Jump to content
  • Announcements

    • Allan

      Forum Rules   04/13/2018

      Hello folks! As some things are being fixed, we'll keep you updated. Per hour the Forum Rules don't have a dedicated "Tab", so here is the place that we have our Rules back. New Users Lounge > [READ] - InsanelyMac Forum Rules - The InsanelyMac Staff Team. 
Kosta88

How to run an applescript with root privileges?

8 posts in this topic

Recommended Posts

It's quite a simple task, but I'm failing on one point. I want to create a script connecting a VPN connection on boot, so my script looks like this:

 

tell application "Terminal"

do script "route add {censored}.{censored}.{censored}.{censored} -interface ppp0" (the {censored}... is the IP for which I want a static route)

end tell

 

The terminal of course replies "must be root to alter routing table".

If I say "sudo route add...", then I get a password prompt.

So, what do I need to do to run a script as root, but NOT writing a password in the script?

 

Thanks

Kosta

Share this post


Link to post
Share on other sites

Arrg, pulling my hairs already... I never thought it will be THIS hard.

 

Alright, what I did:

- created a script via applescript (saved to desktop, test.app), script runs fine by itself, requires me to type in the password in the terminal window

- then I entered sudo visudo and added following: %admin ALL=(ALL)NOPASSWD:/Users/Kosta/Desktop/test.app

- also did "chmod 755 test.app" directly in the desktop folder

- entered the test.app into Login Items

 

And yet, on logout/login, asks for password!! Also rebooted, before you ask.

Share this post


Link to post
Share on other sites

Add the command you're running inside your script to sudoers. test.app gets executed as your normal user when invoked by OS X during startup - you can't do anything about that - so by whitelisting the command you want to run that's inside the AppleScript, when it runs "sudo <command>", sudo will let it through for that command.

Share this post


Link to post
Share on other sites

Alright, I found the script itself, it's in the /Contents/Resources/Scripts, but how do I path to that command, without now going through the trials?

The previous path is

/Users/Kosta/Desktop/test.app, and now test.app/Contents/Resources/Scripts...? Is there a safer way, because I reckon putting a "main.scpt" into sudoers, would be a major security risk, no?

 

I tried another thing: now I wrote a shell script, in my user folder /Users/Kosta/my_script, simply as a test.

Then I have it chmod 755 of course.

sudo visudo, and entered last line as:

Kosta ALL = NOPASSWD: /Users/Kosta/my_script

 

Still, when I execute the script by typing ./myscript (even sudo ./my_script), it requires a password.

 

Why?

Share this post


Link to post
Share on other sites

Easy way of giving applescript admin privilege is this

tell application "Terminal"
do script "blah blah script here" with administrator privileges
end tell

 

but would of course require password. You could instead have your VPN credentials saved as part of the connection settings:

System Preferences.png

 

and use something like this:

 

tell application "System Events"
	  tell current location of network preferences
			    set VPNservice to service "NAME OF YOUR VPN"
				  connect VPNservice
	  end tell
end tell

Share this post


Link to post
Share on other sites

The problem is not making vpn authentication, also not a problem making vpn connect automatically. Already solved that.

 

The problem is that I want to create a persistent static route for a single ip, but not over a gateway, but via the interface. In my case ppp0 is the interface.

Share this post


Link to post
Share on other sites

OK, apparently there is no viable way to do this, except putting it into the script. Since I can export the script as an app, with "execute only" option, virtually hiding the password, I guess this is safe enough.

Now, last question, if any ideas... the VPN connection in OSX is fairly stable, even after 12 hours it was still connected.

Is there a viable reconnect, or does OSX reconnect on line drop by itself? I read on another homepage one can do "return 120" value and click "stay open"... this helps anyway? It's vital the VPN stays open, not even one glitch. I didn't yet test 72hrs, but will do soon :)

 

The script is now like this:

 

tell application "System Events"

tell current location of network preferences

setVPNservicetoservice "VPN CONNECT"

if existsVPNservice then connectVPNservice

repeat until (connected of current configuration of VPNservice)

delay 1

endrepeat

endtell

endtell

do shell script "route -nv add -net {censored}.{censored}.{censored}.{censored} -interface ppp0" user name "xxxxxx" password "xxxxxxxx" withadministrator privileges

 

What do I need to do really to have the script up and running (and reconnecting if there is a problem)?

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now


  • Recently Browsing   0 members

    No registered users viewing this page.

×