Mac sudo authorization help
-
From my application I am starting apache using sudo, but sudo command requires password.
So how can I get this password from user..
is there any sudo GUI that will ask for the password as soon as the user starts apache or is there any other authorization GUI that will ask for the password and set that password for that particular application session. -
Hi Ketah,
I think that this is not a problem of the Qt applicaiton itself but is related to the OS integration. Max Osx is linux so I can suggest that your Qt applicaiton will be able to manage a shell command launch. Tell me if it maybe the solution so I can post you whar piece of bash script / command you need. Then, to obfuscate it you can create the call directly from your application where you save the user password too for sudo.
Don't forget that despite the application installation you need then that the installing user is member of the sudoers too. In Mac I think that it is by default, while on different Linux plaftorms it will be done manually.
-
Yes, it is fine.
If I create a window that will ask the user for password, how can I verify it, whether the user has entered a correct password or not, is there any script or command that can help me to verify the password. By the way MAC is an Unix-based operating system(http://en.wikipedia.org/wiki/Mac_OS_X) -
you can ask with something like QProcess the desred system command, catch the result and the return code (i.e. using the stdio redirection) and manage all from the GUI
-
But how can i verify the password, is there any place where the sudo password are stored.? so that I can check it to verify.
Is there any shell script that will do this verification.? -
I think you are following the wrong approach. You should not mind on how does Mac to manage its system strategies: you should thing on how your interface can send and receive parameters, error conditions and results.
You should read the docuemntation of the linux commands, i.e. login
then see that are the command parameters and what are the return code.In linux commands usually there are "verbose" modes that explain errors, warnings etc. useful when you use the commands from the terminal. but when you need to use them from a GUI you should pass parameters that returns e.g. error codes only.
As a matter of fact you can "graphicize" almost any linux command with a GUI only managing them. It will be good if you can post the logic of your application and what you want exactly do. So we can be clear with some example.
-
Also I got a solution in the form of "Cocoasudo":http://www.performantdesign.com/2009/10/26/cocoasudo-a-graphical-cocoa-based-alternative-to-sudo/ which is a GUI based sudo.
But as soon as I run apache with cocoasudo it prompts the user for password every time.
Is there any way to set the timeout in Cocoasudo atleast for 15 mins, so till next 15mins it wont ask the user for password again. -
Sorry but to give you a decent answer you should be aware that I need to know at least what are you doing ...
-
From my application I want to start apache but apache starts with sudo only as it is using port 80.
But sudo requires password that is why I am thinking to use Cocoasudo but it asks for password everytime I start or stop apache. For this reason I want to set the time out of 15 mins in Cocoasudo same like in normal sudo, so after every 15mins when the apache is being started or stopped the user will be prompted for the password.
And also my application requires that apache should always start on port 80. -
Yep
It is clear nowFirst ifnore cocasudo. To start apache I think that you should do something like the following:
@
$cd /etc/apache2
$sudo
insert password:
$./apache2
@
At this point you should know that sudo has more options and try to create a small shell script like the following naming it apachestarter.sh
@
#!/bin/bash
NUMPARMS=1 # Minimum required parametersget the current user userId
ACTUALUSER=$(whoami)
check for parms
if [ $# -lt "$NUMPARMS" ]
then
echo
echo "Apache starter"
echo
echo "usage: ./apachestarter.sh <password for user $ACTUALUSER>"
echo "password omitted, so insert manually"
read PASSWORD
else
# read password argument
PASSWORD=$1
fiThe following command will run apache with the sudo password without asking nothing
echo $PASSWORD | sudo -S /etc/apache2/apache2
@
Then save this file in the user home folder or somewhere in the user area. Then remember to change the privileges of this command to be executable, i.e.
@
$sudo chmod +x apachestarter.sh
@
[Edit: the previous line has been changed as it is now for a correct and secure operation. See the following posts to understand the reasons]
At this point you can launch your command (that will be part of the package, installed in the installation folder etc.) directly from inside your GUI calling him with the password set by the user. -
Just for the nitpicking records: Mac OS X is BSD/Darwin based, not Linux. It uses a couple of GNU software though :-)
Now for something serious:
Setting a file to mode 777 is a bad idea. Do not do that unless you are in need of everyone on the system changing the file's contents! -
Hi Volker, I was just waiting you at this party :D
[quote author="Volker" date="1316174529"]Just for the nitpicking records: Mac OS X is BSD/Darwin based, not Linux. It uses a couple of GNU software though :-)
Now for something serious:
Setting a file to mode 777 is a bad idea. Do not do that unless you are in need of everyone on the system changing the file's contents![/quote]It is all true, but what I wrote was only an exmple based on my memory and not the command to be created. I think that it can give idea of the concept.
Then +x or 666 instead of 777 maybe a good idea. But this was and example. The concept is: create a shell program then call it from the GUI and redirect the errio or console to the GUI and see what is the return code then act consequently.
Just to be precise: sure, Mac OSX is BSD and it is not a linux just like the debian based distributions (Meego, Harmattan, Ubuntu, Debian itself), gentoo, RedHat and many more including those like OpenWRT and Ltib especially dedicated to the embedded Linux platforms?
Cheers.
-
Corrected the post with the example and added a short not. So the problem is solved :)
-
After running the script that you provided I got an error.
"-bash: ./apachestarter.sh: /bin/bash^M: bad interpreter : No such file or directory".
What is the solution for this?
-
@Volker: are you sure? I exchange continuously files between mac and ubuntu and windows 7 too but the conversions is automatic. It is possible the the folder example that I have suggested can't be applied to the Mac folder structure. I have no idea where apache started is located in the Mac. But I think that Ketan should know.
If the error is what you mean (I suspect too because of this ^M ...) it is strange that happens. Why ?
-
@alicemirror
It heavily depends on the editor and it's settings. The rest is guessing from the crystal ball. You're right, my guess comes from the ^M - I stumbled over that myself already. -
@volker
Me too, that character worried me too. But I use Mac dayly and just when I open a windows file that for sure has a different coding for the line termination the message that I receive is a fast msgBox "converting to line termination characters" etc. then it disappear. So think we can exclude that the problem is it. I know that the Linux of Mac is different from the Linux of debian in the management of /etc/launcher shell commands. Not only, there are different apache versions. My example was regarding the apache 2 on pure debian machine (always used on servers, not on desktop machines) ... -
Thanks Alicemirror and Volker, finally the script executed successfully. As Volker told to change the file to Unix line endings. I did that by removing /r from the file and after that the script executed.
Thanks a lot once again.
