Jump to content
jeffsui

Correct use of sudo in a bash script on Mojave

Recommended Posts

I've just upgraded to OSX Mojave and a brand new MacBook (at work).  I have a workflow that enables and disables various proxy settings via some bash commands.  The old scrip that was called in the workflow is: 

 

sudo networksetup -setwebproxystate  Wi-Fi on
sudo networksetup -setsecurewebproxystate  Wi-Fi on
sudo networksetup -setautoproxystate Wi-Fi On
sudo networksetup -setautoproxyurl Wi-Fi {query}

sudo networksetup -setsecurewebproxy Wi-Fi $proxy_server 80
sudo networksetup -setwebproxy Wi-Fi $proxy_server 80

 

Suddenly inside Mojave I'm now getting this error:

 

Quote

[2019-02-06 12:04:08][ERROR: action.script] sudo: no tty present and no askpass program specified

 

I've switched my code over to this which now prompts me for a password every time (which is fine with Touch ID) 

do shell script "sudo networksetup -setwebproxystate  Wi-Fi on
sudo networksetup -setsecurewebproxystate  Wi-Fi on
sudo networksetup -setautoproxystate Wi-Fi On
sudo networksetup -setautoproxyurl Wi-Fi {query}
sudo networksetup -setsecurewebproxy Wi-Fi $proxy_server 80
sudo networksetup -setwebproxy Wi-Fi $proxy_server 80
" with administrator privileges

But where I'm confused is as to whether this is a new behavior in Mojave I enabled password-less sudo in the past.  If I remember on my old Mac when I ran this workflow the first time I got a password prompt from keychain that asked if I wanted to always allow.

 

Any ideas the correct way to setup this up so it will continue to do so on Mojave land.  I'd rather not have to do finger stuff every time I make a change.

 

Thanks.

 

 

Share this post


Link to post
3 hours ago, jeffsui said:

But where I'm confused is as to whether this is a new behavior in Mojave

 

It’s not. It’s standard behaviour that also occurred in previous versions.

 

4 hours ago, jeffsui said:

I enabled password-less sudo in the past

 

Perhaps you have used this method? Or maybe you had setup an askpass method to deal with it.

 

I do not recommend you setup a method to bypass asking for a password when using sudo.

 

With that warning out of the way, it’s your machine, so you should be free to do what you want.

 

One method is to put at the top of your script sudo --stdin --validate <<< '{{password_here}}'. If you want to save to / read from the Keychain, here’re examples on how to save and delete password:

security add-generic-password -a "${USER}" -s {{name_to_save_under}} -w {{password_here}}

security find-generic-password -s {{named_saved_under}} -w

security delete-generic-password -s {{name_saved_under}}

 

Share this post


Link to post

There's also AppleScript's do shell script "/bin/bash -c echo 'yay'!" with administrator privileges, which will pop up a native password dialog.

Share this post


Link to post

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
×