Mac sudo authorization help
-
I think you are following the wrong approach. You should not mind on how does Mac to manage its system strategies: you should thing on how your interface can send and receive parameters, error conditions and results.
You should read the docuemntation of the linux commands, i.e. login
then see that are the command parameters and what are the return code.In linux commands usually there are "verbose" modes that explain errors, warnings etc. useful when you use the commands from the terminal. but when you need to use them from a GUI you should pass parameters that returns e.g. error codes only.
As a matter of fact you can "graphicize" almost any linux command with a GUI only managing them. It will be good if you can post the logic of your application and what you want exactly do. So we can be clear with some example.
-
Also I got a solution in the form of "Cocoasudo":http://www.performantdesign.com/2009/10/26/cocoasudo-a-graphical-cocoa-based-alternative-to-sudo/ which is a GUI based sudo.
But as soon as I run apache with cocoasudo it prompts the user for password every time.
Is there any way to set the timeout in Cocoasudo atleast for 15 mins, so till next 15mins it wont ask the user for password again. -
Sorry but to give you a decent answer you should be aware that I need to know at least what are you doing ...
-
From my application I want to start apache but apache starts with sudo only as it is using port 80.
But sudo requires password that is why I am thinking to use Cocoasudo but it asks for password everytime I start or stop apache. For this reason I want to set the time out of 15 mins in Cocoasudo same like in normal sudo, so after every 15mins when the apache is being started or stopped the user will be prompted for the password.
And also my application requires that apache should always start on port 80. -
Yep
It is clear nowFirst ifnore cocasudo. To start apache I think that you should do something like the following:
@
$cd /etc/apache2
$sudo
insert password:
$./apache2
@
At this point you should know that sudo has more options and try to create a small shell script like the following naming it apachestarter.sh
@
#!/bin/bash
NUMPARMS=1 # Minimum required parametersget the current user userId
ACTUALUSER=$(whoami)
check for parms
if [ $# -lt "$NUMPARMS" ]
then
echo
echo "Apache starter"
echo
echo "usage: ./apachestarter.sh <password for user $ACTUALUSER>"
echo "password omitted, so insert manually"
read PASSWORD
else
# read password argument
PASSWORD=$1
fiThe following command will run apache with the sudo password without asking nothing
echo $PASSWORD | sudo -S /etc/apache2/apache2
@
Then save this file in the user home folder or somewhere in the user area. Then remember to change the privileges of this command to be executable, i.e.
@
$sudo chmod +x apachestarter.sh
@
[Edit: the previous line has been changed as it is now for a correct and secure operation. See the following posts to understand the reasons]
At this point you can launch your command (that will be part of the package, installed in the installation folder etc.) directly from inside your GUI calling him with the password set by the user. -
Just for the nitpicking records: Mac OS X is BSD/Darwin based, not Linux. It uses a couple of GNU software though :-)
Now for something serious:
Setting a file to mode 777 is a bad idea. Do not do that unless you are in need of everyone on the system changing the file's contents! -
Hi Volker, I was just waiting you at this party :D
[quote author="Volker" date="1316174529"]Just for the nitpicking records: Mac OS X is BSD/Darwin based, not Linux. It uses a couple of GNU software though :-)
Now for something serious:
Setting a file to mode 777 is a bad idea. Do not do that unless you are in need of everyone on the system changing the file's contents![/quote]It is all true, but what I wrote was only an exmple based on my memory and not the command to be created. I think that it can give idea of the concept.
Then +x or 666 instead of 777 maybe a good idea. But this was and example. The concept is: create a shell program then call it from the GUI and redirect the errio or console to the GUI and see what is the return code then act consequently.
Just to be precise: sure, Mac OSX is BSD and it is not a linux just like the debian based distributions (Meego, Harmattan, Ubuntu, Debian itself), gentoo, RedHat and many more including those like OpenWRT and Ltib especially dedicated to the embedded Linux platforms?
Cheers.
-
Corrected the post with the example and added a short not. So the problem is solved :)
-
After running the script that you provided I got an error.
"-bash: ./apachestarter.sh: /bin/bash^M: bad interpreter : No such file or directory".
What is the solution for this?
-
@Volker: are you sure? I exchange continuously files between mac and ubuntu and windows 7 too but the conversions is automatic. It is possible the the folder example that I have suggested can't be applied to the Mac folder structure. I have no idea where apache started is located in the Mac. But I think that Ketan should know.
If the error is what you mean (I suspect too because of this ^M ...) it is strange that happens. Why ?
-
@alicemirror
It heavily depends on the editor and it's settings. The rest is guessing from the crystal ball. You're right, my guess comes from the ^M - I stumbled over that myself already. -
@volker
Me too, that character worried me too. But I use Mac dayly and just when I open a windows file that for sure has a different coding for the line termination the message that I receive is a fast msgBox "converting to line termination characters" etc. then it disappear. So think we can exclude that the problem is it. I know that the Linux of Mac is different from the Linux of debian in the management of /etc/launcher shell commands. Not only, there are different apache versions. My example was regarding the apache 2 on pure debian machine (always used on servers, not on desktop machines) ... -
Thanks Alicemirror and Volker, finally the script executed successfully. As Volker told to change the file to Unix line endings. I did that by removing /r from the file and after that the script executed.
Thanks a lot once again.
-
Well, the important is that this was the correct way.
-
Just a question [O.T.] what method have used to launch the call from inside Qt ? Please can you see few lines of code?
Thank you
-
Sorry, can you please elaborate what you are exactly asking.
-
You have created the shell command that is called in some conditions from inside your QT GUI, as I have understood correctly. Thus what is the code that you have used to launch the shell program from inside the application ?
This was my question.
-
Your script worked, but I didnt used it completely in my Qt app.I had used the following code from your script which was very helpful,
@echo $PASSWORD | sudo -S /Application/apps/apache/bin/httpd@
Actually what I have done is I have build a dialog that will ask the current user for its password and I have stored that password in a variable. After that I have verified it by using the following code,
@QProcess *p = new QProcess;
p->start("bash", QStringList()<<"-c"<<"echo $PASSWORD | sudo -S ls /var/db/shadow/ ; echo $?");
p->waitForStarted(1000);
p->waitForFinished(1000);
QString readcode = p->readAll();@if the command is executed successfully it will return 0 or else it will return 1.
So if the password is correct than I have stored it in the PASSWORD variable and after that have started apache with that password.According to you would it be the right procedure to verify the sudo password?