Skip to content

Instantly share code, notes, and snippets.

@Cyclenerd

Cyclenerd/00 slow sudo.md

Last active January 15, 2020 06:52
Show Gist options
  • Star 6 You must be signed in to star a gist
  • Fork 1 You must be signed in to fork a gist
  • Save Cyclenerd/465d0f310a451c8fef9e0bd6cba36878 to your computer and use it in GitHub Desktop.
Save Cyclenerd/465d0f310a451c8fef9e0bd6cba36878 to your computer and use it in GitHub Desktop.
Download ZIP
Slow sudo on macOS 10.12.4
Raw
00 slow sudo.md

Slow sudo on macOS 10.12.4

On my iMac 5k (iMac15,1) since the update on macOS 10.12.4 sudo is very slow. It takes about 5 minutes to the password prompt.

The problem is not on my MacBook Pro (MacBookPro13,1) with the same operating system 10.12.4.

With 10.12.3. I had no problems on the iMac.

Steps to Reproduce

  1. Open Terminal
  2. Run Command: date; sudo date

Expected Results

Instant password prompt.

Actual Results

Password prompt after about 5 minutes.

nils@imac5k ~ $ date; sudo date
Thu Apr  6 19:55:53 CEST 2017
Password:
Thu Apr  6 20:00:25 CEST 2017

Solution for sudo Hang Problem

I have found the following article: https://macperformanceguide.com/blog/2017/20170407_1157-macOS-10_12_4-sudo-broken-fix.html

He describes that the problem can be corrected with a change of the file /etc/sudoers (use visudo command). So I've compared the files on my iMac and MacBook. In fact, they are different. In my file are even more entries with /sbin/kextunload as described in the article.

After I have edited all the lines (the last three) with the content /sbin/kextunload, the problem is fixed.

A copy of the working version from the MacBook to the iMac also helped.

Raw
imac5k
root@imac5k ~ # sw_vers -productVersion
10.12.4
root@imac5k ~ # uname -a
Darwin imac5k.local 16.5.0 Darwin Kernel Version 16.5.0: Fri Mar 3 16:52:33 PST 2017; root:xnu-3789.51.2~3/RELEASE_X86_64 x86_64
root@imac5k ~ # ls -lah /usr/bin/sudo
-r-s--x--x 1 root wheel 361K Mar 23 00:56 /usr/bin/sudo
Raw
imac5k sudoers
# sudoers file.
#
# This file MUST be edited with the 'visudo' command as root.
# Failure to use 'visudo' may result in syntax or file permission errors
# that prevent sudo from running.
#
# See the sudoers man page for the details on how to write a sudoers file.
#
# Host alias specification
# User alias specification
# Cmnd alias specification
# Defaults specification
Defaults env_reset
Defaults env_keep += "BLOCKSIZE"
Defaults env_keep += "COLORFGBG COLORTERM"
Defaults env_keep += "__CF_USER_TEXT_ENCODING"
Defaults env_keep += "CHARSET LANG LANGUAGE LC_ALL LC_COLLATE LC_CTYPE"
Defaults env_keep += "LC_MESSAGES LC_MONETARY LC_NUMERIC LC_TIME"
Defaults env_keep += "LINES COLUMNS"
Defaults env_keep += "LSCOLORS"
Defaults env_keep += "SSH_AUTH_SOCK"
Defaults env_keep += "TZ"
Defaults env_keep += "DISPLAY XAUTHORIZATION XAUTHORITY"
Defaults env_keep += "EDITOR VISUAL"
Defaults env_keep += "HOME MAIL"
# Runas alias specification
# User privilege specification
root ALL=(ALL) ALL
%admin ALL=(ALL) ALL
# Uncomment to allow people in group wheel to run all commands
# %wheel ALL=(ALL) ALL
# Same thing without a password
# %wheel ALL=(ALL) NOPASSWD: ALL
# Samples
# %users ALL=/sbin/mount /cdrom,/sbin/umount /cdrom
# %users localhost=/sbin/shutdown -h now
%admin ALL= NOPASSWD: /sbin/kextload, /sbin/kextunload
%users ALL= NOPASSWD: /sbin/kextload, /sbin/kextunload
ALL ALL= NOPASSWD: /sbin/kextload, /sbin/kextunload
Raw
macbook
root@macbookpro ~ # sw_vers -productVersion
10.12.4
root@macbookpro ~ # uname -a
Darwin macbookpro.local 16.5.0 Darwin Kernel Version 16.5.0: Fri Mar 3 16:52:33 PST 2017; root:xnu-3789.51.2~3/RELEASE_X86_64 x86_64
root@macbookpro ~ # ls -lah /usr/bin/sudo
-r-s--x--x 1 root wheel 361K Mar 23 00:56 /usr/bin/sudo
Raw
macbook sudoers
#
# Sample /etc/sudoers file.
#
# This file MUST be edited with the 'visudo' command as root.
#
# See the sudoers man page for the details on how to write a sudoers file.
##
# Override built-in defaults
##
Defaults env_reset
Defaults env_keep += "BLOCKSIZE"
Defaults env_keep += "COLORFGBG COLORTERM"
Defaults env_keep += "__CF_USER_TEXT_ENCODING"
Defaults env_keep += "CHARSET LANG LANGUAGE LC_ALL LC_COLLATE LC_CTYPE"
Defaults env_keep += "LC_MESSAGES LC_MONETARY LC_NUMERIC LC_TIME"
Defaults env_keep += "LINES COLUMNS"
Defaults env_keep += "LSCOLORS"
Defaults env_keep += "SSH_AUTH_SOCK"
Defaults env_keep += "TZ"
Defaults env_keep += "DISPLAY XAUTHORIZATION XAUTHORITY"
Defaults env_keep += "EDITOR VISUAL"
Defaults env_keep += "HOME MAIL"
Defaults lecture_file = "/etc/sudo_lecture"
##
# User alias specification
##
# User_Alias FULLTIMERS = millert, mikef, dowdy
##
# Runas alias specification
##
# Runas_Alias OP = root, operator
##
# Host alias specification
##
# Host_Alias CUNETS = 128.138.0.0/255.255.0.0
# Host_Alias CSNETS = 128.138.243.0, 128.138.204.0/24, 128.138.242.0
# Host_Alias SERVERS = master, mail, www, ns
# Host_Alias CDROM = orion, perseus, hercules
##
# Cmnd alias specification
##
# Cmnd_Alias PAGERS = /usr/bin/more, /usr/bin/pg, /usr/bin/less
##
# User specification
##
# root and users in group wheel can run anything on any machine as any user
root ALL = (ALL) ALL
%admin ALL = (ALL) ALL
## Read drop-in files from /private/etc/sudoers.d
## (the '#' here does not indicate a comment)
#includedir /private/etc/sudoers.d
@Cyclenerd
Copy link
Author

