but it seems it only updates the user's timestamp for existing TTY tickets, i.e. it won't help with a normal sudo in a 3rd terminal. So we can't really use it to bypass TTY tickets (which might not be a good idea either).
Did you find anything online that mentions Sierra enabling tty_tickets? Is Sierra modifying /etc/sudoers or some other file explicitly to do this?
from sudo-prompt.
Related Issues (20)
- 'Command failed' in Electron app HOT 1
- Not possible in Mac App Store, aka app-sandbox HOT 5
- macOS Catalina Operation not permitted HOT 1
- OS dialog prompt is not being prompted in Windows 10 HOT 1
- Operation not permitted in macOS with sudo-prompt
- Prompt shows but name and icon are not visible on macOS HOT 8
- "User did not grant permissions" if I click "Yes" too quickly on Windows? HOT 1
- `sudo-prompt` fails to detect `pkexec` or `kdesudo` in "strictly" confined snap
- Special characters handling on Linux
- Strange behaviour with Electron 9 on Win10 HOT 1
- in Eelectron app Rendering process, sudo run cp not work
- Hello, why option.name just support [a-z0-9 ] ?
- How to get elevated shell and run a command without sudo prefix HOT 1
- macOS: Application cannot be opened because the developer cannot be verified
- BigSur 11.1 issue: The authorization was denied since no user interaction was possible HOT 1
- Linux: option.env not used
- Unexpected behaviour with linux - electron.js HOT 1
- electron exe with root system privileges in linux, It's possible to do ?
- How to run multiple commands without requiring password every time HOT 6
- Any pkg similar to this, but without root/admin?
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from sudo-prompt.