-
-
Save dardo82/433e6b7930c01cadfac0a772a27aae9f to your computer and use it in GitHub Desktop.
#!/bin/sh | |
BIN="/usr/local/bin/askpass"; touch $BIN; chmod 755 $BIN | |
security add-generic-password -a $USER -s login -T "" -w | |
echo "#!/bin/sh\\nsecurity find-generic-password -a $USER -s login -w" > $BIN | |
echo "\\n# Set sudo helper.\\nexport SUDO_ASKPASS=$BIN" >> ~/.${SHELL##/*/}rc |
dardo82
commented
Jul 3, 2019
Q: How do I use this?
A: as follows
- run
mac-askpass.sh
- make sure
export SUDO_ASKPASS...
is in the .bashrc, .zshrc file for the shell you'll be in - run command with
sudo -A
- GUI password prompt will appear, and password will be remembered!
Thanks for this!
You execute it. But why would you?
I figured it out and posted a guide above.
My use case is that I run scripts through a Mac app called Context Menu and some of my scripts require sudo, for various reasons. Whilst plain sudo used to work in Mojave with no problems, in Big Sur I am prompted to setup an "askpass helper". And here we are!
I'm glad to have helped you,thanks for the clarification. 🤓
Hi. The script you have written ( for askpass helper ) looks for a password for account $USER under login keychains and then outputs the password to sudo, right? Is there a way to directly query for password using GUI and supply it to sudo ( not query the keychain ) using security command?
Why? Explain your use case...
So, the use case I am dealing with is like this: I am making an app where some scripts require sudo privilege. I want my askpass helper program to be complete such that if the user's password is not already stored in a keychain, then I want to popup the UI to add the new password into the keychain and then further query it. But the code security add-generic-password -a $USER -s login -T "" -w
doesn't popup a GUI. So the script is stuck...
Have you tried following the @gingerbeardman guide?
In short you should use sudo -A
instead of just sudo
.
Yes, that right. I am using sudo -A
only. The issue is that security add-generic-password doesn't support a UI, i guess. So it's not useful for me because I don't want the user to execute mac-askpass.sh through terminal. I actually see another option in security
to bypass sudo which is security execute-with-privileges
. Have you worked with this option? Not much doc is mentioned on the man page related to what sort of privilege escalation does it provide? Some pointers to documentation?
Have you tried searching on Google as I would do? 🧑💻