Mac os sudo without password

Пароль Sudo не работает, даже если у меня нет пароля

Я стер пароль от preference Теперь я могу войти без пароля, но когда я запускаю sudo Командный терминал спрашивает мне пароль, если я ничего не вставляю или старый, он возвращает ошибку. Что случилось?

sudo требует пароль по умолчанию в Mac OS X.

В Mac OS X v10.5 по 10.5.8, если вы нажмете клавишу Return на запрос пароля без ввода пароля (даже если у пользователя нет пароль, который не рекомендуется), введенная команда не будет выполнить, и вы вернетесь в командную строку.

В Mac OS X v10.6 или новее, если вы нажмете клавишу Return на запрос пароля без ввода пароля, сообщение «Извините, попробуйте снова. «, и вам будет предложено ввести пароль снова.

Если ваша учетная запись администратора не имеет пароля (пустой пароль), вы должен дать этому пользователю пароль перед использованием sudo команда.

Если вы должны удалить необходимость использования пароля sudo Вы можете редактировать /etc/sudoers использование файла visudo команда. нить на макошинтах обсуждает как:

Используйте команду visudo от имени пользователя root.

%admin ALL=(ALL) ALL

Измените это на:

%admin ALL=(ALL) NOPASSWD: ALL

Требование пароля настоятельно рекомендуется. Снятие этой проверки снижает безопасность вашего Mac и подвергает ваш компьютер атакам или злоупотреблениям.

Источник

How to enable the root user on your Mac or change your root password

Mac administrators can use the root user account to perform tasks that require access to more areas of the system.

The user account named ”root” is a superuser with read and write privileges to more areas of the system, including files in other macOS user accounts. The root user is disabled by default. If you can log in to your Mac with an administrator account, you can enable the root user, then log in as the root user to complete your task.

The root user account is not intended for routine use. Its privileges allow changes to files that are required by your Mac. To undo such changes, you might need to reinstall your system software. You should disable the root user after completing your task.

It’s safer to use the sudo command in Terminal instead of enabling the root user. To learn about sudo , open the Terminal app and enter man sudo .

Enable or disable the root user

1. Choose Apple menu () > System Preferences, then click Users & Groups (or Accounts).
2. Click , then enter an administrator name and password.
3. Click Login Options.
4. Click Join (or Edit).
5. Click Open Directory Utility.
6. Click in the Directory Utility window, then enter an administrator name and password.
7. From the menu bar in Directory Utility:
   • Choose Edit > Enable Root User, then enter the password that you want to use for the root user.
   • Or choose Edit > Disable Root User.

Log in as the root user

When the root user is enabled, you have the privileges of the root user only while logged in as the root user.

1. Choose Apple menu > Log Out to log out of your current user account.
2. At the login window, log in with the user name ”root” and the password you created for the root user.
   If the login window is a list of users, click Other, then log in.

Remember to disable the root user after completing your task.

Источник

Mac os sudo without password

I was shown this by a friend the other day. If you’re not really paranoid, this is quite useful.

I use sudo quite a lot and get bored of typing my password in every time I use it. There is away around this, but only do this if no one else uses your machine or you don’t leave your self logged in. Start a terminal and type:Now the only way to edit this file without playing around with chmod and so on is with visudo; this is a command used just to edit the /etc/sudoers file. It also does checks to make sure the formatting is correct. The following is the important part of the file. It basically says user ‘root’ can do all commands, group ‘admin’ can do all commands:You need to change this so it has NOPASSWD: before the last «all» for the admin group, so it looks like this:You can also add you username to the file:Note: Those are tabs after the username and group name.

To write and save the file hit ESC (just to be safe) and then :wq, then hit Enter. This basically tells vi to write then quit; if you made an error in the file, it will tell you so and ask you want to do. If this happens, you should always revert and try again, it’s a lot easier.

Of course you could always use «sudo tcsh» but I don’t like being root when I’m playing around.

[Editor’s note: visudo works like vi, so ‘man vi’ will explain how to use the editor. And please, take the security caution seriously. If someone else can get to your Mac, they will be able to execute commands as root without any authentication. Of course, once someone has physical access to the machine, most bets are off, but this makes it very easy for someone to do bad things to your machine if they so desire. Let me say it again . this is a really bad thing to do from a security perspective! You’ll need to decide if the risk is worth the few seconds of saved typing each time you sudo.]

Источник

How to run sudo command without a password on a Linux or Unix

I ‘m a new Unix system user. How do I use sudo command without a password on a Linux or Unix-like systems? I log in as tom@my-cloud-server-ip and disabled root login for ssh. After login, I need to run some commands as root user. I am the only sysadmin using my server. How do I run or execute sudo command without a password for a user named Tom under Debian/Ubuntu/CentOS Linux cloud server?

sudo (“superuser do”) is nothing but a tool for Linux or Unix-like systems to run commands/programs as another user. Typically as a root user or another user. You can delegate common tasks such as reboot the server or restart the Apache or make a backup using sudo for unprivileged users. By default, sudo needs that a user authenticates using a password before running a command. Some times you may need to run a command with root privileges, but you do not want to type a password using sudo command. This is useful for scripting or any other purpose. This can be achieved by editing /etc/sudoers file and setting up correct entries. You need to consider any security consequence of allowing a sudo command execute without a password.

Tutorial details
Difficulty level	Easy
Root privileges	Yes
Requirements	sudo on Linux or Unix/BSD/macOS
Est. reading time	3 mintues

NOTE: Initial setup must be done using the root account. One can gain root access by directly log in as root using console, ssh, or su command:
su —
In all cases, you must know the root password in advance before sudo can be configured to commands without a password. You might have sudo access and grant another user account passwordless access for commands.

How to to run sudo command without a password:

1. Gain root access: su —
2. Backup your /etc/sudoers file by typing the following command:
   cp /etc/sudoers /root/sudoers.bak
3. Edit the /etc/sudoers file by typing the visudo command:
   visudo
4. Append/edit the line as follows in the /etc/sudoers file for user named ‘vivek’ to run ‘/bin/kill’ and ‘systemctl’ commands:
   vivek ALL = NOPASSWD: /bin/systemctl restart httpd.service, /bin/kill
5. Save and exit the file.

How do I execute ALL sudo commands without password?

Type the following command as root user:
# visudo
Or if you have sudo access and want to grant another user permission, try:
$ sudo visudo
Append the following entry to run ALL command without a password for a user named tom:

• No ads and tracking
• In-depth guides for developers and sysadmins at Opensourceflare✨
• Join my Patreon to support independent content creators and start reading latest guides:
  • How to set up Redis sentinel cluster on Ubuntu or Debian Linux
  • How To Set Up SSH Keys With YubiKey as two-factor authentication (U2F/FIDO2)
  • How to set up Mariadb Galera cluster on Ubuntu or Debian Linux
  • A podman tutorial for beginners – part I (run Linux containers without Docker and in daemonless mode)
  • How to protect Linux against rogue USB devices using USBGuard

Join Patreon ➔

Here is my sample config file:

Fig.01: How to execute sudo without password for tom user

How do I test it?

Simply run /bin/kill to kill any process without a password:
[vivek@server ]$ sudo /bin/kill pid-here
OR
[vivek@server ]$ sudo /bin/systemctl restart httpd.service

Conclusion

You learned how to run a command without a password when using sudo on Linux or Unix-like systems. There is a significant security risk associated with passwordless operations. Hence, I would strongly recommend NOT doing this, but as they say, “it is not UNIX’s job to stop you from shooting your foot. If you so choose to do so, then UNIX’s job is to deliver Mr. Bullet to Mr. Foot in the most efficient way it knows.” For more info read man pages:
visudo(8)

🐧 Get the latest tutorials on Linux, Open Source & DevOps via

Источник

Question: Q: Wanting To Change Sudoers File In Mac OS 10.15, And Finding An Old .Sudoers.Tmp.Swp File

I found this link looking for instructions to give permission to shut down the machine via an Apple script, without having to use sudo and needing a password: https://osxdaily.com/2014/02/06/add-user-sudoers-file-mac/

However, it is pretty old and under 10.15 things might be different. I did however not find anything newer.

So, I did log in to sudo with: sudo visudo.

And got this. Now I am puzzled as to what to do.

Found a swap file by the name «/etc/.sudoers.tmp.swp»

owned by: root dated: Mon Jun 11 16:14:55 2012

file name: /private/etc/sudoers.tmp

user name: root host name: MBP.local

While opening file «/etc/sudoers.tmp»

dated: Fri Apr 17 23:52:22 2020

NEWER than swap file!

(1) Another program may be editing the same file. If this is the case,

be careful not to end up with two different instances of the same

file when making changes. Quit, or continue with caution.

(2) An edit session for this file crashed.

If this is the case, use «:recover» or «vim -r /etc/sudoers.tmp»

to recover the changes (see «:help recovery»).

If you did this already, delete the swap file «/etc/.sudoers.tmp.swp»

to avoid this message.

Swap file «/etc/.sudoers.tmp.swp» already exists!

[O]pen Read-Only, (E)dit anyway, (R)ecover, (D)elete it, (Q)uit, (A)bort:

What is interesting that the file found (.sudoers.tmp.swp) is from 2012. This is a 2020 Macmini. So, I assume it has been imported from the old machine when I imported the identity.

My question is can I dump this without getting into trouble?

And while we are at it does anybody know of any up-to-date information about changing the sudoers file?

Mac mini 2018 or later

Posted on Sep 13, 2020 6:28 AM

Are you using a user name or the user ID to assign custom privileges?

If you are using the UserID, then you need to preface the uid with «#»:

So if the uid of of «userIDAlloedToRunShutdown» is «501», then the line entry would be:

If «userIDAllowedToRunShutdown» is an alias, then make sure the uid’s listed in the alias are preceded with a «#». I just assumed «userIDAllowedToRunShutdown» was just a user name or valid alias. I got this by reviewing the man pages for sudoers.

I verified this format does work on macOS 10.12.

Posted on Sep 17, 2020 6:52 PM

Helpful answers

Is there anything in those files which you may need? If not, then I believe you should be able to safely delete the «.tmp» & «.tmp.swp» files.

FYI, I recommend not modifying the main «sudoers» file directly. macOS allows you to create extra helper files in the «/etc/sudoers.d/» folder. It will treat the entries in the files in this directory the same as if the entries were in the main «sudoers» file. This is a much safer method since you are not touching the main «sudoers» file which could have dire consequences if you make a mistake. Of course for some situations it may be better to modify the main «sudoers» file. With Catalina, I’m not sure the exact path where the writable folders are located (perhaps «/private/etc/sudoers.d/» ?).

FYI, if you are not proficient with «vim» and prefer the easier to use «nano» to edit text files on the command line you can invoke «nano» when using «visudo» by doing this:

It will provide the same protections to verify the integrity of the «sudoers» file on exit.

To create a separate helper file for «sudoers», you would invoke the command with:

With Catalina the writable path may rather be:

(modify the path as appropriate if I am wrong that the writable area for Catalina’s «/etc» is «/private/etc/»).

The name of the files in the «sudoers.d/» folder do not need any file name extensions. The «visudo» utility will create the proper file permissions and verify the integrity of the file just like it does when modifying the main «sudoers» file. I find this a much better & safer way of making modifications at least for certain situations, plus you can separate out the individual custom permissions. Just keep in mind the way these files will be processed because the later entries processed will override earlier entries in other files or the «sudoers» file itself.

The entries in the «sudoers.d» folder may better survive OS updates and upgrades than modifications made directly to the «sudoers» file.

Sep 13, 2020 5:47 PM

> sudo EDITOR=nano visudo -f /private/etc/sudoers.d/

Correct. The OP can just name the file «allow-shutdown» by using this command:

Sep 14, 2020 9:02 PM

There’s more to the conversation

Loading page content

Page content loaded

Is there anything in those files which you may need? If not, then I believe you should be able to safely delete the «.tmp» & «.tmp.swp» files.

FYI, I recommend not modifying the main «sudoers» file directly. macOS allows you to create extra helper files in the «/etc/sudoers.d/» folder. It will treat the entries in the files in this directory the same as if the entries were in the main «sudoers» file. This is a much safer method since you are not touching the main «sudoers» file which could have dire consequences if you make a mistake. Of course for some situations it may be better to modify the main «sudoers» file. With Catalina, I’m not sure the exact path where the writable folders are located (perhaps «/private/etc/sudoers.d/» ?).

