I’ve had this line in my
/etc/sudoers file for years:
It enables the
insults option, which prints a funny message instead of boring “Sorry, try again” when you type an incorrect password for
man page says:
If set, sudo will insult users when they enter an incorrect password. This flag is off by default.
I noticed that it stopped working quite a while ago — I don’t remember seeing the insults in OSX 10.11.6, nor now in 10.13.3.
There is an easy and straightforward explanation from this StackExchange answer: https://apple.stackexchange.com/questions/257405/how-do-i-install-sudo-insults-on-mac/257430#257430 — apple has been building
sudo without this option for a while now (why?!). Here is a way to verify it:
The output doesn’t contain any
--with-*insults option. You will also need these options below.
The answer provides an instruction how to build your own version with the flag enabled. The steps below slightly extend the instruction, serve as a backup, and also inform you, the reader, about this possibility in case you use OSX and want to do the same.
Nota bene: Make a system backup first!
0. Manual backup
A manual backup of the binaries is useful as well:
1. Prepare directory
cd into a directory where you’ll build
2. Get the source
Go to https://opensource.apple.com/ and find the link for your OSX version, say https://opensource.apple.com/release/macos-10133.html is for OSX 10.13.3. Find the sources archive for
sudo, download and extract it:
Configure, build, and install
sudo. If you just want to enable the
insults, you can paste all the original build options from the output above and add two more:
--prefix=/usr, the latter says we want install everything into
/usr overwriting the system
1 2 3 4
sudo make install command fails you need to disable the System Integrity Protection first: reload into the Recovery Mode (hold
Cmd+R during boot), launch Terminal, and run
4. Enable the option
If you don’t have the
Defaults insults line in your
/etc/sudoers yet, type
sudo visudo and add it.
5. Try it
sudo ask you for password and see what it prints:
1 2 3 4 5 6
sudo is very likely to be overwritten on system update, when a newer
sudo is installed. I haven’t come up with any automated way to monitor the binary since it should happen rather rarely. And I don’t even know it’s possible to somehow automagically patch and install custom
sudo when an update brings a newer version. It would be nice to have something similar to Linux’s DKMS, which automagically rebuilds kernel modules when a new kernel is installed.