FW: Run an application as another user not root
FW: Run an application as another user not root
- Subject: FW: Run an application as another user not root
- From: "Bryan S. Lee" <email@hidden>
- Date: Wed, 04 Jun 2008 23:25:03 -0400
- Thread-topic: Run an application as another user not root
I never could get it to work by calling su or sudo but finally, after too
many hours of tinkering, found a way to get this setup to fly.
I ended up having the PackageMaker3 installer to run this particular
component and not require admin authentication, which in turn runs all the
scripts as the local user instead of root and engage the applescript app
which will do the wireless setup. However, there were several steps that
require root access (turning on assistive devices, importing the certificate
into the keychain, etc.), so I called those with do shell script commands
with administrator privileges true.
As part of my script, I was already having the user enter their password so
that the applescript could automatically get through several authentication
dialogs and I was already pulling their username with do shell script ³echo
$USER². So I had the pieces of the puzzle to put into the applescript.
Also realized that I was creating a second problem after trying to get
around the run as user instead of root problem. There¹s an oddity to putting
the certificate into the keychain and setting the trust values before you
connect to a WPA2 wireless network on 10.5.3 (and maybe others). The
keychain item that contains the username and password for the wireless
network will not be created and stored in the login.keychain. Order
apparently matters. Once I scripted the settings into the network/System
Preferences and THEN put in the certificate and trust settings and THEN
activated the wireless, and only then would it work.
Now noticing an oddity with changing your password and it not sticking or
loading into the keychain but instead displaying the 802.1X authentication
dialog.
On to the next problem.
For anyone possibly interested in using an automated method for setting up a
WEP and/or WPA/WPA2 wireless network, I¹ll include the applescript here. I¹m
running this inside of a larger installer as a separate choice (dumping the
contents to /tmp and running from there), but it could be run as a local
user or tech as long as they have an admin account (we¹re going to be using
this primarily with students). All that¹s needed is this applescript and the
WPA wireless certificate, in my case, converted from .CER to .PEM. I also
added some BigHonkingText displays to remind people *no touchy touchy*
especially since there are several 5 second pauses at dialog boxes that I
can¹t explain. If you make any use of this, let me know so that I can a
least feel like some of the time I (and my helper) invested was worth
something. Oh, and it only works on Leopard, didn't bother trying to get it
to work on Tiger.
I wish I could have accomplished this in a command-line method, but hit
major brickwalls with getting the certificate trust settings to stick, but
at least this works. Still wish I could lock the keyboard and mouse/trackpad
to ward off evil spirits.
set CertName to "name_of_your_certificate"
set WPANameString to "yourWPAnetwork"
set WEPNameString to "yourWEPnetwork"
set WEPPassString to "yourWEPpassword"
set ClearClipboardString to "any bit of text to clear the clipboard"
set theUser to (do shell script "echo $USER")
-- this creates an entry in the system keychain, sets up the wireless
connections and sets up permissions on the certificate
try
tell current application
activate
set acctBox to display dialog "Wireless Connection Setup:
Please enter your wireless USERNAME
(Ex. email@hidden)" default answer "" buttons {"Cancel", "OK"}
default button 2
set myAcct to the text returned of acctBox
set myButton to the button returned of acctBox
if myButton is "OK" then
if myAcct is not "" then
set myPass to display dialog "Please enter your wireless
password:" default answer "" buttons {"Cancel", "OK"} default button 2 with
hidden answer
if myPass is not "" then
set myMacPassDialog to display dialog "Please enter your
Mac/Apple password. (This is the password you used to start the installer)"
default answer "" buttons {"Cancel", "OK"} default button 2 with hidden
answer
set myMacPass to the text returned of myMacPassDialog
else
RestartRoutine()
end if
else
RestartRoutine()
end if
else
RestartRoutine()
end if
if myAcct contains "@" then
set myAcct to text 1 through ((offset of "@" in myAcct) - 1) of
myAcct
end if
set acctBox to display dialog "Click OK to install then please DO
NOT TOUCH the keyboard or mouse/trackpad until wireless setup is complete!"
