Shell scripts are easier to run on macOS compared to Windows 10 because macOS is based on UNIX. It’s something the system has in common with a Linux system. Shell commands will run without trouble and you will be able to use a few select apps Linux apps too though you would benefit more from a macOS version of them if they’re available. I have a certain program that doesn't work right unless I run it as sudo. I don't mind having to type in my password, but I'd like to get out of the whole process of opening command line and typing 'sudo./'+script name. If you create a script that runs as sudo and click it, it just fails due to permissions. Is there a way to do this more quickly? I got here because mac osx instructed me to re-run the brew install. command as sudo. The real issue was that I had just installed the xcode command line tools and had not accepted the xcode license agreement yet and that requires root. This is because the shutdown command can be run only by the root user or by an administrator user with root user privileges. To run commands with superuser privileges, use the sudo command.sudo stands for superuser do. The following example works on computers with macOS installed, so don’t run it unless you want to restart your computer.
Warning: All of the following methods have security implications that users should be aware of. As put by Emmanuele Bassi, a GNOME developer: 'there are no *real*, substantiated, technological reasons why anybody should run a GUI application as root. By running GUI applications as an admin user you're literally running millions of lines of code that have not been audited properly to run under elevated privileges; you're also running code that will touch files inside your $HOME and may change their ownership on the file system; connect, via IPC, to even more running code, etc. You're opening up a massive, gaping security hole [...].'[1]
Avoid running graphical applications as root if possible, see #Circumvent running graphical apps as root.
- 1Circumvent running graphical apps as root
- 2Xorg
- 2.2Alternate methods
- 3Wayland
Circumvent running graphical apps as root
sudoedit
To edit files as root, use sudoedit.
GVFS
Access to privileged files and directories is possible through GVFS by specifying the
admin
backend in the URI scheme[2][3], e.g.:Mac Sudo Commands
or
Tip: This can also be done from the application location bar/file selector: e.g. in nautilus or gedit, type
Ctrl+l
and then prepend the admin://
scheme to the resource path. The same effect can be attained via the Other locations server address bar.Xorg
By default, and for security reasons, root will be unable to connect to a non-root user's X server. There are multiple ways of allowing root to do so however, if necessary.
The proper, recommended way to run GUI apps under X with elevated privileges is to create a Polkit policy, as shown in this forum post. This should however 'only be used for legacy programs', as pkexec(1) reminds. Applications should rather 'defer the privileged operations to an auditable, self-contained, minimal piece of code that gets executed after doing a privilege escalation, and gets dropped when not needed'[4]. This may be the object of a bug report to the upstream project.
Punctual methods
Those methods wrap the application in an elevation framework and drop the acquired privileges once it exits:
- kdesu(1) (from kde-cli-tools)
- sudo (must be properly configured)
- suxAUR (wrapper around su which will transfer your X credentials)
Alternate methods
These methods will allow root to connect to a non-root user's X server, but present varying levels of security risks, especially if you run ssh. If you are behind a firewall, you may consider them to be safe enough for your requirements.
Xhost
Xhost can be used to temporarily allow root access.
Permanently allow root access
- Method 1: Add the line
to
/etc/pam.d/su
and /etc/pam.d/su-l
. Then switch to your root user using su
or su -
.- Method 2: Globally in
/etc/profile
Add the following line to
/etc/profile
:This will permanently allow root to connect to a non-root user's X server.
![My sudo app My sudo app](/uploads/1/3/4/2/134201705/654733235.jpg)
Run Command As Sudo
Or, merely specify a particular app:
where
appname
is the name of the particular app. (e.g. kwrite)Wayland
Trying to run a graphical application as root via su, sudo or pkexec in a Wayland session (e.g. GParted or Gedit), will fail with an error similar to this:
Before Wayland, running GUI applications with elevated privileges could be properly implemented by creating a Polkit policy, or more dangerously done by running the command in a terminal by prepending the command with
sudo
; but under (X)Wayland this does not work anymore as the default has been made to only allow the user who started the X server to connect clients to it (see the bug report and theupstreamcommits it refers to).Avoid running graphical applications as root if possible, see #Circumvent running graphical apps as root.
A more versatile though more insecure workaround allows any graphical application to be run as root #Using xhost.
Run Sudo As Specific User
Using xhost
This article or section needs expansion.
Reason: Mention that xhost only works under XWayland. (Discuss in Talk:Running GUI applications as root#)
A more versatile —though much less secure— workaround is to use xhost to temporarily allow the root user to access the local user's X session[5]. To do so, execute the following command as the current (unprivileged) user:
To remove this access after the application has been closed:
Retrieved from 'https://wiki.archlinux.org/index.php?title=Running_GUI_applications_as_root&oldid=632197'