Last active
June 8, 2023 22:27
-
-
Save dardo82/433e6b7930c01cadfac0a772a27aae9f to your computer and use it in GitHub Desktop.
OSX sudo helper
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/sh | |
| BIN="/usr/local/bin/askpass"; touch $BIN; chmod 755 $BIN | |
| security add-generic-password -a $USER -s login -T "" -w | |
| echo "#!/bin/sh\\nsecurity find-generic-password -a $USER -s login -w" > $BIN | |
| echo "\\n# Set sudo helper.\\nexport SUDO_ASKPASS=$BIN" >> ~/.${SHELL##/*/}rc |
Have you tried following the @gingerbeardman guide?
In short you should use sudo -A instead of just sudo.
Yes, that right. I am using sudo -A only. The issue is that security add-generic-password doesn't support a UI, i guess. So it's not useful for me because I don't want the user to execute mac-askpass.sh through terminal. I actually see another option in security to bypass sudo which is security execute-with-privileges. Have you worked with this option? Not much doc is mentioned on the man page related to what sort of privilege escalation does it provide? Some pointers to documentation?
Have you tried searching on Google as I would do? 🧑💻
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
So, the use case I am dealing with is like this: I am making an app where some scripts require sudo privilege. I want my askpass helper program to be complete such that if the user's password is not already stored in a keychain, then I want to popup the UI to add the new password into the keychain and then further query it. But the code
security add-generic-password -a $USER -s login -T "" -wdoesn't popup a GUI. So the script is stuck...