long story short,
1.my PATH got messed up so the zsh throws an "command not found" error in the terminal
tried to uninstall and reinstall the homebrew to see if that does anything - it did not.
now sudo throws me an error
sudo: no valid sudoers sources found, quitting
sudo: unable to initialize policy plugin
the reason why(well my guess) sudo throws this error that is that while
I manually delete the files as the homebrew recommended, I must have deleted or done something in
/usr/local so now sudo uid is not 0 anymore.
I have tried
mount -uw /
chown 0 /private/etc/sudoers
exit
and these instructions
A. https://apple.stackexchange.com/questions/157772/sudo-etc-sudoers-is-owned-by-uid-501-should-be-0?fbclid=IwAR0HPT64TzzkuKs1ymsqb2l8HThXqRpGifX_QAdzrK5z5XgecavTzWiQVh0
B. https://forums.macrumors.com/threads/not-able-to-use-sudo-commands-in-terminal.2101126/?fbclid=IwAR3BL-Sajkrsp02i5MCAKM7DZ0C83xUFOg9pzRhpG1hLrzpk9FbnDbbjoaM
but none of them worked.
What is the last thing I can do?
If I delete the drive and re-install it(disk utility), will it also change the sudo problem?
That is, of course, the last thing I would like to do. but I am considering it now.
Any thoughts?
HELP!
After digging everywhere, I found the answer here,
My sudo command not working
One of the main issues I had was that the sudo uid set to 501 instead of 0.
#GordonDavisson had a solution using "Script Editor" and run the code
do shell script "chown root:wheel /etc/sudoers; chmod 440 /etc/sudoers; chmod -N /etc/sudoers" with administrator privileges
as he mentioned.
This successfully changed my root. I checked it by running
ls -l /etc/sudoers
in the terminal.
After this, I could re-install the homebrew.
Though I encounter unusual steps, where homebrew was running,
it asked me several times to enter the password for different stages
which did not happen before.
But after re-installing the Homebrew, I changed my $PATH
export PATH=$PATH:/usr/local/git/bin:/usr/local/bin
and now I can live again!
I am trying to figure out how many launch agents are loaded right now using following command the it
find /System/Library/Launch* /Library/Launch* ~/Library/Launch* -name '*.plist' -exec sh -c '/usr/libexec/PlistBuddy -c "Print Label" {} && echo {}' ';' | grep -wf <(launchctl list | grep -o "\S\+\..*$") -A1
grep -B 1 -A 1 "active count = 1$" <<< "$(launchctl dumpstate)"
but its not listed the one I am looking for.
is it correct?
Using launchctl you can list all the running agents and daemons like such:
launchctl list
and
sudo launchctl list
please note that the two are different commands.
Oddly enough, running sudo launchutil list prints out the root daemons, and only the root deamons.
If you are running the commands in the terminal you will want to run the non-sudo version first, because if you don't, the sudo version will create a root session which will force version #1 to have root privileges anyways!
If you would like to find the file path to such an agent or daemon, this
may help.
Edit:
Okay, I don't know how I missed the word "unloaded" in the giant title in your question but... here are the directories that daemons/agents like to hide in (copied from the man page of launchctl):
FILES
~/Library/LaunchAgents Per-user agents provided by the user.
/Library/LaunchAgents Per-user agents provided by the administrator.
/Library/LaunchDaemons System wide daemons provided by the administrator.
/System/Library/LaunchAgents OS X Per-user agents.
/System/Library/LaunchDaemons OS X System wide daemons.
I had your same question and this article was super helpful. I suggest reading through it, but here's a relevant snippet:
While itβs not a simple matter for users to enumerate all the Login Items, admins can do so with a little extra work by parsing the following file, if it exists: ~/Library/ApplicationSupport/com.apple.backgroundtaskmanagementagent/backgrounditems.btm
Parsing that file is more complicated than opening it with your favorite editor. The article links to a paste bin, but this github repo is a one-stop shop. Still, the article will help a lot.
I have a Mac that is shared between two engineers. Both have separate user accounts. Both need to run brew update and brew install... occasionally.
How do I set this up without getting errors like:
/usr/local must be writable!?
Yeah, I could have UserA take over the permissions of /usr/local every time he wants to use brew (and same with UserB), but that seems like a lot of unnecessary trouble.
