su root failed on Mac - macos

I tried to use the command "su root" on Mac OS Monterey version 12.3.1, but response was always Sorry, is there any possible reasons other than the wrong password?
I checked the link [ https://stackoverflow.com/questions/70699857/linux-shell-command-su-authentication-failed ] as this man did before. According to the specification, it says that [root and users in group wheel can run anything on any machine as any user], the belonging of me myself is wheel absolutely. See attached image. However, I did not succeed after trials.
enter image description here
enter image description here
Thank you so much !
Best Regards,
Juan K.N


When you do su root, you need to input root password.
To become root, we usually do sudo su -, then input your own password.


In macOS the root user is DISABLED by default. Also note, macOS is not Linux! You should really use sudo as #Philippe suggested.
If you want to enable the root user there are two methods:
In a Terminal window:
trev#macmini8 [/Users/trev] $ sudo su -
Password:
macmini8:~ root# passwd
Changing password for root.
New password:
Retype new password:
Choose Apple Menu (top left) > System Preferences
Choose Users and Groups
Click Login Options
Click Join
Click Open Directory Utility
From the menu bar in Directory Utility
... Choose Edit > Enable Root User
... Enter the password that you want to use for root

Related

macOS terminal asking for password every time I run copy command

I'm running a bash command on mac that moves a file to private/etc/app_name/.
sudo cp my_file.cpp private/etc/app_name/
Every time the I want to run the bash file, the OS asks for my system password.
> ./run_copy.sh
Password: *******
Is there a way to by-pass this or configure in such way that I only have to enter the password once.

Apparently, on my Macbook, I see /etc directory having symlinks with the /private/etc directory which is owned by the wheel group & root is part of that group. So, you would need to use sudo to copy to that directory.
With that said on a Linux machine, you can work around this by adding your group to a new file in the /etc/sudoers.d/<group-name> path.
<grp-name> ALL=(ALL) NOPASSWD:ALL
I've just tried this on my mac, I could copy files onto /private/etc directory without entering the sudo password prompt.
Unfortunately, this comes up with some risks as users of your group get privileged access without entering any password prompt. You might accidentally delete important system files etc.,
A more niche approach could be to allow selectively like <group> ALL = (ALL) NOPASSWD: /usr/local/bin/copy-script. This way, they can't run all scripts/commands with sudo privileges.

Which user is AppleScript using when executing scripts

• Here is the script to be executed via AppleScript:
bash-3.2$ cd /Users/jack/Desktop/
bash-3.2$ ls -l | grep static
-rwxrwxrwx 1 jack admin 65 5 May 08:10 static-routes.sh
bash-3.2$ cat static-routes.sh
#!/bin/bash
sudo route -n add -net 192.168.3.0/24 172.16.254.134
~
• AppleScript contains the following:
do shell script "~/Desktop/static-routes.sh"
• When executing the script from within an AppleScript, by clicking on "Run" button, pop up window saying:
Script Error
sudo: a terminal is required to read the password;
Either use the -S option to read from standard input or
configure an askpass helper
• When exeucuting script from the console without sudo, no additional prompts appear:
bash-3.2$: Desktop jack$ ./static-routes.sh
add net 192.168.3.0: gateway 172.16.254.134
• Here is the snippet from /etc/sudoers:
bash-3.2$ sudo visudo
# root and users in group wheel can run anything on any machine as any user
root ALL = (ALL) ALL
%admin ALL = (ALL) ALL
jack ALL = (ALL) NOPASSWD: /Users/jack/Desktop/static-routes.sh
## Read drop-in files from /private/etc/sudoers.d
## (the '#' here does not indicate a comment)
#includedir /private/etc/sudoers.d
Defaults timestamp_timeout=60
Questions:
• Why this error is showing up, since, I have explicitly added the script to the sudoers file to be executed without password prompt via sudo?
• Which user does AppleScript use to execute the scripts? Is it possible to modify it?

The run a command that requires privileges from AppleScript, you need to specify that by adding the administrator privileges key, as in one of the following:
-- this will presented a standard authorization dialog
do shell script "~/Desktop/static-routes.sh" with administrator privileges
-- this will specifies an administrator account and password
-- (though note, the password will be visible as plain text in the script)
do shell script "~/Desktop/static-routes.sh" with administrator privileges user name XXXX password YYYY
You should not use sudo at the same time you use with administrator privileges; it's unnecessary and creates security holes. However, since you've changed the sudoers file already, you could try this:
do shell script "sudo ~/Desktop/static-routes.sh"
Putting sudo up front like that might cue AppleScript to do the correct thing.
See Technote 2065 for more information.

Run .sh File "Double Click" With Root Permission On Ubuntu

I have a bash script and i want to run it with double click on the script icon and i want to run it with root permission , and if the user now is not root , i want the script request the password root to run, or close.

gksu shows a gui input box for password
#!/bin/gksu root

Simply prepend sudo to any commands in the script that require elevated privileges and the user will be prompted for their password if necessary.

Usernames in /etc/passwd

I'm new to linux operating system and I've explored today the /etc/passwd file and to my surprise I found that it contains many other user names like proxy,daemon..etc.What are all these users?Can I login using these users?
Here the cat command i performed on /etc/passwd.
root:x:0:0:root:/root:/bin/bash
daemon:x:1:1:daemon:/usr/sbin:/usr/sbin/nologin
bin:x:2:2:bin:/bin:/usr/sbin/nologin
sys:x:3:3:sys:/dev:/usr/sbin/nologin
sync:x:4:65534:sync:/bin:/bin/sync
games:x:5:60:games:/usr/games:/usr/sbin/nologin
man:x:6:12:man:/var/cache/man:/usr/sbin/nologin
lp:x:7:7:lp:/var/spool/lpd:/usr/sbin/nologin
mail:x:8:8:mail:/var/mail:/usr/sbin/nologin
news:x:9:9:news:/var/spool/news:/usr/sbin/nologin
uucp:x:10:10:uucp:/var/spool/uucp:/usr/sbin/nologin
proxy:x:13:13:proxy:/bin:/usr/sbin/nologin
www-data:x:33:33:www-data:/var/www:/usr/sbin/nologin
backup:x:34:34:backup:/var/backups:/usr/sbin/nologin
list:x:38:38:Mailing List Manager:/var/list:/usr/sbin/nologin
irc:x:39:39:ircd:/var/run/ircd:/usr/sbin/nologin
gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/usr/sbin/nologin
nobody:x:65534:65534:nobody:/nonexistent:/usr/sbin/nologin
libuuid:x:100:101::/var/lib/libuuid:
syslog:x:101:104::/home/syslog:/bin/false
messagebus:x:102:106::/var/run/dbus:/bin/false
usbmux:x:103:46:usbmux daemon,,,:/home/usbmux:/bin/false
dnsmasq:x:104:65534:dnsmasq,,,:/var/lib/misc:/bin/false
avahi-autoipd:x:105:113:Avahi autoip daemon,,,:/var/lib/avahi-autoipd:/bin/false
kernoops:x:106:65534:Kernel Oops Tracking Daemon,,,:/:/bin/false
rtkit:x:107:114:RealtimeKit,,,:/proc:/bin/false
saned:x:108:115::/home/saned:/bin/false
whoopsie:x:109:116::/nonexistent:/bin/false
speech-dispatcher:x:110:29:Speech Dispatcher,,,:/var/run/speech-dispatcher:/bin/sh
avahi:x:111:117:Avahi mDNS daemon,,,:/var/run/avahi-daemon:/bin/false
lightdm:x:112:118:Light Display Manager:/var/lib/lightdm:/bin/false
colord:x:113:121:colord colour management
daemon,,,:/var/lib/colord:/bin/false
hplip:x:114:7:HPLIP system user,,,:/var/run/hplip:/bin/false
pulse:x:115:122:PulseAudio daemon,,,:/var/run/pulse:/bin/false
brucewilson:x:1000:1000:brucewilson,,,:/home/brucewilson:/bin/bash
mysql:x:116:125:MySQL Server,,,:/nonexistent:/bin/false
bharghav:x:1001:1001:bharghav,,,:/home/bharghav:/bin/bash
sshd:x:117:65534::/var/run/sshd:/usr/sbin/nologin
statd:x:118:65534::/var/lib/nfs:/bin/false
snmp:x:119:126::/var/lib/snmp:/bin/false
guest-MSvo95:x:120:127:Guest,,,:/tmp/guest-MSvo95:/bin/bash
Can anyone please explain what are these?

Most of those users are required by the OS processes to work. You can't login as one of those users because:
a. They don't have a shell as regular users does. For example, brucewilson has /bin/bash as shell, but pulse (Audio Controller ) has /bin/false.
b. There are not passwords for those users, so when the system asks for a password, no matter what you type you will never get in. You can check who has a password in /etc/shadow.

Actually, you can login as any user listed in /etc/passwd as of your choice.
for example, if you want to login as proxy, type the following command:
sudo -u proxy /bin/bash
It will asks password to authenticate the access, you can give your password only if your user account is added in sudoers list.
You can use the same command to login as any user in the /etc/passwd file.
For example, again if you want to log in as daemon, type the following command:
sudo -u daemon /bin/bash
and so on...
Hope this will help you.

how does permission works to run sbin command on mac..?

i'm using mac os x and i was trying to run shutdown command but it says
i'm not a superuser.
However, i could run ifconfig without being super user.
Both command are in /sbin.
And my PATH environment variable include /sbin ( is that why i can run ifconfig..?).
From what i have found, it says that
/sbin
for scripts with superuser (root) privileges required.
But i'm not quite sure about this explanation..
I'd appreciate all your help..

it means that you must be superuser (the owner of the machine) to run those commands, for example:
sudo shutdown
it will ask for a password, you must type the main user's password (the typing will not print out the password's chars) and press enter so you can confirm you are the super user.
sudo allows a permitted user to execute a command as the superuser or another user, as specified in the sudoers file. more: http://ss64.com/bash/sudo.html

Resources