Is there a way to write a "to do script" with administrator privileges like you can with a "do shell script" ? I have a script that I am writing that opens a terminal window and gets the size of another user account but I get permission denied errors. I can easily solve this by entering sudo before the command but I don't want to enter a password in the terminal window. I want to be prompted with a dialog so I can enter a password just like I would get if I used a "do shell script"
This is part of my script that I have:
tell application "Terminal"
activate
do script "sudo du -sh /Users/example"
end tell
I know that you can solve this also like this:
do shell script "du -sh /Users/example" with administrator privileges
but doing it like this opens a terminal window but does not start the command.
You can do it without involving Terminal.app at all
set userSize to do shell script "du -sh /Users/example | awk '{print $1}'" with administrator privileges
The awk command strips the size part from the result.
Your second option is correct, but it should not be used with a tell "Terminal" block at all.
With the script bellow (only the 2 lines), Terminal will not be open and the only window will be the one asking your admin password.
set UserSize to do shell script "du -sh /Users/test" with administrator privileges
display dialog UserSize
In AppleScript, you can do:
do shell script "echo 'I am (G)root'" with administrator privileges
Sorry. Anyway, a shell script can be run in JXA like this:
var app = Application.currentApplication();
app.includeStandardAdditions = true;
app.doShellScript("echo I am not root :(");
However, there doesn't seem to be an equivalent of with administrator privileges in JXA. Is there one that I'm missing, or how else should I do it? And don't tell me to use sudo. It won't work.
Put option in {} --> app.doShellScript("ls -l", {administratorPrivileges:true});
Example with multiple options : app.doShellScript("ls -l", {userName:'MyUserName', password:'0123456', administratorPrivileges:true, alteringLineEndings:false});
Look at the StandardAdditions dictionary, select "JavaScript" in the popup instead of "AppleScript" (the default).
I've searched around but couldn't quite find anything to fit my problem.
I want to create a script to replicate the following:
Open Terminal
Execute the following command:
sudo kextunload /System/Library/Extensions/AppleHDA.kext
Then have it enter my OSX admin password for me.
Then execute the following:
sudo kextload /System/Library/Extensions/AppleHDA.kext
I'm completely new to applescript, so hoping someone can help me out.
Thanks!
The hint in a comment on the question is correct (in [Apple]Script Editor, select File > Open Dictionary..., select StandardAdditions.osax, then search for do shell script to see the complete syntax), but it's important to note that do shell script will NOT open a Terminal window; instead, it'll run the shell command hidden and return its result - which is generally preferable:
do shell script's return value is the shell command's stdout output.
If the shell command returns a non-zero exit code, AppleScript will throw an error and the error message will contain the command's stderr output.
To run commands with administrative privileges, you have 2 options:
[Recommended] Let AppleScript display a password prompt:
set shCmds to "kextunload /System/Library/Extensions/AppleHDA.kext;
kextload /System/Library/Extensions/AppleHDA.kext"
# This will prompt for an admin password, then execute the commands
# as if they had been run with `sudo`.
do shell script shCmds with administrator privileges
[Not recommended for security reasons] Pass the password as an argument:
set shCmds to "kextunload /System/Library/Extensions/AppleHDA.kext;
kextload /System/Library/Extensions/AppleHDA.kext"
# Replace `{myPassword}` with your actual password.
# The commands will run as if they had been executed with `sudo`.
do shell script shCmds ¬
user name short user name of (system info) password "{myPassword}" ¬
with administrator privileges
As stated, if something goes wrong - whether it is because of an invalid password or a canceled password dialog or the shell commands returning a non-zero exit code - a runtime error is thrown.
Here's an example of trapping it and reporting it via display alert.
try
do shell script shCmds with administrator privileges
on error errMsg number errNo
display alert "Executing '" & shCmds & "' failed with error code " & ¬
errNo & " and the following message: " & errMsg
return
end try
I'm having a pretty basic shell script that's supposed to run at user login. To achieve this, I followed the guide for Automator from the first answer in this topic: Running script upon login mac
But somehow nothing happens. I also tried to create an application using the script editor with do shell script /blabla/git_credentials.sh which responded with a permission denied.
I don't see whats wrong here.
Oh, here's the script:
echo ""
echo "Setup Git Credentials"
echo "*********************"
echo "Please enter your first name: "
read fname
echo "Please enter your last name: "
read lname
echo "Please enter your mail address: "
read email
git config --global --remove-section user
git config --global user.name "$fname $lname"
git config --global user.email $email
echo "Credentials set."
Edit: I just found out that the script is being run at login, but it neither opens up a terminal nor waits for my user inputs, I have just an empty Git config after every startup. I 'achieved' this using the script editor with do shell script "$HOME/git_credentials.sh" and saving it as an application, then putting it into the login items.
The problem is that your Automator's shell script isn't connected to STDIN (i.e. your keyboard). It may run the shell script, but there's no way to pass it input since there's no terminal.
What you need to do is run the Automator action: Ask for Text to get your input.
What I found I had to do was Ask for Text, and then Set the Value of the Variable. I do this for each variable I want as input.
Once I get all of the variables I want, I then run Get the Value of the Variable for each of the variables. This puts the variables into $* for the shell script to pull up.
Now, you can execute the Automator action Run Shell Script with Pass Input as arguments. You can refer to them as $1, $2, etc.
I suggest to try this with a simple script and see if it then works. The problem is that the whole thing may execute in a sub-shell, so once the automator action ends, you lose the values of the variables you've set. I simply don't have enough experience with Automator to know exactly how it works.
I suspect you script is not currently executable.
Try fixing this by running:
chmod +x /blabla/git_credentials.sh
or
chmod 755 /blabla/git_credentials.sh
Or you are missing #!/bin/bash at the top of your script? Or is this just a part of it?
I'm trying to run a bash script in Cygwin.
I get Must run as root, i.e. sudo ./scriptname errors.
chmod 777 scriptname does nothing to help.
I've looked for ways to imitate sudo on Cygwin, to add a root user, since calling "su" renders the error su: user root does not exist, anything useful, and have found nothing.
Anyone have any suggestions?
I answered this question on SuperUser but only after the OP disregarded the unhelpful answer that was at the time the only answer to the question.
Here is the proper way to elevate permissions in Cygwin, copied from my own answer on SuperUser:
I found the answer on the Cygwin mailing list. To run command with elevated privileges in Cygwin, precede the command with cygstart --action=runas like this:
$ cygstart --action=runas command
This will open a Windows dialogue box asking for the Admin password and run the command if the proper password is entered.
This is easily scripted, so long as ~/bin is in your path. Create a file ~/bin/sudo with the following content:
#!/usr/bin/bash
cygstart --action=runas "$#"
Now make the file executable:
$ chmod +x ~/bin/sudo
Now you can run commands with real elevated privileges:
$ sudo elevatedCommand
You may need to add ~/bin to your path. You can run the following command on the Cygwin CLI, or add it to ~/.bashrc:
$ PATH=$HOME/bin:$PATH
Tested on 64-bit Windows 8.
You could also instead of above steps add an alias for this command to ~/.bashrc:
# alias to simulate sudo
alias sudo='cygstart --action=runas'
You probably need to run the cygwin shell as Administrator. You can right click the shortcut and click run as administrator or go into the properties of the shortcut and check it in the compatability section. Just beware.... root permissions can be dangerous.
Building on dotancohen's answer I'm using an alias:
alias sudo="cygstart --action=runas"
Works as a charm:
sudo chown User:Group <file>
And if you have SysInternals installed you can even start a command shell as the system user very easily
sudo psexec -i -s -d cmd
I found sudo-for-cygwin, maybe this would work, it is a client/server application that uses a python script to spawn a child process in windows (pty) and bridges user's tty and the process I/O.
It requires python in windows and Python modules greenlet, and eventlet in Cygwin.
It seems that cygstart/runas does not properly handle "$#" and thus commands that have arguments containing spaces (and perhaps other shell meta-characters -- I didn't check) will not work correctly.
I decided to just write a small sudo script that works by writing a temporary script that does the parameters correctly.
#! /bin/bash
# If already admin, just run the command in-line.
# This works on my Win10 machine; dunno about others.
if id -G | grep -q ' 544 '; then
"$#"
exit $?
fi
# cygstart/runas doesn't handle arguments with spaces correctly so create
# a script that will do so properly.
tmpfile=$(mktemp /tmp/sudo.XXXXXX)
echo "#! /bin/bash" >>$tmpfile
echo "export PATH=\"$PATH\"" >>$tmpfile
echo "$1 \\" >>$tmpfile
shift
for arg in "$#"; do
qarg=`echo "$arg" | sed -e "s/'/'\\\\\''/g"`
echo " '$qarg' \\" >>$tmpfile
done
echo >>$tmpfile
# cygstart opens a new window which vanishes as soon as the command is complete.
# Give the user a chance to see the output.
echo "echo -ne '\n$0: press <enter> to close window... '" >>$tmpfile
echo "read enter" >>$tmpfile
# Clean up after ourselves.
echo "rm -f $tmpfile" >>$tmpfile
# Do it as Administrator.
cygstart --action=runas /bin/bash $tmpfile
Or install syswin package, which includes a port of su for cygwin: http://sourceforge.net/p/manufacture/wiki/syswin-su/
This answer is based off of another answer. First of all, make sure your account is in the Administrators group.
Next, create a generic "runas-admin.bat" file with the following content:
#if (1==1) #if(1==0) #ELSE
#echo off&SETLOCAL ENABLEEXTENSIONS
>nul 2>&1 "%SYSTEMROOT%\system32\cacls.exe" "%SYSTEMROOT%\system32\config\system"||(
cscript //E:JScript //nologo "%~f0" %*
#goto :EOF
)
FOR %%A IN (%*) DO (
"%%A"
)
#goto :EOF
#end #ELSE
args = WScript.Arguments;
newargs = "";
for (var i = 0; i < args.length; i++) {
newargs += "\"" + args(i) + "\" ";
}
ShA=new ActiveXObject("Shell.Application");
ShA.ShellExecute("cmd.exe","/c \""+WScript.ScriptFullName+" "+newargs+"\"","","runas",5);
#end
Then execute the batch file like this:
./runas-admin.bat "<command1> [parm1, parm2, ...]" "<command2> [parm1, parm2, ...]"
For exaxmple:
./runas-admin.bat "net localgroup newgroup1 /add" "net localgroup newgroup2 /add"
Just make sure to enclose each separate command in double quotes. You will only get the UAC prompt once using this method and this procedure has been generalized so you could use any kind of command.
A new proposal to enhance SUDO for CygWin from GitHub in this thread, named TOUACExt:
Automatically opens sudoserver.py.
Automatically closes sudoserver.py after timeout (15 minutes default).
Request UAC elevation prompt Yes/No style for admin users.
Request Admin user/password for non-admin users.
Works remotely (SSH) with admin accounts.
Creates log.
Still in Pre-Beta, but seems to be working.
I landed here through google, and I actually believe I've found a way to gain a fully functioning root promt in cygwin.
Here are my steps.
First you need to rename the Windows Administrator account to "root"
Do this by opening start manu and typing "gpedit.msc"
Edit the entry under
Local Computer Policy > Computer Configuration > Windows Settings > Security Settings > Local Policies > Security Options > Accounts: Rename administrator account
Then you'll have to enable the account if it isn't yet enabled.
Local Computer Policy > Computer Configuration > Windows Settings > Security Settings > Local Policies > Security Options > Accounts: Administrator account status
Now log out and log into the root account.
Now set an environment variable for cygwin. To do that the easy way:
Right Click My Computer > Properties
Click (on the left sidebar) "Advanced system settings"
Near the bottom click the "Enviroment Variables" button
Under "System Variables" click the "New..." button
For the name put "cygwin" without the quotes.
For the value, enter in your cygwin root directory. ( Mine was C:\cygwin )
Press OK and close all of that to get back to the desktop.
Open a Cygwin terminal (cygwin.bat)
Edit the file /etc/passwd
and change the line
Administrator:unused:500:503:U-MACHINE\Administrator,S-1-5-21-12345678-1234567890-1234567890-500:/home/Administrator:/bin/bash
To this (your numbers, and machine name will be different, just make sure you change the highlighted numbers to 0!)
root:unused:0:0:U-MACHINE\root,S-1-5-21-12345678-1234567890-1234567890-0:/root:/bin/bash
Now that all that is finished, this next bit will make the "su" command work. (Not perfectly, but it will function enough to use. I don't think scripts will function correctly, but hey, you got this far, maybe you can find the way. And please share)
Run this command in cygwin to finalize the deal.
mv /bin/su.exe /bin/_su.exe_backup
cat > /bin/su.bat << "EOF"
#ECHO OFF
RUNAS /savecred /user:root %cygwin%\cygwin.bat
EOF
ln -s /bin/su.bat /bin/su
echo ''
echo 'All finished'
Log out of the root account and back into your normal windows user account.
After all of that, run the new "su.bat" manually by double clicking it in explorer. Enter in your password and go ahead and close the window.
Now try running the su command from cygwin and see if everything worked out alright.
Being unhappy with the available solution, I adopted nu774's script to add security and make it easier to setup and use. The project is available on Github
To use it, just download cygwin-sudo.py and run it via python3 cygwin-sudo.py **yourcommand**.
You can set up an alias for convenience:
alias sudo="python3 /path-to-cygwin-sudo/cygwin-sudo.py"
Use this to get an admin window with either bash or cmd running, from any directories context menue. Just right click on a directory name, and select the entry or hit the highlited button.
This is based on the chere tool and the unfortunately not working answer (for me) from link_boy. It works fine for me using Windows 8,
A side effect is the different color in the admin cmd window. To use this on bash, you can change the .bashrc file of the admin user.
I coudln't get the "background" version (right click into an open directory) to run. Feel free to add it.
Windows Registry Editor Version 5.00
[HKEY_CLASSES_ROOT\Directory\shell\cygwin_bash]
#="&Bash Prompt Here"
"Icon"="C:\\cygwin\\Cygwin.ico"
[HKEY_CLASSES_ROOT\Directory\shell\cygwin_bash\command]
#="C:\\cygwin\\bin\\bash -c \"/bin/xhere /bin/bash.exe '%L'\""
[HKEY_CLASSES_ROOT\Directory\shell\cygwin_bash_root]
#="&Root Bash Prompt Here"
"Icon"="C:\\cygwin\\Cygwin.ico"
"HasLUAShield"=""
[HKEY_CLASSES_ROOT\Directory\shell\cygwin_bash_root\command]
#="runas /savecred /user:administrator \"C:\\cygwin\\bin\\bash -c \\\"/bin/xhere /bin/bash.exe '%L'\\\"\""
[HKEY_CLASSES_ROOT\Directory\shell\cygwin_cmd]
#="&Command Prompt Here"
[HKEY_CLASSES_ROOT\Directory\shell\cygwin_cmd\command]
#="cmd.exe /k cd %L"
"HasLUAShield"=""
[HKEY_CLASSES_ROOT\Directory\shell\cygwin_cmd_root]
#="Roo&t Command Prompt Here"
"HasLUAShield"=""
[HKEY_CLASSES_ROOT\Directory\shell\cygwin_cmd_root\command]
#="runas /savecred /user:administrator \"cmd.exe /t:1E /k cd %L\""
A very simple way to have a cygwin shell and corresponding subshells to operate with administrator privileges is to change the properties of the link which opens the initial shell.
The following is valid for Windows 7+ (perhaps for previous versions too, but I've not checked)
I usually start the cygwin shell from a cygwin-link in the start button (or desktop).
Then, I changed the properties of the cygwin-link in the tabs
/Compatibility/Privilege Level/
and checked the box,
"Run this program as an administrator"
This allows the cygwin shell to open with administrator privileges and the corresponding subshells too.
I met this discussion looking for some details on the sudo implementation in different operating systems. Reading it I found that the solution by #brian-white (https://stackoverflow.com/a/42956057/3627676) is useful but can be improved slightly. I avoided creating the temporary file and implemented to execute everything by the single script.
Also I investigated the next step of the improvement to output within the single window/console. Unfortunately, without any success. I tried to use named pipes to capture STDOUT/STDERR and print in the main window. But child process didn't write to named pipes. However writing to a regular file works well.
I dropped any attempts to find the root cause and left the current solution as is. Hope my post can be useful as well.
Improvements:
no temporary file
no parsing and reconstructing the command line options
wait the elevated command
use mintty or bash, if the first one not found
return the command exit code
#!/bin/bash
# Being Administrators, invoke the command directly
id -G | grep -qw 544 && {
"$#"
exit $?
}
# The CYG_SUDO variable is used to control the command invocation
[ -z "$CYG_SUDO" ] && {
mintty="$( which mintty 2>/dev/null )"
export CYG_SUDO="$$"
cygstart --wait --action=runas $mintty /bin/bash "$0" "$#"
exit $?
}
# Now we are able to:
# -- launch the command
# -- display the message
# -- return the exit code
"$#"
RETVAL=$?
echo "$0: Press to close window..."
read
exit $RETVAL
Based on #mat-khor's answer, I took the syswin su.exe, saved it as manufacture-syswin-su.exe, and wrote this wrapper script. It handles redirection of the command's stdout and stderr, so it can be used in a pipe, etc. Also, the script exits with the status of the given command.
Limitations:
The syswin-su options are currently hardcoded to use the current user. Prepending env USERNAME=... to the script invocation overrides it. If other options were needed, the script would have to distinguish between syswin-su and command arguments, e.g. splitting at the first --.
If the UAC prompt is cancelled or declined, the script hangs.
.
#!/bin/bash
set -e
# join command $# into a single string with quoting (required for syswin-su)
cmd=$( ( set -x; set -- "$#"; ) 2>&1 | perl -nle 'print $1 if /\bset -- (.*)/' )
tmpDir=$(mktemp -t -d -- "$(basename "$0")_$(date '+%Y%m%dT%H%M%S')_XXX")
mkfifo -- "$tmpDir/out"
mkfifo -- "$tmpDir/err"
cat >> "$tmpDir/script" <<-SCRIPT
#!/bin/env bash
$cmd > '$tmpDir/out' 2> '$tmpDir/err'
echo \$? > '$tmpDir/status'
SCRIPT
chmod 700 -- "$tmpDir/script"
manufacture-syswin-su -s bash -u "$USERNAME" -m -c "cygstart --showminimized bash -c '$tmpDir/script'" > /dev/null &
cat -- "$tmpDir/err" >&2 &
cat -- "$tmpDir/out"
wait $!
exit $(<"$tmpDir/status")
Can't fully test this myself, I don't have a suitable script to try it out on, and I'm no Linux expert, but you might be able to hack something close enough.
I've tried these steps out, and they 'seem' to work, but don't know if it will suffice for your needs.
To get round the lack of a 'root' user:
Create a user on the LOCAL windows machine called 'root', make it a member of the 'Administrators' group
Mark the bin/bash.exe as 'Run as administrator' for all users (obviously you will have to turn this on/off as and when you need it)
Hold down the left shift button in windows explorer while right clicking on the Cygwin.bat file
Select 'Run as a different user'
Enter .\root as the username and then your password.
This then runs you as a user called 'root' in cygwin, which coupled with the 'Run as administrator' on the bash.exe file might be enough.
However you still need a sudo.
I faked this (and someone else with more linux knowledge can probably fake it better) by creating a file called 'sudo' in /bin and using this command line to send the command to su instead:
su -c "$*"
The command line 'sudo vim' and others seem to work ok for me, so you might want to try it out.
Be interested to know if this works for your needs or not.
What I usually do is have a registry "Open Here" helper in order to open a cygwin shell with administrative privileges quite easy from anywhere in my computer.
Be aware you have to have the cygwin "chere" package installed, use "chere -i -m" from an elevated cygwin shell first.
Assuming your cygwin installation is in C:\cygwin...
Here's the registry code:
Windows Registry Editor Version 5.00
[-HKEY_CLASSES_ROOT\Directory\shell\cygwin_bash]
[HKEY_CLASSES_ROOT\Directory\shell\cygwin_bash]
#="Open Cygwin Here as Root"
"HasLUAShield"=""
[HKEY_CLASSES_ROOT\Directory\shell\cygwin_bash\command]
#="c:\\cygwin\\bin\\mintty.exe -i /Cygwin-Terminal.ico -e /bin/xhere /bin/bash.exe"
[-HKEY_CLASSES_ROOT\Directory\Background\shell\cygwin_bash]
[HKEY_CLASSES_ROOT\Directory\Background\shell\cygwin_bash]
#="Open Cygwin Here as Root"
"HasLUAShield"=""
[HKEY_CLASSES_ROOT\Directory\Background\shell\cygwin_bash\command]
#="c:\\cygwin\\bin\\mintty.exe -i /Cygwin-Terminal.ico -e /bin/xhere /bin/bash.exe"
[-HKEY_CLASSES_ROOT\Drive\shell\cygwin_bash]
[HKEY_CLASSES_ROOT\Drive\shell\cygwin_bash]
#="Open Cygwin Here as Root"
"HasLUAShield"=""
[HKEY_CLASSES_ROOT\Drive\shell\cygwin_bash\command]
#="c:\\cygwin\\bin\\mintty.exe -i /Cygwin-Terminal.ico -e /bin/xhere /bin/bash.exe"
Hope this helps. Let me know if it works for you. Thanks.
PS: You can grab this code, copy and paste it and save it in a name.reg file to run it... or you can manually add the values.
Just simplifying the accepted answer, copy past the below in a Cygwin terminal and you are done:
cat <<EOF >> /bin/sudo
#!/usr/bin/bash
cygstart --action=runas "\$#"
EOF
chmod +x /bin/sudo
Try:
chmod -R ug+rwx <dir>
where <dir> is the directory on which you
want to change permissions.