Running script with admin permissions on OS X

22.8k views Asked by At

I've tried my best to find out a solution with the many script questions on Stack Overflow and the internet, but I can't seem to find the solution I need.

What I want to do is create a more automated and less clicking solution to remove all the Mobile cached user accounts on a system. I've been logging in and manually going to user accounts and removing the users one at a time by clicking the "-" button, then clicking "Delete Immediately" for the user data. This works, but is time consuming and I have better things to do with my time. So I knew there had to be a way to do this with a script.

I ran across this code:

for cuser in `dscl . -list /Users AuthenticationAuthority | grep LocalCachedUser | awk '{print $1}' | tr '/n' ' '`; do
    dscl . -delete /Users/$cuser
done

If I run this in terminal I get permission errors. So I figured I need to run it with sudo. So I started looking into creating AppleScripts to run the script, but I can't seem to find the right way to do it.

Any ideas? By the way, I'm new to scripting on the Mac, so please comment your code so I know whats happening, and so I don't just run some script code without know what it'll do. :)

Thanks

3

There are 3 answers

4
Chealion On BEST ANSWER

To perform a shell script with sudo or administrator privileges append with administrator privileges to the end of your do shell script line. For example:

do shell script "/path/to/script/file.sh" user name "adminusershortname" password "password" with administrator privileges

You can find more on Apple's technote dealing with do shell script

That said, saving this as a shell script and running the shell script using sudo would work just as well.

#! /bin/sh

for cuser in `/usr/bin/dscl . -list /Users AuthenticationAuthority | grep LocalCachedUser | awk '{print $1}' | tr '/n' ' '`; do
    /usr/bin/dscl . -delete /Users/$cuser
done

Save it as say removeUser.sh, use chmod to set it as executable (chmod 755) and then run it (sudo ./removeUser.sh)

2
hookenz On

I don't have a mac handy so I can't verify if this would work.

Try running su -

Then running your script. If that works, try crontab -e

and adding an entry to run that script of yours.

Are you familiar with crontab? well if not google it if need be. But basically to run it every day at midnight you'd have something like 0 * * * * /path/to/script

See: http://en.wikipedia.org/wiki/Cron

0
Jesse L On

You can do this by editing your system's sudoers file. This will allow the account you use to run this script (via cron, etc.) the ability to run sudo without a password.

To edit the sudoers file you use visudo, but it must be run with admin permission. Try:

$ sudo visudo

Add a line like the following to the end of the file, replacing user_name with the user who will run your script. Note, use tabs between each field.

user_name    ALL=(ALL)     NOPASSWD:ALL

Now user_name should be able to type sudo and will not be prompted for a password.

Also note that visudo is a text editor that mirrors the vi editor and uses the same commands as vi.