Skip to content

Instantly share code, notes, and snippets.

@christopher-hopper

christopher-hopper/macos-sudoers-vagrant-plugin

Last active September 2, 2022 03:11
Show Gist options
  • Star 2 You must be signed in to star a gist
  • Fork 2 You must be signed in to fork a gist
  • Save christopher-hopper/5ca9ef78d137ad6d02c0b05fb148e48c to your computer and use it in GitHub Desktop.
Save christopher-hopper/5ca9ef78d137ad6d02c0b05fb148e48c to your computer and use it in GitHub Desktop.
Download ZIP
Raw
readme.md

sudo Configuration

To configure the behaviour of sudo we need to edit the /etc/sudoers file. If you make a mistake in the sudoers file and save that mistake you can lock yourself out of sudo making it difficult to fix. For this reason we always use the visudo command to safely edit a sudoers file.

sudo visudo

The configuration lines below will ensure drop-in configuration files are read and that your password entry is cached.

Append the following lines to the end of the file.

##
# Password timestamp specification
##

## The number of minutes before asking for a password again.
Defaults        timestamp_timeout=5

## Disable per-tty timestamp separation.
## Keep one password timestamp for multiple terminal windows.
Defaults        !tty_tickets

##
# Drop-in files.
##

## Read drop-in files from /private/etc/sudoers.d
## (the '#' here does not indicate a comment).
#includedir /private/etc/sudoers.d

Debug logging

When you install a new command that asks for a password you may want to log the shell commands it executes with sudo to work out how to configure it to be Passwordless. To turn on logging to a specific log file, rather than say the system logs, add the following lines to a sudoers file.

##
# Logging specification
##
Defaults        log_host, log_year, logfile="/var/log/sudo.log"

Vagrant passwordless

To allow vagrant to automatically update macOS/BSD system files without asking for a password (sudo), create a new drop-in config sudoers file.

sudo visudo -f /etc/sudoers.d/macos-sudoers-vagrant-plugin

Copy in the Passwordless sudo configuration attached for each vagrant plugin or feature. References for each are below:

Raw
macos-sudoers-vagrant-plugin
# vagrant-hostmanager https://github.com/devopsgroup-io/vagrant-hostmanager
Cmnd_Alias VAGRANT_HOSTMANAGER_UPDATE = /bin/cp /home/*/.vagrant.d/tmp/hosts.local /etc/hosts
%admin ALL=(root) NOPASSWD: VAGRANT_HOSTMANAGER_UPDATE
# See https://github.com/cogitatio/vagrant-hostsupdater#readme
# vagrant plugin vagrant-hostsupdater.
Cmnd_Alias VAGRANT_HOSTS_ADD = /bin/sh -c echo "*" >> /etc/hosts
Cmnd_Alias VAGRANT_HOSTS_REMOVE = /usr/bin/sed -i -e /*/ d /etc/hosts
%admin ALL=(root) NOPASSWD: VAGRANT_HOSTS_ADD, VAGRANT_HOSTS_REMOVE
# vagrant synced-folders https://www.vagrantup.com/docs/synced-folders/nfs.html
Cmnd_Alias VAGRANT_EXPORTS_ADD = /usr/bin/tee -a /etc/exports
Cmnd_Alias VAGRANT_NFSD = /sbin/nfsd restart
Cmnd_Alias VAGRANT_EXPORTS_REMOVE = /usr/bin/sed -E -e /*/ d -ibak /etc/exports
%admin ALL=(root) NOPASSWD: VAGRANT_EXPORTS_ADD, VAGRANT_NFSD, VAGRANT_EXPORTS_REMOVE
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment