Looks like no one’s replied in a while. To start the conversation again, simply ask a new question.

User profile for user: ttback
ttback Author
User level: Level 1
4 points

How to run sudo commands in Automator?

I need to run "sudo python setup.py install" in shell in order to install a python script in automator.
I read many blog entries and references about how to accomplish this but none of the applescript that supposed to take the password from the user worked as they should. I learned that you can run applescript + shell script in automator, but I don't know how to incorporate these two together to make sudo work.

For example, from here: http://discussions.apple.com/thread.jspa?messageID=6371405
I tried the apple script

do shell script "/Library/Application\ Support/VMware\ Fusion/boot.sh --restart" password "pass" with administrator privileges but it returned error: expected "" but found unknown token.

What does it even mean?


Please let me know if you have any ideas. My mac is currently 10.6.3.

Tim

Message was edited by: ttback

iMac, Mac OS X (10.6.3)

Posted on Sep 7, 2010 1:05 AM

Reply
13 replies
User profile for user: Tony T1
Tony T1
User level: Level 6
10,232 points

Sep 7, 2010 7:23 AM in response to ttback

If you don't mind having the user enter the password in a Terminal Window (which will exit after the process completes, but remain open), the following Automator Action will do what you want:

In Automator, Drag Library->Utilities->Run Applescript to the right pane and enter the following:


<pre style="
font-family: Monaco, 'Courier New', Courier, monospace;
font-size: 10px;
font-weight: normal;
margin: 0px;
padding: 5px;
border: 1px solid #000000;
width: 720px;
color: #000000;
background-color: #E6E6EE;
overflow: auto;">
on run
tell application "System Events" to set TerminalIsRunning to (exists process "Terminal")
if TerminalIsRunning then
tell application "Terminal"
activate
do script "sudo /usr/bin/python setup.py install" & space & " ; exit;"
end tell
else
tell application "Terminal"
activate
do script "sudo /usr/bin/python setup.py install" & space & " ; exit;" in front window
end tell
end if
end run</pre>
Reply
User profile for user: ttback
ttback Author
User level: Level 1
4 points

Sep 7, 2010 9:18 AM in response to ttback

Thanks for all the help.

I tried
do shell script "sudo python setup.py install" with administrator privileges
and the terminal code, both work pretty well.

I have one noob question though. Before I was trying to do like this post http://aricsblog.blogspot.com/2006/09/running-shell-commands-with-automator.html
(Didn't get his code working btw)

But now it seems like that I don't have to make it so complicated.

Is there a way in AppleScript to cd to the path of the folder of the script file? Before I execute the sudo?

I tried display dialog ("The path to me is : " & return & (path to me)) but don't know how to incorporate it into the shell command.

Message was edited by: ttback
Reply
User profile for user: etresoft
etresoft
User level: Level 8
46,098 points

Sep 7, 2010 9:19 AM in response to ttback

ttback wrote:
I have one noob question though. Before I was trying to do like this post http://aricsblog.blogspot.com/2006/09/running-shell-commands-with-automator.html
(Didn't get his code working btw)

But now it seems like that I don't have to make it so complicated.


That blog post is also 4 years old.

Is there a way in AppleScript to cd to the current location of the script file? Before I execute the sudo?


Do you need that? It is better to never rely on the current directory. You can try something like this: 

set myPath to POSIX path of (path to me as string)
do shell script "cd " & myPath & "; sudo /path/to/script" with administrator privileges


I think you will continue to need the path to the script, even if you are in that directory, because of the way sudo works.
Reply
User profile for user: etresoft
etresoft
User level: Level 8
46,098 points

Sep 7, 2010 9:51 AM in response to Hiroto

Hiroto wrote:
As noted in the following tech note, you should NOT use sudo in do shell script.
http://developer.apple.com/mac/library/technotes/tn2002/tn2065.html


That document says:
Note: Using sudo(8) with with administrator privileges is generally unnecessary and creates security holes; simply remove the "sudo".

and
Mac OS X 10.4.2 sets both the real and effective user ids; the workaround described here will be unnecessary, but harmless.


However, my shell script echome: 

#!/bin/sh
echo $USER me!


when run with: 

do shell script "sudo /tmp/echome" with administrator privileges

prints
"root me!"


but: 

do shell script "/tmp/echome" with administrator privileges

prints
"jdaniel me!"


When I add the "id" command, my effective user id seems to be root. Without "sudo", you keep your current shell and all of its environment. Adding "sudo" will create a shell for root. In a perfect world, it shouldn't matter, but Python scripts probably don't qualify as a perfect world.

Leave off sudo, unless you need it.
Reply
User profile for user: Hiroto
Hiroto
User level: Level 5
7,461 points

Sep 7, 2010 11:21 AM in response to etresoft

Hmm.
Then it appears they have changed the behaviour of 'with administrator privileges' again and have not updated the document. Sigh.

Anyway, 'security holes' are serious words and they are said to be created when sudo(8) is used with 'do shell script', which concerns me. I don't know what kind of 'holes' are created, though.

Now if the 'with administaror privileges' option sets only the effective user id to 0, are we supposed to use such device as '$< = $>; system(@ARGV)' in Perl for the task requiring real user id as 0 to avoid those 'security holes' in 'do shell script' ??

Or those 'security holes' are rather 'security risks' in the same sence as 'at your own risk' and we are supposed to use sudo(8) with 'do shell script" at our own risk ???

I really wonder which.

Scratching my head...
H
Reply
User profile for user: ttback
ttback Author
User level: Level 1
4 points

Sep 7, 2010 11:30 AM in response to Hiroto

I think they meant that you can do whatever you want after you get sudo working for you and you should be very careful when you're still debugging your code. You can mess up things in your system without knowing it, and that could be enough "security risk".
i.e You might turn wrong things on, get weird crashes, weird error in the app you launch.
They probably just want you to be extra careful and do not mess up your OS so you have to reinstall your system for an Applescript.

Without using sudo, I already experienced some weird bug with my app when I do Run shell script instead of Applescript. It turned out that somehow the script not only requires sudo but also needs to be ran from Terminal. So for unknown reasons, I have to use Applescript to tell Terminal to run the Launch commands instead of using Run Shell script. Reasons are unknown but I have to stay pragmatic about it and focus on what works.

I had experience making the terminal completely not usable after a bad script run as well.(also without using sudo)

Message was edited by: ttback
Reply
User profile for user: etresoft
etresoft
User level: Level 8
46,098 points

Sep 7, 2010 12:20 PM in response to Hiroto

I think that document is still correct. The only issue I can see is with the environment. Adding "with administrator privileges" just changes the real and effective user id. It does not update any environment settings. USER is still the old USER. The "sudo" command gives you a new environment as root.

I have no idea about the security risks. Perhaps the risks aren't necessarily with the combination of those two operations, but rather with running them through an opaque system such as an AppleScript which could be vulnerable to modification. But don't quote me on that.
Reply

How to run sudo commands in Automator?

Welcome to Apple Support Community
A forum where Apple customers help each other with their products. Get started with your Apple ID.
Learn more Sign up