You can also change the group permissions to admin or another group that both of your users are in:
chgrp -R admin /usr/local
chmod -R g+w /usr/local
Original source: https://gist.github.com/jaibeee/9a4ea6aa9d428bc77925
UPDATE:
In macOS High Sierra you can't change the owner, group or permissions of /usr/local. So you have to change the group and permissions of the subfolders:
chgrp -R admin /usr/local/*
chmod -R g+w /usr/local/*
UPDATE September 2018, High Sierra 10.13.6
Determine the path of the brew prefix, ie. the path that will be used to store files related to working with homebrew
Check that all users on the system who need access to brew are in the admin group
Optional Add a user to the admin group if a user needs access to brew
Will require access / privileges to use the sudo command
Set the brew prefix path to be recursively owned by the admin group
Set the brew prefix path to be recursively writable by all users who are in the admin group
Verify the permissions of the brew prefix
brew π»
echo $(brew --prefix)
echo $(groups $(whoami))
sudo dseditgroup -o edit -a $(whoami) -t user admin
sudo chgrp -R admin $(brew --prefix)
sudo chmod -R g+rwX $(brew --prefix)
ls -lah $(brew --prefix)
Every answer that tries to hack permissions, or use sudo is wrong.
Do not use sudo and do not share a single brew installation across user accounts.
The correct answer per the Homebrew docs is to use zero or one global brew installation on a machine, and for all other users install a local version of brew.
This is especially important on Mac, but works on Linux too.
This can be done by one of the following approaches
Git approach: doing a git checkout of the source repo
Untar-anywhere approach: expanding a tarball into some directory β owned by your user
Git approach
For the git approach you'll need to clone brew.
Arbitrarily choosing my user home directory for my checkout:
cd $HOME
git clone https://github.com/Homebrew/brew.git
./brew/bin/brew tap homebrew/core
Untar-Anywhere Approach
As documented at docs.brew.sh, run this command in your home directory, which will create ~/brew.
cd $HOME
mkdir brew && curl -L https://github.com/Homebrew/brew/tarball/master | tar xz --strip 1 -C brew
Finishing up
For either installation method, you'll need to change your PATH to prefer the new brew bin directory, adding something like this to your shell's dot file.
export PATH=$HOME/brew/bin:$PATH >> ~/.zshrc # or ~/.bashrc
Then running this to reload and test
exec $SHELL
which brew # see that brew is found in your path
Since this is a new installation, you have to install all your desired brew packages (again).
Install homebrew for each user
According to the brew documentation you can install it inside each User Home folder
That way all packages are going to stay inside your user folder, and will not be visible or affect other users. As a good side effect if you delete that user, no trash is left behind on your system. So system wide pollution is minimised.
This comes at the cost of more storage being used, if you install the same package for multiple users. Just something to be aware if you have a very small SSD.
Instructions
If you currently have brew installed on your system globally, I recommend uninstalling brew first. (You can see where brew is installed running which brew)
If you don't have Command Line Tools installed, you have to run this first:
xcode-select --install
Open terminal and Run:
MacOS Catalina 10.15 or newer:
cd $HOME
mkdir homebrew && curl -L https://github.com/Homebrew/brew/tarball/master | tar xz --strip 1 -C homebrew
echo 'export PATH="$HOME/homebrew/bin:$PATH"' >> .zprofile
MacOS Mojave 10.14 or older:
cd $HOME
mkdir homebrew && curl -L https://github.com/Homebrew/brew/tarball/master | tar xz --strip 1 -C homebrew
echo 'export PATH="$HOME/homebrew/bin:$PATH"' >> .bash_profile
Close the Terminal window
Open Terminal again, and run this to ensure your installation is correct:
brew doctor
Done!
Disabling auto update
This is not required
I also find useful to disable brew to update all packages before every time you install something.
MacOS Catalina 10.15 or newer
echo 'HOMEBREW_NO_AUTO_UPDATE=1' >> $HOME/.zprofile
MacOS Mojave 10.14 or older
echo 'HOMEBREW_NO_AUTO_UPDATE=1' >> $HOME/.bash_profile
EDIT: Please use the answer by Vitim, it's the correct one :)
Hacky workaround solution for macOS Mojave 10.14
This is a edited version of user4815162342's answer, which didn't work for me out-of-the-box.
In System Preferences, go to Users & Groups, click the lock symbol in the bottom left corner to unlock user/group creation, then create a new group called brew-usergroup. Add all users who work with brew to the group (like in the attached screenshot from a german macOS).
In terminal, do this:
echo $(brew --prefix)
echo $(groups $(whoami))
sudo dseditgroup -o edit -a $(whoami) -t user brew-usergroup
sudo chgrp -R brew-usergroup $(brew --prefix)/*
sudo chmod -R g+rwX $(brew --prefix)/*
ls -lah $(brew --prefix)
Note that this doesn't change rights of brew folders anymore (like in other answers), it changes subfolders/files of brew folders.
brew install should now work fine without errors.
The above works fine, but if you want new files to automatically inherit those permissions, set an ACL which gets inherited (otherwise only the user that pours a bottle can remove it). Found hints how to do this here: https://gist.github.com/nelstrom/4988643
As root run once (assuming all users of group "admin" should have access):
cd /usr/local
/bin/chmod -R +a "group:admin allow list,add_file,search,add_subdirectory,delete_child,readattr,writeattr,readextattr,writeextattr,readsecurity,file_inherit,directory_inherit" Homebrew Caskroom Cellar bin
/usr/bin/chgrp -R admin Homebrew Caskroom Cellar bin
/bin/chmod -R g+rwX Homebrew Caskroom Cellar bin
ls -lae .
the -e on ls shows ACLs.
Update: now I use specific directories (see above) as it failed (sth. like out of memory)
Homebrew is not designed to be used by different Unix users. From the FAQ:
If you need to run Homebrew in a multi-user environment, consider creating a separate user account especially for use of Homebrew.
The chmod solution is not viable unless you ensure that every newly created file in the Homebrew prefix also has the group write permission, which is not the case with the default umask β or unless you keep running that chmod command every time a program writes to the Homebrew prefix.
Maintaining separate Homebrew installations for each user do sort the permissions issues but will create a number of other issues, which is why it's not recommended by Homebrew:
However do yourself a favour and use the installer to install to the default prefix. Some things may not build when installed elsewhere. One of the reasons Homebrew just works relative to the competition is because we recommend installing here. Pick another prefix at your peril!
To ease the official recommendation of using a dedicated account for Homebrew, you can use sudo to easily impersonate that user account. Assuming you named that user homebrew:
sudo -H -u homebrew brew update
-H makes sure HOME is set to the homebrew user home (e.g. /Users/homebrew) so that Homebrew can do its housekeeping there.
-u homebrew tells sudo to impersonate the homebrew user account instead of the default of root.
Here is the official answer of the Homebrew maintainer.
In addition to it I suggest to do 3 more steps. Suppose you have an admin user niki who owns the /usr/local/* dir and you are logged in as another admin user niki_at_work.
Create ~/brew.sh with these contents:
#!/bin/bash
comm="brew $#"
su niki -c "$comm"
chmod +x ~/brew.sh
Add this alias to .zshrc or equivalent: alias brew="~/brew.sh"
Now you can brew from niki_at_work like always (it will ask for niki's password):
brew update
brew install swiftlint
If you want to use a dedicated admin user for brew ex. brewadmin you should first chown brew dirs:
sudo chown -R brewadmin:admin /usr/local/*
The best solution is to add a sudoers record to allow unprivileged user 'joe' to execute any 'brew' related command as the administrative user.
Create a file at /etc/sudoers.d/joe with following content:
joe ALL=(administrator) NOPASSWD: /usr/local/bin/brew
Then you can run brew like this:
sudo -Hu administrator brew install <smth>
The above solutions didn't work for me. But running the command below worked for me.
sudo chown -R $(whoami) $(brew --prefix)/*
Source: https://github.com/Homebrew/brew/issues/3228#issuecomment-333858695
I am wanting to detect in a shell script if a command I am going to run via sudo can in fact run via sudo. On newer versions of sudo I can do sudo -l "command" and this gives me exactly the result I want.
However, some of the systems have an old version of sudo in which -l "Command" isn't available. Another way I was thinking about doing it was to just try running the command then see if sudo prompted for the password. However, I do not see an easy way to do this as sudo writes the password prompt to the TTY and not via stdout.
Does anyone else know of a straight forward way to do this?
I should also mention "expect" doesn't seem to be available on the systems with the older sudo revisions, either.
Just for reference the "difficult" version of sudo appears to version 1.6.8
On Linux, on (at least) Debian-like systems, you can have a look at /etc/sudoers (and the optional /etc/sudoers.d/* files, if created, and included in the main /etc/sudoers) that give (among others)
the search path to where (which dir) a command can be issued
the sudo user (root) privileges
groups who can use sudo and their privileges
This is the sudoers man page for more information.
if you're only wanting to check that a password is required to run a command then you should be able to run:
$ sudo -n <command>
E.g.
$ sudo -n echo
sudo: sorry, a password is required to run sudo
I recently set up an svn server on Mac OS X. I am able to checkout files, but not commit, with the error:
Error Can't open file '/usr/local/repo/db/txn-current-lock': Permission denied
I understand this is an ownership issue -- however, I've tried various solutions I've found from searches such as:
chown -R subversion:subversion /usr/local/repo
But I get that subversion is an invalid argument (probably because there is no user or group on my machine with these names). My issue is -- how do I create these users and a group so that are linked with the user names and passwords specified in my svn authentication file?
Thanks!
Andrew
I think this surely is a permissions problem:
As I dont know the user and the group here, so what i would suggest is using:
sudo chown -R $(id -u):$(id -g) /path/to/repo #now new owner would be current user and the group wold become current usergroup.
chmod -R u+w /path/to/repo