Jump to content

How to run an applescript with root privileges?


  • Please log in to reply
7 replies to this topic

#1
Kosta88

Kosta88

    InsanelyMac Geek

  • Members
  • PipPipPip
  • 108 posts
It's quite a simple task, but I'm failing on one point. I want to create a script connecting a VPN connection on boot, so my script looks like this:

tell application "Terminal"
do script "route add {censored}.{censored}.{censored}.{censored} -interface ppp0" (the {censored}... is the IP for which I want a static route)
end tell

The terminal of course replies "must be root to alter routing table".
If I say "sudo route add...", then I get a password prompt.
So, what do I need to do to run a script as root, but NOT writing a password in the script?

Thanks
Kosta

#2
qwerty12

qwerty12

    InsanelyMac Protégé

  • Members
  • Pip
  • 49 posts
  • Gender:Male
  • Location:UK
Leverage the power of sudoers - particularly the NOPASSWD specifier: http://ubuntuforums....d.php?t=1132821

#3
Kosta88

Kosta88

    InsanelyMac Geek

  • Members
  • PipPipPip
  • 108 posts
Arrg, pulling my hairs already... I never thought it will be THIS hard.

Alright, what I did:
- created a script via applescript (saved to desktop, test.app), script runs fine by itself, requires me to type in the password in the terminal window
- then I entered sudo visudo and added following: %admin ALL=(ALL)NOPASSWD:/Users/Kosta/Desktop/test.app
- also did "chmod 755 test.app" directly in the desktop folder
- entered the test.app into Login Items

And yet, on logout/login, asks for password!! Also rebooted, before you ask.

#4
qwerty12

qwerty12

    InsanelyMac Protégé

  • Members
  • Pip
  • 49 posts
  • Gender:Male
  • Location:UK
Add the command you're running inside your script to sudoers. test.app gets executed as your normal user when invoked by OS X during startup - you can't do anything about that - so by whitelisting the command you want to run that's inside the AppleScript, when it runs "sudo <command>", sudo will let it through for that command.

#5
Kosta88

Kosta88

    InsanelyMac Geek

  • Members
  • PipPipPip
  • 108 posts
Alright, I found the script itself, it's in the /Contents/Resources/Scripts, but how do I path to that command, without now going through the trials?
The previous path is

/Users/Kosta/Desktop/test.app, and now test.app/Contents/Resources/Scripts...? Is there a safer way, because I reckon putting a "main.scpt" into sudoers, would be a major security risk, no?


I tried another thing: now I wrote a shell script, in my user folder /Users/Kosta/my_script, simply as a test.
Then I have it chmod 755 of course.
sudo visudo, and entered last line as:
Kosta ALL = NOPASSWD: /Users/Kosta/my_script

Still, when I execute the script by typing ./myscript (even sudo ./my_script), it requires a password.

Why?

#6
eep357

eep357

    Triple Platinum

  • Supervisors
  • 2,527 posts
  • Gender:Male
  • Location:Dark Side of The Wall
  • Interests:things and stuff
Easy way of giving applescript admin privilege is this
tell application "Terminal"
do script "blah blah script here" with administrator privileges
end tell

but would of course require password. You could instead have your VPN credentials saved as part of the connection settings:
Attached File  System Preferences.png   91.5KB   5 downloads

and use something like this:

tell application "System Events"
		  tell current location of network preferences
				    set VPNservice to service "NAME OF YOUR VPN"
					  connect VPNservice
		  end tell
end tell


#7
Kosta88

Kosta88

    InsanelyMac Geek

  • Members
  • PipPipPip
  • 108 posts
The problem is not making vpn authentication, also not a problem making vpn connect automatically. Already solved that.

The problem is that I want to create a persistent static route for a single ip, but not over a gateway, but via the interface. In my case ppp0 is the interface.

#8
Kosta88

Kosta88

    InsanelyMac Geek

  • Members
  • PipPipPip
  • 108 posts
OK, apparently there is no viable way to do this, except putting it into the script. Since I can export the script as an app, with "execute only" option, virtually hiding the password, I guess this is safe enough.
Now, last question, if any ideas... the VPN connection in OSX is fairly stable, even after 12 hours it was still connected.
Is there a viable reconnect, or does OSX reconnect on line drop by itself? I read on another homepage one can do "return 120" value and click "stay open"... this helps anyway? It's vital the VPN stays open, not even one glitch. I didn't yet test 72hrs, but will do soon :)

The script is now like this:

tell application "System Events"
tell current location of network preferences
setVPNservicetoservice "VPN CONNECT"
if existsVPNservice then connectVPNservice
repeat until (connected of current configuration of VPNservice)
delay 1
endrepeat
endtell
endtell
do shell script "route -nv add -net {censored}.{censored}.{censored}.{censored} -interface ppp0" user name "xxxxxx" password "xxxxxxxx" withadministrator privileges

What do I need to do really to have the script up and running (and reconnecting if there is a problem)?





1 user(s) are reading this topic

0 members, 1 guests, 0 anonymous users

© 2014 InsanelyMac  |   News  |   Forum  |   Downloads  |   OSx86 Wiki  |   Mac Netbook  |   PHP hosting by CatN  |   Designed by Ed Gain  |   Logo by irfan  |   Privacy Policy