How to run a program as root without "sudo"?

10

1

I have a certain binary program on OS X that can only be run as root.

I'm tired of prepending sudo each time I invoke it and typing the password, and would like it to automatically run as root when I invoke it regularly, without asking for a password.

The program's owner is root and its group is wheel.

I tried chmod ug+s to set the userid and groupid upon execution to root/wheel, but when I run the program without sudo it still complains that it can only run with sudo or as root.

UrEl

Posted 2011-05-31T09:35:25.363

Reputation: 771

What did you chmod on? The actual program is buried in the package/app. For example, here's where you would find Disk Utility: /Applications/Utilities/Disk Utility.app/Contents/MacOS/Disk Utility. – jww – 2015-10-02T23:02:21.183

Can it be run at a particular time or when some event occurs? – user151019 – 2011-05-31T12:22:55.180

9Old time unix gurus would suggest that invoking a root-only operation by hand on a regular basis means you're doing it wrong. Is this something that can be automated? Or run as a daemon? More detail might bring suggests for solutions of a different kind. – dmckee --- ex-moderator kitten – 2011-05-31T12:41:32.147

Is the program actually owned by root? Setuid/gid will use user/group of the file. – Daniel Beck – 2011-05-31T13:29:15.213

2… where "more detail" also includes such things as whether this program's binary is on a NFS mounted volume and whether you use the nosuid mount option … in addition to why you must regularly run a program as the superuser. – JdeBP – 2011-05-31T13:29:41.367

@dmckee a lot of mac users run server software on their workstation and it's often setup to require root for things that really shouldn't need it... but reconfiguring a LAMP stack to run without root is a pain in the ass. On the other hand, restarting apache 20 times a day and typing sudo each time is also a pain in the ass. This is a simple solution. – Abhi Beckert – 2012-11-09T01:06:33.677

Answers

2

Are you sure that the program you are trying to execute is actually a binary, and not a shell script. Most shells ignore suid scripts because they are really, really hard to do safely. An easy way to check is to use the file command on the program.

KeithB

Posted 2011-05-31T09:35:25.363

Reputation: 8 506

17

A half solution to your problem:

in the sudoers file, add the following:

username ALL= NOPASSWD: /path/to/command

Then from the command line, you can type:

sudo command

and it will run the command without asking for your password. This command will run as root.

Note, you will need to replace username with you actual username.

Walter

Posted 2011-05-31T09:35:25.363

Reputation: 446

FYI, to solve the other half (not having to type sudo command) create a shell alias that includes sudo in the command (like surm = sudo rm "$@") – Walter – 2017-11-07T22:09:29.187

Astonished to find the best answer at the bottom. Thank you! – CDR – 2012-07-11T14:23:41.323

4

If you really can't invoke it as a daemon for whatever reason (this question would be relevant in that instance), this method can be hacked together, but it's pretty dirty, and not secure at all.

The concept is to launch it with an AppleScript. You'll first need to know how to invoke the process from the command line (which if you're already using sudo, means you must be all set). You'll launch that process using the do shell script command, and instead of using sudo you'll write your credentials into the AppleScript:

do shell script "/path/to/your/executable/here" user name "me" password "mypassword" with administrator privileges

I reiterate the part about this being insecure: THIS MEANS YOUR ADMIN CREDS WILL BE STORED IN PLAIN TEXT. If at all possible, you should find some way to background this as a LaunchDaemon.

NReilingh

Posted 2011-05-31T09:35:25.363

Reputation: 5 539

A way to "Runas" for your mac :) Thanks – Vlueboy – 2011-06-02T04:15:52.490

2

ON OSX suppose the program you have is locate in /usr/local/bin/YourProgramName ... To solve this issue the following command, To change the User Id/Group ID for file hierarchies rooted in the files instead of just the files themselves.

sudo chown -R $(whoami) /usr/local/bin/

... then in Terminal invoke your programName, $YourProgramName

abdimuna

Posted 2011-05-31T09:35:25.363

Reputation: 21

My problem was the installed programs were installed without proper permissions, so I ran this on the directories of those programs and now they run fine w/o sudo. Thanks! – atwixtor – 2016-03-24T17:20:54.037

0

You can do 

sudo tcsh

which will put you in a root shell.

DTest

Posted 2011-05-31T09:35:25.363

Reputation: 245

0

looks like the program itself checks if is running with ID=0

jet

Posted 2011-05-31T09:35:25.363

Reputation: 2 675

1… which of course it will be if it is set-UID superuser (leaving the concerns expressed above aside). What you're probably trying to say is that the program is checking for real UID 0 rather than just effective UID 0. – JdeBP – 2011-05-31T13:32:41.567

-1

You could sudo chown YOUR-USERNAME-HERE BINARY-NAME-HERE.

Still, I totally agree with dmckee's comment.

dag729

Posted 2011-05-31T09:35:25.363

Reputation: 1 894

How would this help anything?⁠ – Scott – 2017-08-28T21:30:27.047

Asked: 2011-05-31T09:35:25.363

Viewed: 28 885 times

Active: 2012-10-26T08:54:58.873