0

So i was in teamviewer with my newbie developer who was trying to install some node js packages, npm install. he was having some issues with some libraries, he changed the permission of my mac sudo.

All the solutions I'm searching online are mostly related to ubuntu where they are suggesting this 1. Log out as the current user, then log back in as root. 2. Execute chown root:root /usr/bin/sudo && chmod 4755 /usr/bin/sudo 3. Log out as root, then log back in as the current user.

which simply doesn't work in mac. any solution other than re-installing?

TestDjay
  • 101

1 Answers1

2

Did you disable system integrity protection? If enabled, it's should've prevented you from messing with /usr/bin/sudo (and will also prevent fixing it except by reinstalling). I strongly recommend leaving SIP turned on; I can't think of any good reason you'd need to bypass it for a node.js setup (and plenty of bad reasons). You'll need to have it off to fix /usr/bin/sudo (and undo any other normally-forbidden changes you made), but I recommend turning it back on after you fix that.

You should be able to fix sudo with /Applications/Utilities/Script\ Editor.app. Create a new "document" (script), and enter this:

do shell script "chown root:wheel /usr/bin/sudo; chmod 4511 /usr/bin/sudo" with administrator privileges

...then click Run in the toolbar. It'll prompt for your admin password, and (if all goes well) will set the ownership and permissions back to normal.

Gordon Davisson
  • 34,729
  • i guess it didn't work – TestDjay Sep 09 '17 at 07:35
  • @TestDjay Did it give any error message? Do you know if system integrity protection is on or off? What does ls -leO /usr/bin/sudo show after running the AppleScript? – Gordon Davisson Sep 10 '17 at 07:57
  • If you are the sort of user who frequently uses the command line, is writing scripts and otherwise adjusting your system configuration I'd recommend against leaving SIP on for you personal laptop. I mean it's super useful if you are sharing a computer with multiple users, running some kind of server etc.. or if you aren't a power user and don't want to break things but all the reasons that /etc can be edited on a Linux machine are reasons to leave SIP off on your machine. If you get a virus you're going to clean install anyway right? – Peter Gerdes Sep 07 '20 at 21:57
  • @PeterGerdes SIP doesn't limit access to /etc or /usr/local or most of the other usual places to make system customizations. (Note: the problem here was changing /usr/bin/sudo, which is protected by SIP and generally shouldn't be modified, not /etc/sudoers which is not protected by SIP). There are some things it does get in the way of, but for the most part it's not as limiting as it sounds. – Gordon Davisson Sep 08 '20 at 04:00
  • Sorry you are right it was the various plist files and other crap under System and other crap I can't remember that gave me trouble when I had turned it on. You are right about etc but I know I used to try and leave it on and about once every 2 months Id have to turn it on and off again and now it's been so long that I don't even remember what it was that kept giving me trouble. – Peter Gerdes Sep 08 '20 at 04:25
  • This almost worked. I did a which sudo to discover that my sudo is /usr/local/bin/sudo. I changed the paths in the script editor script accordingly and then it worked. – Justin Gould Mar 23 '22 at 14:31
  • @JustinGould If the permissions on /usr/local/bin/sudo are wrong, you should be able to use /usr/bin/sudo to fix them. – Gordon Davisson Mar 23 '22 at 17:22