Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

OSX big-sur-base update removed sudo permissions / coredumps now inaccessible #38

Closed
anarazel opened this issue Sep 16, 2021 · 3 comments

Comments

@anarazel
Copy link

@fkorotkov Unfortunately it seems the update in #37 removed the rights to sudo. We used sudo to change the permissions of /cores so we can get corefiles for crashes during CI. Unfortunately without changing the permissions on /cores, no core files are logged :(

ls -ld /cores/ || true
drwxr-xr-x  2 root  wheel  64 Jan  1  2020 /cores/
id || true
uid=501(admin) gid=20(staff) groups=20(staff),12(everyone),61(localaccounts),79(_appserverusr),80(admin),81(_appserveradm),98(_lpadmin),264(_webdeveloper),701(com.apple.sharepoint.group.1),33(_appstore),100(_lpoperator),204(_developer),250(_analyticsusers),395(com.apple.access_ftp),398(com.apple.access_screensharing),399(com.apple.access_ssh),400(com.apple.access_remote_ae)
ulimit -c unlimited
sudo chmod 777 /cores || true
sudo: a terminal is required to read the password; either use the -S option to read from standard input or configure an askpass helper
sudo: a password is required
sudo -n id || true
sudo: a password is required

And indeed, without that no core files are created:

sleep 5 & kill -SEGV $! || true
sleep 5
/var/folders/tn/f_9sf1xx5t14qm_6f83q3b840000gn/T/scripts6694d2c422acd208a0072939487f6999.sh: line 10:  3132 Segmentation fault: 11  sleep 5
ls -l /cores/ || true
@fkorotkov
Copy link
Contributor

Oh. Maybe the OS upgrade reset the sudoers. Sudo password inside the VM is admin so as a workaround you use it.

@anarazel
Copy link
Author

Ah, yes, that works. Should others encounter this, I added this to our .cirrus.yml:

  # An update to the cirrus OSX image removed passwordless sudo. Try to allow
  # it again. The existing sudoers uses env_reset without secure_path,
  # which means that 'sudo su' fails because 'su' isn't on PATH anymore.
  # https://github.com/cirruslabs/osx-images/issues/38
  fix_sudo_script:
    - echo admin | sudo -S /bin/bash -c 'echo "admin ALL=(ALL:ALL) NOPASSWD: ALL"|tee /etc/sudoers.d/admin'
    - echo 'Defaults        secure_path="/bin:/usr/bin:/usr/ucb:/usr/local/bin"'|sudo /usr/bin/tee /etc/sudoers.d/path

@fkorotkov
Copy link
Contributor

This should be fixed now.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

2 participants