Skip to main content

A random number of Macs in my environment have lost the ability to use sudo from a terminal. I have tried local admin user, ARD send Unix command as root, and JAMF Remote. I am trying a simple jamf recon and the result is:
sudo: 4294967295: invalid value.

Google turns up a few articles:
https://www.sudo.ws/alerts/minus_1_uid.html
https://news.ycombinator.com/item?id=21366177
I am not a Unix or Linux expert to understand why this is occurring or how to fix it. I do know that I have not edited the sudoers file, I can log into a local admin account and run normally if I don't use terminal requiring sudo, I can log in as an AD admin and get the same error message sending terminal commands using sudo, and logging in as a standard AD user I can su to a local admin account, but can't run commands using sudo.

These are computers that were installed with a fresh 10.14. OS and apps from our JAMF server and worked normally until I noticed sudo failing Wednesday. They were not imaged, they all work as expected with this exception.

I looked at permissions of the sudoers file on a working Mac. Admin and wheel are read only, everyone is no access. On the non working Macs, Fetching is in place of admin, wheel is read only, and everyone is no access. My conclusion is that the permissions are wrong and that's why sudo fails, but I know nothing of why this has happened or if this is the only anomaly regarding these permissions and how to repair it.

Sorry for the long winded post, but no one in my organization knows what to do. Thanks.

@kendalljjohnson exactly what we are doing. I have a larger script which looks for any user who have not logged in for a few days and removes them at logout. I just add a few lines below to the script:

if [ -e /Users/root ]
then
rm -rf "/Users/root"
fi

Happy to share the entire script if you like but this is all you need to remove this root issue.... hardest part was trying to work out why it was doing it.....

@BOBW We have a similar script running every day looking for accounts that haven't logged in for so many days so just knowing this is how you address it should do the trick. Appreciate the quick response!

Damnit Apple! Latest Supplemental update for 10.14.6 or latest Security update caused the issue again. Entire labs :(

Example

Not conclusive yet, as I just ran a test, running the Security update first and could still do a sudo. Then ran the Supplemental update and thereafter, could still sudo. Computer was a iMac Intel (Retina 5k, 27-inch, Mid 2017). It could be affecting my iMac Intel (Retina 4k, 21.5-Inch, Late 2015) models. Continuing testing

The only way I've found to fix permissions on the shudders file is to run this command:

osascript -e 'do shell script "chown root:wheel /etc/sudoers" with administrator privileges'

It's not possible to modify the owner vi the Finder or Terminal except via AppleScript. I haven't tried running this via a policy yet, only directly on a machine as an Admin user.

Thanks @jason.bracy - your workaround did the trick for the user I was assisting just now as well.

This was on a Mac running ProductVersion: 11.2.3 BuildVersion: 20D91

The last update installed was the macOS 11.2.3 update.

The error in this case was slightly different, it said:

sudo: /etc/sudoers is owned by uid 1522135644, should be 0 
sudo: no valid sudoers sources found, quitting 
sudo: error initializing audit plugin sudoers_audit

@Martinus We have seen a similar error on 1 specific Mac running 11.3.1 (20E241). We are using AD, but we have added this user to the local admin group and he still sees an error 10% of the time.

Here's a new problem on mac running 13.3.1 Ventura. Hope to get help from you guys if it's possible.

sudo: /etc/sudoers is world writable
sudo: no valid sudoers sources found, quitting
sudo: error initializing audit plugin sudoers_audit
Terms & ConditionsCookie settings