Skip to main content

Mac SUDO

I was able to add my personal account to the local sudoers file by making the following two changes:

I modified the sudoers file and uncommented the wheel entry (so I could execute commands without a password):

%wheel ALL=(ALL) NOPASSWD: ALL

and then I ran the following two commands (assuming that my Windows Active Directory Domain was HOME):

/usr/sbin/dseditgroup -o edit -a HOME\timothy.bruce -t user wheel
/usr/sbin/dseditgroup -o edit -a HOME\timothy.bruce -t user admin

At some point I'd really like to go back and fix this so that I can create a specific group and add myself to it so I can do a limited set of commands without having to type a password and remove (actually comment back out) the line where users in the group wheel can enter ALL commands without a password (not very safe, even if I'm the only user or there are a limited number of users in the wheel group).

The only reason I'd like to add a new group is because this configuration allows me to do ANYTHING without requiring a password, which weakens the security, even on my local system.