Sudo Or Die
January 14th, 2010Dave Dribin offers a couple really handy tips for modifying the behavior of the “sudo” command-line tool, which allows ordinary admin users to acquire superuser powers for editing files, changing permissions, etc.
Handy Sudo Settings – Dave Dribin’s Blog
I knew about the ability to change the sudo timeout, but have never gotten around to looking into exactly how it’s done. Now, I’ll be annoyed a lot less often when I’m in an “administrative” frame of work.
Dave’s post inspired me to finally do a little more research into sudo and the configuration options. For starters, now that I’ve upped my timeout value to something longer than the default 5 minutes, I might want to occasionally “logout” of my sudo authenticated session. The “kill” option does just this, putting you back in a “password required” state:
% sudo -k
As for the options Dave described, they and many others like them are described in the “sudoers” man page:
% man 5 sudoers
Hmm. What’s this option called insults? I turned it on, but Apple appears to have “cleaned up” this option in Mac OS X. It doesn’t do anything. On the Linux installation that runs red-sweater.com, I turned on the option to see what would happen:
yarn% sudo ls daniel's password: ... and it used to be so popular... daniel's password: You do that again and see what happens... daniel's password: It's only your word against mine. sudo: 3 incorrect password attempts
One of the things I love about UNIX heritage is the sense of humor that pervades most of the software. The Mac used to have much more of this itself. I guess we traded it in for a greater sense of professionalism and solidity, but I still miss the corny humor sometimes.
January 14th, 2010 at 10:56 am
Me too! Then again, we do still have gems like the BSOD generic PC icon. Which, as I recall, didn’t go down so well with the comedically challenged; so maybe it’s a good thing there isn’t a lot more of this sort of thing?
January 14th, 2010 at 12:09 pm
It is, of course useful for making a sandwich.
jon
January 14th, 2010 at 12:42 pm
I remember an argument on the FreeBSD development list between Apple’s head of BSD engineering (Jordan K. Hubbard) and, well, the rest of the whole known universe, over whether Apple would consider it appropriate to accept upstream source for Darwin that used the EDOOFUS error code. EDOOFUS was used to indicate programmer error in calling an API that was detected at runtime.
January 14th, 2010 at 12:54 pm
If you need prolonged admin access, you can do ‘sudo -s’, which will dump you into a root shell without worrying about timeouts.
January 14th, 2010 at 1:51 pm
As for the lack of humor, I really miss Clarus. Moof!
January 14th, 2010 at 2:10 pm
It’s sad that the insults are compiled in via header files so to get them on OS X you’d need to recompile. You can see the insults in the Darwin source [0] but I’m guessing Apple decided to disable them. Maybe it’s time for a radar on the matter.
[0] at http://www.opensource.apple.com/source/sudo/sudo-46/src/ any file that matches ins_*.h
January 19th, 2010 at 11:01 pm
One of the things YOU should love about UNIX is running as root like a real man. Sudo is for children and ubuntu.