Jamf Nation Community

taugust_ric · ‎08-28-2021

I have a pool of systems where sudo is stuck - entering any command into the terminal that you need to elevate using sudo gets hung - sudo never requests the password, and the command never runs.

The only common denominator at the moment is that all the systems with this issue are running Big Sur. But it's definitely not all of them. I've checked the system log for errors and am not seeing anything useful is being logged when I run the sudo command, at least to my eyes.

Interestingly, if you enable the root account on the system, set the root password, and then you use su instead of sudo, that works fine. Also, no issues entering admin credentials in the UI, like for example, to make changes to admin locked System Preferences - this issue is isolated to terminal commands.

Anyone else see this? My google-foo is failing me on this one. Trying to find any troubleshooting for sudo is so tough since it's a part of so many commands people post online... and it doesn't seem to be a widespread issue.

Thanks in advance!

Pickyvegan · ‎08-28-2021

I think in Jamf you don't need sudo as it runs your commands as root user

Yogi

taugust_ric · ‎08-29-2021

I’m using the jamf command from the terminal itself - this does require sudo for most uses of it, unless something has changed recently. The sudo lockup also occurs when running other commands that require it as well.

Pickyvegan · ‎08-29-2021

I see.

This is what I found, worth to try it out

https://discussions.apple.com/thread/7906178

Yogi

taugust_ric · ‎08-29-2021

Thank you - however, the sudoers file looks fine. I compared the sudoers file on a system having the problem to one that's not having any issues and they are identical, so I'm hesitant to touch anything else there.

Pickyvegan · ‎08-29-2021

I'd give a try to wait for several minutes (about 10 as it says in the guide) if it is so - I'd change one Mac just for sake of curiosity 🙂

Yogi

pete_c · ‎08-29-2021

Does it happen regardless of the logged-in user account, or if you manually create a new local admin? How were the user(s) created? How was the OS installed, or was it (ugh) cloned in some fashion? Does the same behavior exist when booted into Safe Boot mode?

taugust_ric · ‎08-29-2021

The user was created during the enrollment process - it's the same administrator account used by jamf to manage the system.

I haven't cloned a system in about 4 years - if a system needs to be "imaged", it's done either though recovery, internet recovery, or the macOS installer using the erase option.

I haven't tried safe mode or building a new account yet to see if it persists across different accounts. Safe mode might be tough because most of my work is done remotely.

Thanks for the suggestions.

sdagley · ‎08-30-2021

@taugust04 Any possibility that the Macs exhibiting this problem have installed a sudo plugin that may be failing?

taugust_ric · ‎08-30-2021

Hi - they are managed lab systems without anyone having administrative access other than IT staff, so the chances are low. TBH, I didn't realize there was such a think as a sudo plugin. What should I be looking for to see if one is installed or not?

sdagley · ‎08-30-2021

@taugust_ric Any sudo plugin would be referenced in /etc/sudo.conf

taugust_ric · ‎08-30-2021

First, I want to thank everyone who has offered ideas into this. I don't think I was very good at describing the entire situation and the troubleshooting I've performed, and that's on me, let me give some better specs and troubleshooting done so far:

Systems exhibiting this issue are installed in multiple computer labs
The computer labs all have recent vintage Intel iMacs, with a clean OS install (drive erased, fresh OS from Apple macOS Recovery) done in July/August '21
All systems are running macOS 11.5.2 - some systems exhibited the same problem with versions 11.4 and up before macOS software updates were installed as part of regular maintenance.
I've checked the sudoers file on all the systems that are having a problem, and they are configured exactly the same as those that are working fine.
The systems that are working fine - they are in the same labs and running the same software as mentioned above. All the systems, with and without the issue, have executed the same policies to get them to their current configured state.
Systems are bound to active directory, but were exhibiting sudo issues before that occurred.
Systems authenticate to admin fine from GUI - and jamf tasks run through policies and/or Jamf Remote execute as they should. The sudo lockup only occurs when logged in through ssh or when run through the Terminal.

scottb · ‎08-30-2021

Did you by chance have any restrictions placed on the Terminal app? I once did that for a small group and forgot about it...drove me mad until I remembered it.

*Edit. I guess if that were the case you'd not be able to launch it. More coffee...sorry.

Jamf Nation Community

sudo commands "stuck" in terminal ???