buttons {"Cancel", "OK"} default button 2
set myButton to the button returned of acctBox
if myButton is "Cancel" then
quit
end if
end tell
-- MUST Turn off wireless
do shell script "networksetup -setairportpower off" user name theUser
password myMacPass with administrator privileges
-- MUST Turn on Assistive Devices for script to run properly
do shell script "sudo touch /private/var/db/.AccessibilityAPIEnabled"
user name theUser password myMacPass with administrator privileges
tell application "System Preferences"
activate
set the current pane to pane id "com.apple.preference.network"
get the name of every anchor of pane id
"com.apple.preference.network"
reveal anchor "Advanced Airport" of pane id
"com.apple.preference.network"
tell application "System Events"
tell application process "System Preferences"
-- Setup WPA2 network
do shell script "/tmp/yourfolder/BigHonkingText -M -p 2 -b
orange \" Please DO NOT TOUCH, be patient. \""
click button 1 of group 1 of tab group 1 of sheet 1 of
window "Network"
set the clipboard to WPANameString
click text field 1 of group 1 of window 1
keystroke "v" using {command down}
click pop up button 1 of window 1
click menu item "WPA2 Enterprise" of menu 1 of pop up button
1 of window 1
delay 1
click pop up button 2 of window 1
click menu item "Automatic" of menu 1 of pop up button 2 of
window 1
delay 1
set the clipboard to myAcct
click text field 1 of window 1
keystroke "v" using {command down}
delay 1
set the clipboard to myPass
keystroke tab
keystroke "v" using {command down}
delay 1
click button "Add" of window 1
-- Setup WEP network
do shell script "/tmp/yourfolder/BigHonkingText -M -p 2 -b
orange \" Please DO NOT TOUCH, be patient. \""
click button 1 of group 1 of tab group 1 of sheet 1 of
window "Network"
set the clipboard to WEPNameString
click text field 1 of group 1 of window 1
keystroke "v" using {command down}
click pop up button 1 of window 1
click menu item "WEP Password" of menu 1 of pop up button 1
of window 1
set the clipboard to WEPPassString
keystroke "v" using {command down}
delay 1
click button "Add" of window 1
click button "OK" of sheet 1 of window "Network"
keystroke myMacPass
keystroke return
set the clipboard to ClearClipboardString
delay 2
click button "Apply" of window "Network"
end tell
end tell
end tell
-- Add the certificate to the keychain
do shell script "certtool i
/path/to/your/certificate/tigernet.clemson.edu.pem
k=/Users/$USER/Library/Keychains/login.keychain" user name theUser password
myMacPass with administrator privileges
-- Setup permissions on the certificate
tell application "Keychain Access"
activate
tell application "System Events"
tell application process "Keychain Access"
delay 2
keystroke CertName
keystroke tab
keystroke tab
keystroke tab
keystroke "i" using {command down}
delay 1
click checkbox 1 of scroll area of window
"name.of.your.certificate"
delay 1
click pop up button 4 of scroll area of window
"name.of.your.certificate"
keystroke "a"
keystroke return
delay 0.5
click pop up button 10 of scroll area of window "
name.of.your.certificate"
keystroke "a"
keystroke return
delay 0.5
do shell script "/tmp/yourfolder/BigHonkingText -M -p 2 -b
orange \" Please DO NOT TOUCH, be patient. \""
click button 1 of window "name.of.your.certificate"
keystroke myMacPass
keystroke return
delay 1
tell application "Keychain Access" to quit
end tell
end tell
end tell
-- Connect to wireless
do shell script "networksetup -setairportpower on"
delay 1
tell application "System Preferences" to quit
display dialog "Wireless Setup Is Complete! Please click the 'OK'
button." buttons {"OK"} default button 1
on error
display dialog "Wireless setup failed! Please call Jenny at 867-5309 for
more help."
end try
--
Bryan S. Lee
Information Resource Consultant II
Computer Support Services
Clemson Computing and Information Technology
Clemson University
email@hidden
ACHDS 10.4, MCP NTS/NTW
------ Forwarded Message
From: henri <email@hidden>
Date: Wed, 4 Jun 2008 18:34:39 -0400
Subject: Re: Run an application as another user not root
I have seen problems using 'su' command when combined with the '-c'
option on Mac OS 10.5.x. I have only had problems with 'su'
itermittently and only when using 'su' in a login script.
I would recommend the use of 'sudo' over 'su' for Mac OS 10.5 and
greater. Moving to 'sudo' certainly fixed the issues which I was
experiencing with a login hook.
Hope this helps.
Kind regards,
Henri
On 4/06/2008, at 8:29 AM, Bryan S. Lee wrote:
> I'm wrestling with having an Applescript App engage by a postscript in
> PackageMaker 3. It will run fine except that it is running as root
> (due to
> being started by the installer script) and there are certain steps
> in the
> process that deal with Keychains and System Preferences (attempting to
> automatically setup multiple wireless connections) that require it
> be run as
> the current user.
>
> I've tried a couple of things and either can't get it to work
> correctly or
> only partially work (which is more confusing).
>
> I've tried running my script as all of the following:
>
> open /tmp/fakename/fakename/setupwireless.app (runs as root as far
> as I can
> tell and won't show the login.keychain in Keychain access)
>
> su ${USER} -c /tmp/fakename/fakename/setupwireless.app (again, runs
> as root)
>
> osascript -e "do shell script \"open
> /tmp/fakename/fakename/setupwireless.app\" administrator privileges
> true"
> (works for showing the correct login.keychain in Keychain access,
> but won't
> actually put the password keychain item for the wireless setup,
> created by
> sys prefs into the correct keychain for the local user)
>
> su ${USER} -c osascript -e "do shell script \"open
> /tmp/clemson/cuwireless/setup_cu_wireless.app\" administrator
> privileges
> true" (get an interesting error about not being able to get to the
> keychain
> and wants to reset to defaults)
>
> Any ideas or other methods to try and run this particular app as the
> user
> rather than root would be appreciated.
>
> --
> Bryan S. Lee
> Information Resource Consultant II
> Computer Support Services
> Clemson Computing and Information Technology
> Clemson University
> 864-656-3716
> email@hidden
>
> ACHDS 10.4, MCP NTS/NTW
>
>
> _______________________________________________
> Do not post admin requests to the list. They will be ignored.
> Installer-dev mailing list (email@hidden)
> Help/Unsubscribe/Update your Subscription:
> @stmargarets.school.nz
>
> This email sent to email@hidden
------ End of Forwarded Message
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Installer-dev mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden