user is not in the sudoers file. This incident will be reported.

This was what I saw on my first day at my job. I thought I was gonna get fired on my first day.

So here I am... thinking to myself how does this kid not know about the shift key?

Me: "Ok we're going to test see if you have sudo access. Please enter your password, now"
Student: ~stares at the black terminal box and begins pressing the caps lock key. The light doesn't display~
Student: "Um... what? Do I need to enter a new password?"
Me: "No"
Continues to click the caps-lock button and waiting for a light to appear on the keyboard. It doesn't. He continues clicking.
Me: "You need to press the shift button"
Him: "What???"
Me: "You need to press the shift button"
Him: "Um.. I don't understand"
Him: Presses shift button, nothing happens. Goes back to pressing caps lock button.
Me: "Your password has a capital letter in it right?"
Him: "Um... yeah."
Me: "Press the shift button to capitalize your letters."
Him: "I don't understand... Do I need to enter a new password?"
Me: "No... you need to press and hold the shift key to get a capital letter"
Him: "................................ ............................................ . . . . . .. .. .. .. .. .. . . . . . . . . . . . . ...................... . . . . . . . Oh..."
Him: "Presses and holds the shift button with his thumb and then presses the Z key."
Me: ~What in the hell are you doing?~ 🤦
Me: "Perfect it looks like you are a part of the sudoers list."
Me: "You can take you computer back."
Me: ~Do you fucking use the caps lock key to capitalize all the first letters in your sentences? Please tell me you don't!~

This one time I aliased a coworkers 'sudo' with 'sl' (sl shows a train running across the screen)

And then I removed him from the sudoers group and sudoers list.

I then magnified his screen 200%

Changed his background to a shitty narwhal.

And then full screened a terminal with the 'sl' train stuck in a while loop.

You can't control c out of the terminal.

He solved the first part really quickly, fixing the full screened terminal and exiting out of it, magnification and the background.

But took him 4 days to find that I had fucked up his sudo. Apparently, he didn't need to use sudo in those 4days. It wasn't until he mentioned it out of the blue.

How did he find out about it? He was running an important script that had sudo in it. When he ran the script a train would pop up and his script would terminate early.

He came to me and cursed me to Satan's anus. He then asked me to fix it, but then changed his mind and said that he'd do it himself. After a while he couldn't figure out what I had done.

I walked him through it. Told him that he had to go to his .bashrc file and remove the alias.

Later he comes back to me and curses me to the 12th circle of hell. He found that he was no longer a sudoer. At this point he gave me access to his computer and told me to reverse everything that I had done.
Added him back into the sudoers group and called it a day.

Lesson to be learned? Don't leave your machine unlocked.

Who said Linux cant be hacked?
Despite of best practises, now I am out of the sudoers list of my own machine.

Looks like /dev/body got tainted.. nasal memory leaks all over the place 😷

$ kill -9 $(pidof cold)
... Nothing.
$ sudo !!
I said kill the fucking cold!!! Y u no listen to your admin?! 😠
> User condor is not in the sudoers file. This incident will be reported.

RRRRRRRRREEEEEEEEE!!!! 😣😣😣
I just want to finish my goddamn power supply project, instead of getting bed-ridden by a cold, and running through paper towels like there's no tomorrow 😭

Just added a group to my user without the -a option....

Result: my user no longer belongs to the sudo group and I do not have access to the root user or sudo.

Hopefully the group I added was docker, time for some container shenanigans to escalate my privilege back.

I remember someday from a few years ago, because i just got off the phone with a customer calling me way too early! (meaning i still was in my pyjamas)

C:"Hey NNP, why si that software not available (He refers to fail2ban on his server)
Me: "It's there" (shows him terminal output)
C: " But i cannot invoke it, there is no fail2ban command! you're lieing"
Me: "well, try that sudoers command i gave you (basically it just tails all the possible log files in /var/log ) , do you see that last part with fail2ban on it?
C: "Yeah, but there is only a file descriptor! nothing is showing! It doesnt do anything.
Me: "That's actually good, it means that fail2ban does not detect any anomalies so it does not need to log it"
C:" How can you be sure!?"
Me: "Shut up and trust me, i am ROOT"

(Fail2ban is a software service that checks log files like your webserver or SSH to detect floods or brute force attempts, you set it up by defining some "jails" that monitor the things you wish to watch out for. A sane SSH jail is to listen to incoming connection attempts and after 5 or 10 attempts you block that user's IP address on firewall level. It uses IPtables. Can be used for several other web services like webservers to detect and act upon flooding attempts. It uses the logfiles of those services to analyze them and to take the appropriate action. One those jails are defined and the service is up, you should see as little log as possible for fail2ban.)

So today's conversation with my co-worker who built our build system...

Me:OS X build server is not building valid installs.
Him:What's the problem?
Me:The KEXT is not rebuild... I think that Jenkins isn't capable of updating the file because of the permissions the script set when you test compiled it manually... Could you please add Jenkins user to sudoers file or something?
Him:Yes of course, but what should I google?

WTF dude? Do you even think yourself? And for some reason no-one has acces to the build servers configs exept for him and he shows up like 3 times a week...

How do you do bootstrapping of blanko machines?
Imagine you get a linux/BSD/osx machine and you want it set it up to a defined state to be prepared for further setup.
Like users
ssh config
Sudoers file
Config management client or credentials
Software like vim, htop and tmux

A simple shell script sounds a bit archaic to me and i was wondering, if there is a better way...

Makefiles also came to my mind but still... Unsatisfactual

At work I help manage a fleet of Apple hardware that acts as our iOS build pipeline, and today I tested out MacOS Sonoma on one of the build nodes. The update went fine, but the test build failed because it didn't have sudo access for a specific command. I looked into it a little more, and it appears that the update set the sudoers file back to default! Like, why would you do that? Why would you mess with a configuration like that just for an OS update? It doesn't make any sense to me, and now I'll have to go and fix each sudoers file manually after I update the rest of the nodes. So, thanks Apple.

Made a syntax error in my sudoers file and somehow deleted the .tmp file so I don't have permission to change my sudoers file.