[sudo-users] Giving access to one app for all users
bob at proulx.com
Wed May 17 11:38:33 EDT 2006
Paul Thompson wrote:
> I have a client OS X 10.4.6 machine that I have created an
> AppleScript application on. It is designed to replace the
> printers.conf file in the /etc/cups directory. To be able to do
> that you need to enter an administrator's name and password to run
> the script.
The script you wrote asks for the name and password. Gotcha.
> What I'm trying to do is remove that limitation for that one app so
> that any user, whether local or networked, will be able to run that
> script. I have tried modifying the sudoers file in /etc/.
sudo will allow you to run the command as root but sudo will also ask
for your password. So now you have one password question followed by
a name and password question. Gotcha.
> I have added a command
> alias under the command alias specification for the path to the app,
> and added the line %users ALL= NOPASSWD: PRINTING under the user
> privilege specification.
> Cmnd_Alias PRINTING = /Applications/PrintScrip.app
> root ALL=(ALL) ALL
> %admin ALL=(ALL) ALL
> %users ALL= NOPASSWD: PRINTING
This should allow all users in group "users" to run
/Applications/PrintScrip.app without a password. Looks good. So now
we only have your app asking for the name and password. Gotcha.
> I would have thought that would have been what I needed, but when I
> log in as a regular user, it still gives me the dialogue box to
> enter a username and password.
Dialog box? That would be your application, correct? Isn't that what
I am not familiar with your Mac OS X system but on my GNU systems sudo
does not pop up a dialog box. If it needs a password it will ask for
it from the tty device with echo turned off. If you are seeing a
dialog box it is probably from your application after sudo has started
In the meantime, test sudo access using -l to list out what the user
That should provide useful information.
More information about the sudo-users