OSX 10.8 unable to su - to root from cltbld



Infrastructure & Operations
RelOps: Puppet
5 years ago
4 years ago


(Reporter: Callek, Assigned: arr)





5 years ago
:dustin was surprised this doesn't work.

I suspect(ed) it is bad password. But :dustin promised he would take a look.

sudo su - 
fails as well, but is a seperate issue.
The password is correct - it works for SSH - so this must be a configuration of su.  I'm not sure how to fix that.  We should be using SSH key auth to get to root, anyway, so I'm not terribly concerned about this - but happy to see it fixed if someone knows how.
Assignee: dustin → nobody


4 years ago
Component: Release Engineering: Machine Management → Release Engineering: Platform Support
OS: Windows 7 → Mac OS X
QA Contact: armenzg → coop


4 years ago
Assignee: nobody → relops
Component: Release Engineering: Platform Support → RelOps: Puppet
Product: mozilla.org → Infrastructure & Operations
QA Contact: coop → dustin
Also, 'sudo su -' is the better method for getting root access from a username, and that *should* be working, but I haven't verified that it does.
Assignee: relops → dustin
Severity: normal → enhancement
Hm, 'sudo su -' actually shouldn't be working; I'm not sure why I said that.  We could change that policy, essentially giving cltbld unlimited sudo access -- but is that a good idea?
Assignee: dustin → relops
Severity: enhancement → normal

Comment 4

4 years ago
Relops/releng discussed cltbld's privs before we rolled out 10.8 and decided that we really didn't WANT it to be an admin user and be able to escalate privs, so this is as expected.

Since OS X based on freebsd, cltbld can't su because it's not an administrative user (see http://www.themacosxserveradmin.com/2011/10/getting-root-on-os-x.html for a more in depth explanation).  The ALL priv for sudo only applies to root and the administrative user, so it also doesn't apply to cltbld.

If you want root access, ssh in as root with key auth.
Assignee: relops → arich
Last Resolved: 4 years ago
Resolution: --- → WORKSFORME
You need to log in before you can comment on or make changes to this bug.