I want to alter my sudo capabilities on my mac, to avoid password prompts on starting postgres among other things. I'm reading Michael Lucas' Sudo Mastery and generally have an OK idea on how to modify the entries and use visudo.
However, Michael makes the point that, regardless of what you do, editing sudoers is inherently unsafe and can lock you out of your machine. And he goes out of his way to warn people to activate a root login, especially on macOS. Once your sudoers file is ok and you've confirmed that with a reboot, you can always disable the root.
I mean, if it's just copying the original sudoers and then, when things blow up, safe boot, go to the Terminal and restore the backed up sudoers, that's fine. But I want to be 110% sure I will not get locked out.
Note: I might very well try my hand on a Linux VM's sudoers first, but I still want to have an escape route.
On macOS Mojave, keeping in mind Apple's various intentional security limitations around safe boots and SIP, what are the simplest steps to go create temporary root login backdoor?
Best Answer
No backdoor is required, in fact really nothing (not even a backup) is required to edit the sudoers file. You can't get locked out of your machine.
A backup (
sudo cp /etc/sudoers /etc/sudoers.bak
) is more convenient though, because you can simply restore it with a one-liner.Reasons:
Tested in a Mojave VM by:
nano
and commenting out the root and %admin line, changing ownership of sudoers to 501:staff and make it 777Proof: