I am developing cocoa application for mac. In my application I want to create bandwidth pipe. I am using command "sudo ipfw pipe 1 config bw 50" to create bandwidth pipe.
My problem is that its asking for user password when execute this command. How can i execute this command using objective-c without asking password?
I read somewhere that it can be achieved by inserting "user_name ALL=NOPASSWD ALL" in visudo file. I tried this and found that by inserting this entry in visudo file its not asking for password.
My query is that is there any other method to run this command without password or is there any method to insert "user_name ALL=NOPASSWD ALL" in visudo???
Related
I have the following task for my golang code:
The command has to be run as root user on the server remotely in bash and the command output has to be fetched in a variable.
Logging over ssh as root is disabled.
sudo on the server is disabled, so I have to use 'su -' and type password
since I want to make it as automated as possible in bash, the password has to be stored inside the command
Here are the workflow actions:
Login via SSH (as unprivileged user) to remote host
Elevate to privileged 'root' user --> su -
Type the root password
run the command which root can execute
get to output to string on localhost and do some actions
I have Googled for days, but it seems that I cannot find a solution for this.
Does anyone have a solution to this?
The issue you are facing is concerning interacting with the command after it has been executing.
It is quite easy to use exec.Command for non-interactive commands.
I would recommend using Expect for interaction, or the Golang equivalent located here.
I am using osascript in a BASH script for dialog boxes on a MAC system. The problem I am having is several of the commands I need to use require privilages to function correct. If I use sudo in the BASH script, the password prompt shows in the terminal window. Is the some way I can hook the sudo password prompt into an osascript dialog box? Or is there a different way I can handle asking for the password in an osascript dialog box and passing it to some other program to handle it?
What worked for me was to create the BASH script and then use osascript to call it.
$ osascript -e 'do shell script "/Path/yourbashscript.sh" with administrator privileges'
This will prompt a dialog box straight from Apple's infrastructure. Same one you see when you're asked for your username & password.
You can run this in terminal or use a third-party wrapper like, Platypus
You can suppress the password interface by modifying your Mac's authorization rights.
Use the built-in security command line tool or authbuddy to change the system.preferences.accessibility right to allow:
sudo security authorizationdb write system.preferences.accessibility allow
Opening up the system.preferences.accessibility right will permit any user to change the accessibility settings without a password prompt.
I want to run the following sample bash script which needs sudo password for a command
#!/bin/bash
kinit #needs sudo password
vi hello.txt
while running the above script it is asking for password.
How can i pass the username and password in the command itself or is there any better way i can skip passing my password in the script ?
TL;DR
You can't—at least, not the way you think.
Longer Answer with Alternatives
You have a couple of options:
Authenticate interactively with sudo before running your script, e.g. sudo -v. The credentials will be temporarily cached, giving you time to run your script.
Add a specific command such as /usr/lib/klibc/bin/kinit to your sudoers file with the NOPASSWD option. See sudoers(5) and and visudo(8) for syntax.
Use gksudo(1) or kdesu(1) with the appropriate keyring to cache your credentials if you're using a desktop environment.
One or more of these will definitely get you where you want to go—just not the way you wanted to get there.
So if you have access to your full system, you can change your sudoers file to allow certain sudo commands to be run w/o a password.
On the command line run visudo
Find your user and change the line to look something like this:
pi ALL=(ALL) NOPASSWD: /path/to/kinit, /path/to/another/command
That should do it. Give it another shot!
Hope that helps
You shouldn't pass username and password. This is not secure and it is not going to work if the password is changed.
You can use this:
gksudo kinit # This is going to open a dialog asking for the password.
#sudo kinit # or this if you want to type your password in the terminal
vi hello.txt
Or you can run your script under root. But note that vi is going to be ran as root as well, which means that it will probably create files that belong to root, that might be not what you want.
I have a lua script, running on the Mac, that needs to call sudo.
I'd hoped that Mac OS would automatically bring up a password request dialog, but instead it the command fails by returning 256.
Is there anyway that I can achieve my goal?
Tim
Quick and easy way: run it like this
/usr/bin/osascript -e 'do shell script "/path/to/myscript args 2>&1 etc" with administrator privileges'
Proper and configurable way: use AuthorizationExecuteWithPrivileges API from Authorization Services (in Security.framework).
Both will display standard Mac OS X GUI asking for administrator password and then execute the command as root, the same way as sudo does except that SUDO_USER environment variables will not be set.
If you need to execute individual commands from under user account when you're already elevated to root, you can prepend them with /usr/bin/sudo -u $USER.
I wrote a shell script to hook into a password protected database. A couple of others want to use the same shell script to share the database access, but I don't want to expose the password that is being used. Is there a way to lock the script so that no one can read it and only execute it? It'd also be ideal for them to enter their sudo password to run the script
Is there a way to lock the script so that no one can read it and only
execute it? It'd also be ideal for them to enter their sudo password
to run the script
Sure. Let's say the script containing the credentials is /usr/local/bin/myscript. Make this file owned by a privileged user. Let's say we have a user named "credentials":
# chown credentials /usr/local/bin/myscript
# chmod 700 /usr/local/bin/myscript
Now only the credentials user can read and execute this script.
Create another script /usr/local/bin/mywrapper that looks like this:
#!/bin/sh
exec sudo -u credentials /usr/local/bin/myscript
And create the appropriate /etc/sudoers entry:
auser ALL=(credentials) /usr/local/bin/myscript
So now, user auser runs "mywrapper". This in turn uses sudo to call the real script, which will prompt auser for their password.
I think this does everything you want. We use a mechanism very much like this at my office to protect credentials (in our case, ssh private keys).
In order to execute a shell script, you have to be able to read it. There are a couple of things you could do:
Who administers this database? Could the users get their own passwords for read only access? That would be ideal because it could limit their access to a small subset of the database.
If they have to have sudo access to run this script, maybe it's possible to remove the password out of the file and into a file that has 600 permissions set. The problem is that this could leak. For example, what if they run the script with set -xv? Then, they could see the password as the script executes.
Can you create a subset of data they might be interested in outside of the database? Then, have your script access that?
Or, you might want to take a look at several read-only modules in Perl. I'm thinking something like Acme::EyeDrops or Acme::Bleach which remove all those unsightly letters and numbers from your Perl script. (And I wonder why Python programmers say Perl is unreadable?)