Re: sudoing into root
Re: sudoing into root
- Subject: Re: sudoing into root
- From: Axel Luttgens <email@hidden>
- Date: Sun, 23 May 2004 12:00:37 +0200
Gnarlodious wrote:
I can do this in Terminal:
sudo -s
gzip -r /System/Library/StartupItems/mDNSResponder >
/System/Library/StartupItems/mDNSResponder.gz
Can you?
But I can't do it in Applescript:
do shell script "sudo -s" with administrator privileges
do shell script "gzip -r /System/Library/StartupItems/mDNSResponder >
mDNSResponder.gz"
-- > /bin/bash: line 1: password: command not found
Ken already replied about the potential dangers of directly messing with
system directories (brrr... how do you dare ;-) ) as well as about the
fact that each 'do shell script' command in fact launches a new shell.
Just to be somewhat more precise about the latter.
In the terminal, your 'sudo -s' command lauches a new shell, and every
subsequent commands will be launched within that shell or as children of
that shell (until you enter the 'exit' command).
On the other hand, from AppleScript, the 'do shell script "sudo -s"'
command launches a new shell, but this one is immediately quit as soon
as the command is terminated; so, a subsequent 'do shell script' won't
(shouldn't -- see below) inherit any privileges from a previous 'do
shell script'.
Now, the question is: why would you need to use 'sudo', as the 'with
administrator privileges' part should already provide you with the
needed authorizations?
Using a less dangerous example than yours ( ;-) ), this may be
illustrated by:
do shell script "ls /"
--> a listing without the dot-starting file names
do shell script "ls /" with administrator privileges
--> a listing with the dot-starting file names
Do you have a precise application that would really need 'sudo'?
What am I doing wrong?
Well, there could also be something slightly wrong with the 'do shell
script' command implementation.
Try this after having waited sufficiently long enough (about 5 min?
don't remember exactly the defaults for the duration of a sudo
authorization):
do shell script "sudo -s " with administrator privileges
--> first run: prompt for the password, and no error
--> second run: prompt for the password, then "/bin/bash: line 1:
mypass: command not found"
It is clear that on the second run, the password gets passed 'as is' to
the shell and is interpreted as a command to be executed.
OK.
Then try this:
do shell script "sudo -k"
do shell script "sudo -s" with administrator privileges
--> any run: prompt for the password, and no error
By performing the 'sudo -k', one explicitely asks to reset the sudo
auths; so, the password requested by the subsequent 'with administrator
privileges', and which somehow seems to be passed to the shell too, is
used as a password for the 'sudo' command, and not as a command by itself.
Would be interesting to know how exactly the 'do shell script ... with
administrator privileges' is implemented, and what are its relationships
with authorization services and sudo.
HTH,
Axel
_______________________________________________
applescript-users mailing list | email@hidden
Help/Unsubscribe/Archives:
http://www.lists.apple.com/mailman/listinfo/applescript-users
Do not post admin requests to the list. They will be ignored.