ControlPlane
ControlPlane copied to clipboard
dustinrue
shell script action with administrator privileges
I have a few Control Plane actions that require sudo shell commands. I would like the option to run these with administer privileges (either with or w/out password prompt). The current workaround is to put it in an applescript "do shell script" wrapper.
Hi, I'm hooking this issue because I'm trying exactly the same thing but it does not work (yet). I'm running the latest ControlPlane.app on latest Mavericks and I'm trying to start and stop nfsd when I'm entering or leaving home. Since I didn't want to enter any password I gave admin users permission to run nfsd without password:
$ cat /etc/sudoers | grep NOPASSWD
%admin ALL=(ALL) NOPASSWD: /sbin/nfsd
Which works very well when the command is executed from command line. Since I knew that parameters have to be separated with pipes in the ShellScriptAction I tried the following command:
/usr/bin/sudo|/sbin/nfsd|stop
and:
/usr/bin/sudo|/sbin/nfsd|start
respectively. But it does not run properly. This is the feedback from the ControlPlane.app log window.
07:34:53.817 __56-[ShellScriptAction launchTaskWithLaunchPath:arguments:]_block_invoke
Failed to execute '/usr/bin/sudo|/sbin/nfsd|start' (script terminated with a non-zero status '126')
The exit code 126 suggests a permission problem. This all leads me to the question under which user are shell scripts executed? I can't find anything here or in the Google Group. I hope this is the last piece of the puzzle.
Thank you, 73
I have the same requirement, and it took me a while to understand how to use applescript workaround (as suggested by @swiftster). UPDATE: This is now a working example to link to / copy & paste into docs
Let's say, you would like to create a script to change DNS servers when arriving to work/home, to the network's gateway as first, followed by google as fallback.
First create an applescript that accepts command line arguments, and sets the DNS popping a password prompt when required.
# ~/bin/change_dns.scpt
on run first_dns
set cmd to "networksetup -setdnsservers Wi-Fi " & first_dns & " 8.8.8.8 8.8.4.4"
do shell script cmd with administrator privileges
end run
Now, since ControlPanel requires the script to be executable with /bin/sh, add a shell script to execute the above script with given arguments.
# ~/bin/change-dns-via-applescript
osascript ~/bin/change_dns.scpt $@
And now, configure the script parameter of your ControlPanel action to:
/Users/user/bin/change-dns-via-applescript|192.168.2.253
Notice, that we are delimiting our script /Users/user/bin/change-dns-via-applescript and it's argument 192.168.2.253 with a pipe symbol ("|") and NOT spaces.
And there you go, you can now execute a script with elevated permissions.
"Value 127 is returned by your shell /bin/bash when any given command within your bash script or on bash command line is not found in any of the paths defined by PATH system environment variable.”
Make sure you have explicitly set your path or you include the full path to all commands being run. This should help.
@dustinrue you're right! Setting /Users/big/bin/change-dns-via-applescript as the parameter alone works.
EDIT: Ah! Arguments are delimited by pipe! How odd. Now I understand what @73 meant by that. I updated my example above to the working example.
I managed to get @73's version working (on Sierra with CP 1.6.6). I used a wrapper script that I call from Controlplane. That file startNfsd.sh contains the sudo command: /usr/bin/sudo /sbin/nfsd start
For some reason ControlPlane fails to call sudo directly.
As far as sudoers go, it is enough to only keep nfsd in the sudoers file. The wrapper script can still run unprivileged.
