I’ve had this line in my /etc/sudoers file for years:
1
Defaults insults
It enables the insults option, which prints a funny message instead of boring “Sorry, try again” when you type an incorrect password for sudo. The man page says:
If set, sudo will insult users when they enter an incorrect password. This flag is off by default.
I noticed that it stopped working quite a while ago — I don’t remember seeing the insults in OSX 10.11.6, nor now in 10.13.3.
The output doesn’t contain any --with-*insults option. You will also need these options below.
The answer provides an instruction how to build your own version with the flag enabled. The steps below slightly extend the instruction, serve as a backup, and also inform you, the reader, about this possibility in case you use OSX and want to do the same.
Nota bene: Make a system backup first!
0. Manual backup
A manual backup of the binaries is useful as well:
$ curl -O https://opensource.apple.com/tarballs/sudo/sudo-86.tar.gz
$ tar xvzf sudo-86.tar.gz
3. Build
Configure, build, and install sudo. If you just want to enable the insults, you can paste all the original build options from the output above and add two more: --with-all-insults and --prefix=/usr, the latter says we want install everything into /usr overwriting the system sudo:
1234
$ cd sudo-86/sudo/
$ ./configure --with-all-insults --prefix=/usr --with-password-timeout=0 --disable-setreuid --with-env-editor --with-pam --with-libraries=bsm --with-noexec=no --sysconfdir=/private/etc --without-lecture --enable-static-sudoers --with-rundir=/var/db/sudo
$ make -j
$ sudo make install
If the sudo make install command fails you need to disable the System Integrity Protection first: reload into the Recovery Mode (hold Cmd+R during boot), launch Terminal, and run csrutil disable.
4. Enable the option
If you don’t have the Defaults insults line in your /etc/sudoers yet, type sudo visudo and add it.
5. Try it
Force sudo ask you for password and see what it prints:
123456
$ sudo --remove-timestamp
$ sudo ls /
Password:
He has fallen in the water!
Password:
We'll all be murdered in our beds!
Also note
The custom-built sudo is very likely to be overwritten on system update, when a newer sudo is installed. I haven’t come up with any automated way to monitor the binary since it should happen rather rarely. And I don’t even know it’s possible to somehow automagically patch and install custom sudo when an update brings a newer version. It would be nice to have something similar to Linux’s DKMS, which automagically rebuilds kernel modules when a new kernel is installed.