OS X 10.8.5

I first realized the problem trying to delete software from a Japanese wireless carrier when I installed their client while I was there.

Then I realized I actually can run no command whatsoever that invokes sudo (or sudo su -).

The specific error message from each attempt at sudo is:

Sorry, user ___me___ is not allowed to execute ____command____ as root on ___machine____

I have confirmed I am an admin (no wheel group membership if that matters, I don't think it should).

I cannot touch or even get a read on suoders either, since the commands require sudo to do so.

I've tried repairing disk permission in Disk Utility

My "/" permissions seemed off, so I tried a solution from googling where I boot in Single User Mode and enter:

> /sbin/fsck -fy
> /sbin/mount -wu /
> /bin/chmod 1775 /
> /bin/sync
> exit

The permissions look right after that, but still same problem.

I even tried enabling root for my user via "Enable Root" from Directory Utility.

What could possibly be going on? I only noticed the problem recently but it could have existed for months before.


@Spiff's solution worked. Here is what the sudoers file had:

#User privilege specification
root   ALL=(ALL) NOPASSWD: /sbin/ifconfig
%admin ALL=(ALL) NOPASSWD: /sbin/ifconfig

The entry should have been (and now is):

#User privilege specification
root   ALL=(ALL) ALL
%admin ALL=(ALL) ALL

I know for a fact I never edited this file on this machine. Anyone have any idea how this could happen? My machine also lately exhibits the weird behavior of sometimes having cURL or Ping timeout indefinitely, while I am able to connect to the Internet via browser at the same time, and I have to restart my machine to get them to work. Paranoid me wonders if it's related to my travels in Asia (the Chinese Internet/ hassles of dealing with VPN? Japanese wireless clients?), as I only noticed the problems after I got back from the trip.

1 Answer 1


From single user mode, after remounting the root filesystem in read/write mode, run visudo to safely edit your /etc/sudoers file.

It puts you in a special instance of the vi editor that does a sanity check on the file when you try to save it.

If you aren't sure what your sudoers file should look like, compare to one from a working machine, or from a backup before the problem started.

Come to think of it, restoring a good copy of /etc/sudoers from before the problem happened should do the trick as well.

Updated to add: I suppose it's also possible that your sudoers file is OK, but your admin account somehow got removed from the admin group. You might want to check that with Directory Utility or dscl.

  • Thanks so much, editing sudoers in single user mode did the trick. I edited to show what the sudoers file looked like, as well as to describe potentially related, wonky behavior. Really, no idea what happened or if I should be concerned about being compromised.
    – rfish26535
    Commented Apr 24, 2015 at 14:58

You must log in to answer this question.

Not the answer you're looking for? Browse other questions tagged .