macOS 10.12.4 sudo Version

nils@imac5k ~ $ sudo --version
Sudo version 1.8.17p1
Sudoers policy plugin version 1.8.17p1
Sudoers file grammar version 45
Sudoers I/O plugin version 1.8.17p1

@Cyclenerd
Copy link
Author

Cyclenerd commented May 16, 2017
edited

macOS 10.12.5 sudo Version

nils@imac5k ~ $ sudo --version
Sudo version 1.8.17p1
Sudoers policy plugin version 1.8.17p1
Sudoers file grammar version 45
Sudoers I/O plugin version 1.8.17p1

@Cyclenerd
Copy link
Author

Got a response to my bug report from Apple:

It’s not hanging, it’s resolving the list of groups you are part of to ensure you are allowed to run the command. It’s unfortunately how sudo is implemented.

@itsvicsoto
Copy link

Did you resolve this?

@glimming
Copy link

glimming commented Jan 15, 2020
edited 

#
# EDITED /etc/sudoers file tested with macOS Catalina for faster sudo
#
# This file MUST be edited with the 'visudo' command as root.
#
# See the sudoers man page for the details on how to write a sudoers file.

##
# Override built-in defaults
##
Defaults	env_reset
Defaults	env_keep += "BLOCKSIZE"
Defaults	env_keep += "COLORFGBG COLORTERM"
Defaults	env_keep += "__CF_USER_TEXT_ENCODING"
Defaults	env_keep += "CHARSET LANG LANGUAGE LC_ALL LC_COLLATE LC_CTYPE"
Defaults	env_keep += "LC_MESSAGES LC_MONETARY LC_NUMERIC LC_TIME"
Defaults	env_keep += "LINES COLUMNS"
Defaults	env_keep += "LSCOLORS"
Defaults	env_keep += "SSH_AUTH_SOCK"
Defaults	env_keep += "TZ"
Defaults	env_keep += "DISPLAY XAUTHORIZATION XAUTHORITY"
Defaults	env_keep += "EDITOR VISUAL"
Defaults	env_keep += "HOME MAIL"

# EDITED, disabled for faster sudo:
# Defaults	lecture_file = "/etc/sudo_lecture"

##
# User alias specification
##
# User_Alias	FULLTIMERS = millert, mikef, dowdy

##
# Runas alias specification
##
# Runas_Alias	OP = root, operator

##
# Host alias specification
##
# Host_Alias	CUNETS = 128.138.0.0/255.255.0.0
# Host_Alias	CSNETS = 128.138.243.0, 128.138.204.0/24, 128.138.242.0
# Host_Alias	SERVERS = master, mail, www, ns
# Host_Alias	CDROM = orion, perseus, hercules

##
# Cmnd alias specification
##
# Cmnd_Alias	PAGERS = /usr/bin/more, /usr/bin/pg, /usr/bin/less

##
# User specification
##

# root and users in group wheel can run anything on any machine as any user
root		ALL = (ALL) ALL
%admin		ALL = (ALL) ALL

## Read drop-in files from /private/etc/sudoers.d
## (the '#' here does not indicate a comment)
#includedir /private/etc/sudoers.d

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment