Original problem: on my MacBook Pro, the video camera keeps freezing. Found the solution is to type
sudo killall VDCAssistant
in a terminal, and provide my password (I have admin privileges).
Now I would like to make this a single command (that doesn't need a password). I found that it is possible to use visudo to edit a file that tells sudo what commands might be run without requiring a password. Obviously it would be too dangerous to make killall itself "password free", so I was hoping I could wrap the specific command inside another script; make that script "password free"; and get on with my life. So here is what I did:
Create a file called video, which contains
!#/bin/bash
sudo killall VDCAssistant
Put it in /usr/local/bin, give permissions chmod 700 video, and rehash. When I type video, I get prompted for my password. So far so good.
Next, I ran visudo and added the lines
User_Alias USERS = myusername
CMND_Alias CMDS = /usr/local/bin/video
USERS ALL = (ALL) NOPASSWD: CMDS
But that doesn't have the desired effect. I am still prompted for the password. If I make root the owner of the script, it doesn't change things. If I leave out the sudo part of the command, it tells me "No matching processes belonging to you were found".
Does anyone have a trick that I missed - how do I achieve my goal (using a single-word command to perform the killall for a process I do not own, without having to type my password)?
I have read the answers to how to run script as another user without password but could not find anything that applied here; I also read the answers to sudo with password in one command line - that is where the inspiration to use visudo came from - but again it didn't give me the answer I was looking for. Obviously I can't save my password in plain text, and I don't want to remove the "normal" protections from killall.
Is there a way to do this?
If you have an actual binary executable, you can set the setuid bit on it using chmod 4755, and then the binary will always execute as whichever user owns it (most useful if it is root, obviously). However, this doesn't work on shell scripts, for security reasons. I'm not 100% sure that this is the case, but it is possible that visudo may also be ignoring shell scripts for the same reasons.
If you've got Xcode installed, though, you can build an actual binary program to run the killall command, and then you can set the setuid bit on it. This Swift program should do the trick:
import Foundation
guard setuid(0) == 0 else {
print("Couldn't set UID 0: error \(errno)")
exit(-1)
}
let killall = Process()
killall.launchPath = "/usr/bin/killall"
killall.arguments = ["VDCAssistant"]
killall.launch()
killall.waitUntilExit()
Save the above in a text file called video.swift. Run the following command:
swiftc video.swift -framework Foundation
This will create a file called video in that directory. Move the file to /usr/local/bin, change the owner to root and setuid that sucker:
mv video /usr/local/bin
sudo chown root:wheel /usr/local/bin/video
sudo chmod 4755 /usr/local/bin/video
Now it should work.
If you want to get fancier, it would probably also be possible to rig up a plist in /Library/LaunchDaemons and get launchd to automatically kill the process every so often.
I'm a total bash noob but try checking this answer, the problem here might be with your sudoers file. I tried replicating your problem and encountered the same behaviour, with this answer I was able to make it work. I can't say anything about safety of this solution. To sum up:
I've created a file called video while logged in as root with following contents:
#!/bin/bash
sudo killall VDCAssistant
set it's permissions chmod 700 video and rehashed
using visudo I've added a following line mysuername ALL=NOPASSWD:ALL below the line %sudo ALL=(ALL:ALL) ALL since myusername is a member of group sudo
sudo video runs the script and kills the process
by adding alias VIDEO 'sudo video' to your .cshrc file, you can make this a true "one word command"
The answer by Charles Srstka solved my immediate problem; subsequent clarifications by #mspaint showed that the script-based answer could in fact also be made to work. I then discovered a nice additional touch that I wanted to share for anyone that runs into this problem. This is "how do you make the whole process seamless".
1) "Hide" the killall command in a script:
Create a text file with the following lines:
#!/bin/bash
sudo killall VDCAssistant
and save it to /usr/local/bin/restartVideo.sh
Change the permissions: chmod 700 restartVideo.sh so only you can run it.
2) make the restartVideo.sh script password-free for use with sudo
Next we need to edit the sudoers file so there is no need to prompt for the password when running the above script. The editing is done by sudo visudo - this edits a copy of the file in vim, and checks it for errors before overwriting the original. Add the following lines to the file:
# my user can run the restartVideo.sh command with sudo without password:
User_Alias ME = myUserName
Cmnd_Alias VIDEO = /usr/local/bin/restartVideo.sh
ME ALL = (ALL) NOPASSWD: VIDEO
This last line actually means "user 'ME' (defined with the User_Alias command), from 'ALL' terminals, and executing as any member of '(ALL)', can without password (NOPASSWD:) execute all commands defined by VIDEO. Save the file - make sure there are no errors / warnings! N.B.: in my original question it appears I had used CMND_Alias instead of Cmnd_Alias; that must have generated a warning that I overlooked ... and it may be the reason my original approach wasn't working (???).
3) Create a Service to invoke the script
For this I turned to the Mac Automator application - in particular, I created a new Service.
Search for the actions that have "run" in their title, and pick "Run shell script":
Using the default shell, run the command sudo /usr/local/bin/restartVideo.sh, taking no inputs. Make the command available to any application.
Finally - save the script as "Restart video".
And by miracle, you get the following menu item (showing it here for Skype):
Now you can just select that menu item, and your camera comes back to life.
Related
I'm both new here and with MacOS and coding.
I know in windows I can create bash file to have an executable command in cmd. I've researched and discovered I can use similar file with MacOS (shell files) but I'm struggling to understand how to make one. I've tried different route:
As first thing I've tried creating a file in txt editor with this code:
#!/bin/bash
pip3 install pgzero
echo Installing Pygame Zero
Using later 'chmod 700 Filename' in terminal. It did not worked
I then tried with Apple Scrip, with a code like:
tell application "Terminal"
activate
do script "pip3 install pgzero"
do script "echo Installing Pygame Zero"
end tell
and it kinda worked, but it wasn't an executable
Then I tried with another approach found on google:
echo '#!/bin/bash
pip3 install pgzero
echo Installing PyGame Zero'> ~/Desktop/PygameInstaller.command
chmod 740> ~/Desktop/PygameInstaller.command
and it still didn't worked D:
Can someone land a bit of help? I'm starting feeling lost q,q
Thank you in advance!
In terms of what you want in your shell script, your first attempt is probably close to what you want but the echo should precede the pip3 command. I guess if you change the verb from Installing to Installed, then you could leave it where it is.
$ cat <<EOF > ~/Desktop/PygameInstaller.command
#!/bin/bash
echo Installing Pygame Zero
pip3 install pgzero
EOF
$ chmod 700 ~/Desktop/PygameInstaller.command
The permissions you assign to the script and the script's location depend on who you want to grant execution. If it's only you, then your desktop and 700 should be fine.
Now, if you want to execute the script from a command line like what you would see if you opened an instance of Terminal.app, then you have options.
If you want to fully specify the command, then you would type this (showing prompt which you would not type):
$ ~/Desktop/PygameInstaller.command
If you want to specify only the name of the script, then you would type this after adding ~/Desktop to your PATH:
$ PATH="$HOME/Desktop:$PATH"
$ PygameInstaller.command
If you prefer to type only PygameInstaller, then don't put the code in a file named PygameInstaller.command. Instead, you put the code in a file called simply PygameInstaller.
If you need the script to be executable by everyone, then put it in /usr/local/bin because most people will either have that in their PATH or have no political problem doing so. But you'll have to use the sudo command to elevate your privileges to accomplish that task.
If, however, you want to have that script be treated like any other app that you can launch with a double-click, then you have significantly more work to do.
Cannot create a useful script for scheduling the macports update and upgrade weekly e.g..
I tried a tiny script here:
on run {input, parameters}
do shell script "sudo /opt/local/bin/port selfupdate && sudo /opt/local/bin/port upgrade outdated && sudo /opt/local/bin/port clean --all installed" user name "<username>" password "<password>" with administrator privileges
return input
end run
And put this into Automator
Then as it running, the window will be frozen and if anything returns during the run, it shows as an exception message.
Can you write a useful script to get things done?
Thanks for help!
I think you are better off looking into the cron utility, that nowadays must be explicitly enabled. For all what I know, you can also get hold of a utility named Cronnix, to set it up. Your other alternative is to use Launchctl, here there is a friendly user interface named Lingon, that you can buy from the appstore.
There will always be an error log from updating MacPorts, that you should really read. The other thing is that when some packages gets deprecated, or some conflict occurs, then the update command really will require you to interact, by moving stuff aside, so the approach of using something to update Macports isn't as favourable as it may seem.
How about creating a recurring calendar event reminding you to do it? :)
If you are really tenacious about getting this to work, then you'll have to use the do shell script with administrator privileges, and if you don't like the dialog with password, and username, then you can hardcode those into your automator action. You'll then have to let go of sudo, since the ´with administrator privileges` does that for you.
do shell script "your shell script without sudo" user name "hardcodedusername" password "hardcodedpassword" with administrator privileges
I need to execute a command which is needed to run as root.
I read some post about using hard-coded passwords in scripts could be insecure, but actually I don't care because I'm providing root password to users anyway. It's an stripped system and there's only 2 users: client and root, so avoid warning me about security issues, Go ahead and give a quick and dirty solution.
For this bash script I need to
get as superuser using su,
then "my command",
and then logout.
I don't want the terminal prompt to type the password myself, instead read the password that I'm providing somewhere in script and run the command. It's a priority to not prompt any input by user.
Alternatively, maybe I could install sudo, but is there any chance to run a command without any prompt of password (editing sudoers or something)?
What about of using expect?
Update: I forgot to say that is also a portable SO, used for USB sticks (maybe later for CDLive too), as you know, in some distros of this kind is provided a root password if users needed. The command mentioned before is a package extensions for some application install, and only root have privilegies to execute such command (I have to say it's not a apt-get install or rpm command, so don't worry about this).
If you want a command to be runnable with no password, set that specific command as runnable with no password in your /etc/sudoers file (limiting the arguments to only the specific ones you wish to allow, if your use case allows that limitation).
This is as simple as setting the NOPASSWD: flag for the relevant sudoers entry.
If you really, really don't care about security, it could be as simple as this:
%admin ALL=(ALL) NOPASSWD: ALL
(after putting sudo-capable users in the admin UNIX group)
...or, if you did care, you could do something specific:
someuser ALL = NOPASSWD: /usr/local/sbin/my_admin_command
Note that if these commands will be run with no user present, they also may not have a TTY assigned; in such a case, you must be sure that your sudoers file doesn't contain the (oft-present-by-default) line:
Defaults requiretty
...or that the effect of this default is being specifically discarded by the line granting permissions.
I'm a complete novice at this (terminal in Mac leopard) and hoping to get an lifeline from the web as I've certainly hit a wall.
I want to run a script as a root in terminal. The script is saved as a text file with a .rtf extension. I've inserted into terminal:
sudo filename.rtf
then I get asked a password which I've typed in (admin password) and pressed enter; then it shows a prompt: sudo: Mac: command not found
I've tried it with the extension hidden but got the same result. Any pointers on what I'm doing wrong?
Thanks in advance
You need to first get the script out of the .rtf file and into a plain text file (open it up in TextEdit and select "Make Plain Text" from the format menu, then save it again as myscript.sh).
Now you can type
sudo sh myscript.sh
The "magic" sh letters there are because as another responder says, sudo will temporarily elevate you to superuser and run a program. In *nix environments, that would be anything with the executable bit set, meaning that someone's explicitly told the operating system that it's safe to run a file. In your case, your myscript.sh has not been "blessed" in this way, so to run it you need to feed it into a program that knows how to understand it. That program is sh, and it does have the executable bit set. Thinking of it as sudo (sh myscript.sh) might make it a bit clearer.
If you plan on running this script a lot, you might want to actually make it executable on its own. This amounts to putting special instructions inside the file that tell the operating system how the file should be run. If you stick #!/bin/sh (this is called a shebang line and tells the OS what to do with your file) on the first line of your script, and then type chmod u+x myscript.sh (this tells the OS that you, and only you, are allowed to execute your file), you'll be able to run the file directly with sudo myscript.sh.
sudo is used to execute commands as the root user of the machine.
when you type
sudo [somthing]
the shell grants temporary root privilges and then executes the given "somthing"
assume your script is in bash, you should have done
sudo sh filename.rtf
Also, it's better to save script as plain txt, with an sh extension, so you would execute
sudo sh myscript.sh
first set the script as executable:
chmod +x filename.rtf
Then you can run it like so:
sudo ./filename.rtf
I'm using Ubuntu 9.04 x64 and,
I have a file startup.rb in which I call sudo bash, so that I always have a root console to do administrative tasks without typing password after every 15 minutes or so.
This script is called by another script Startup.rb, and content of both files are like this -
File ~/Startup.rb
#!/usr/bin/ruby
system "gnome-terminal --maximize -x ruby ~/startup.rb"
File ~/startup.rb
#!/usr/bin/ruby
`sudo some-repetitive-administrative-task`
....
....
`sudo bash` #Not using `sudo -i`, since that makes `pwd` -> /root
I have included the ~/Startup.rb file in Startup Applications list.
Now the problem is that, in the terminal of sudo bash, if I type something and expect some output, I don't get any. So if I write echo hello world, I don't get any output. Which leads me to believe that the standard output (stdout) of the sudo bash command is not the console.
So, I want to know why is this happening? How may I know the current stdout path? Or how can I restore stdout back to my current console?
-- thanks
You're using an inapproriate method to run system commands from Ruby. Try this instead:
#!/usr/bin/ruby
system 'bash'
The syntax you're using (with the backticks) captures the standard output of the command and returns it in a string. That's why you don't see it on the terminal.
Here's a nice review of the different ways to run commands from Ruby: 6 Ways to Run Shell Commands in Ruby.
If you are only interested in an easier way to run administrative tasks as root, there might be a few other things you might consider.
$sudo -s
This will give you a shell in which you can submit commands as your sudo'd self (assuming that sudo has been setup so that you can run a shell via sudo).
Another thing you can do, though not always recommended or considered good form in Ubuntu is to create a root account:
$sudo passwd root
then you can login as root and administer things that way.
I know this doesn't answer your specific question about ruby, but I hope you find it helpful.