FYI, if you are not proficient with «vim» and prefer the easier to use «nano» to edit text files on the command line you can invoke «nano» when using «visudo» by doing this:

It will provide the same protections to verify the integrity of the «sudoers» file on exit.

To create a separate helper file for «sudoers», you would invoke the command with:

With Catalina the writable path may rather be:

(modify the path as appropriate if I am wrong that the writable area for Catalina’s «/etc» is «/private/etc/»).

The name of the files in the «sudoers.d/» folder do not need any file name extensions. The «visudo» utility will create the proper file permissions and verify the integrity of the file just like it does when modifying the main «sudoers» file. I find this a much better & safer way of making modifications at least for certain situations, plus you can separate out the individual custom permissions. Just keep in mind the way these files will be processed because the later entries processed will override earlier entries in other files or the «sudoers» file itself.

The entries in the «sudoers.d» folder may better survive OS updates and upgrades than modifications made directly to the «sudoers» file.

Sep 13, 2020 5:47 PM

HWTech, thanks. Wow, good stuff. I am on the road and had a quick read, will start to have a more serious look at your information later on. Good info about not working directly in «sudoers». I did not know this but suspected that it could be dangerous to work in it.

Sep 14, 2020 1:41 AM

PS HWTech. Are you aware of some simple information on the web about «sudoers» for total beginners like me?

Sep 14, 2020 1:42 AM

Hi, the path in 10.15 is correct btw > /private/etc/sudoers.d

OK I am at the machine. So did I correctly understand you and write in Terminal:

to create a new file in that folder? Because I get:

And next if I may, should I be able to create the file «allow-shutdown» in the «sudoers.d» folder, how do I access it to write in it?

Sep 14, 2020 3:56 AM

Should, in theory, try to create a file in /private/etc/sudoers.d/ called ».

However the characters in the name are reserved shell symbols used for IO redirection and is confusing the shell.

There are few restrictions on the names of files in this directory, though, so ‘/private/etc/sudoers.d/allow-shutdown’ (without the ), or ‘/private/etc/sudoers.d/list-of-users-who-can-shutdown-the-machine’ or anything else similar should work just as well 🙂

Sep 14, 2020 11:26 AM

> sudo EDITOR=nano visudo -f /private/etc/sudoers.d/

Correct. The OP can just name the file «allow-shutdown» by using this command:

Sep 14, 2020 9:02 PM

PS HWTech. Are you aware of some simple information on the web about «sudoers» for total beginners like me?

I’ll have to look around for some links. I think I did bookmark a few sites that I liked for future reference, but I’m not sure which computer has the bookmarks or notes. Most of the links will reference Linux, but most of the information should still apply to macOS.

Here are a couple of links from a quick search that can get you started (I have found better ones before):

You can also access the macOS manual «man» pages for «visudo» and «sudoers»:

You do need to be careful since you can inadvertently allow a user more permissions than expected by customizing the «sudoers» file. A lot of useful information and warnings can be found on posts on StackExchange and SuperUser forums (and others). Sometimes a thread on those sites can gather a good discussion about subtle ways a setting may allow for unexpected behavior so read all the comments as they can be very educational. Even those expert users sometimes don’t always realize the dangers of some options. You really want to minimize what you add and allow in this file so you don’t inadvertently open up a huge security hole.

I’m not sure how things work on macOS, but I know on Linux there is usually other ways to achieve the same goals without modifying the «sudoers» file. In the *nix world there are usually several ways to achieve a goal with some ways being better than others, but it all depends on what you are trying to do and achieve.

FYI, you should try to be very explicit on which commands and even options will apply to any custom settings. For example with your shutdown command you can have it be generalized where the user can have access to every option available with shutdown such as «-r» for reboot or «-h» for halt. Or you can make it so the user is only able to restart the computer by specifically specifying the «-r» option for the «shutdown» command in the «sudoers» file.

I would suggest creating a Virtual Machine or an external boot disk to experiment on.

Make sure to have a good backup just in case something goes wrong.

Источник