Giving Hazel sudo/root privileges
Posted: Tue May 22, 2018 8:22 pmI had a situation where I was trying to use Hazel to overwrite a file to which the normal admin user did not have default permission to do*. Hazel got a permissions error every time when trying to do it via the embedded shell script feature. I was able do it manually at the Terminal using "sudo", but that prompts for a password and I didn't want to put the password in cleartext in Hazel's embedded shell script.
After some research and testing, I hit on this method:
Note that editing sudoers like this gives all admin-level accounts on the machine the ability to do anything they want as root. That has security implications, so be aware of that. You could get fancier and edit sudoers to give only a single account the ability to use only the "echo" command as root if you wanted to get more specific.
Hope this helps someone that is trying to elevate Hazel's permissions in the shell.
John
* My specific goal was to do log-rolling for Tomcat’s “catalina.out” file, because the macOS logroller (newsyslog) doesn’t have the ability to truncate a log in-place (like other unixes do with logrotate using the copytruncate option), and I didn't want to have to restart Tomcat every time I rolled the log.
After some research and testing, I hit on this method:
- Edit the macOS "sudoers" file (using sudo visudo) and change the %admin line to ALL=(ALL) NOPASSWD:ALL
- use sudo in the embedded Hazel script with "echo" to overwrite the existing file in place, with a note that Hazel rolled it...but you have to do it a certain way, by invoking another shell using "sh -c":
- Code: Select all
sudo sh -c "echo \"Log rolled by Hazel, $(date +"%m-%d-%y_%H:%M:%S")\n\" > fileToRoll.log"
Note that editing sudoers like this gives all admin-level accounts on the machine the ability to do anything they want as root. That has security implications, so be aware of that. You could get fancier and edit sudoers to give only a single account the ability to use only the "echo" command as root if you wanted to get more specific.
Hope this helps someone that is trying to elevate Hazel's permissions in the shell.
John
* My specific goal was to do log-rolling for Tomcat’s “catalina.out” file, because the macOS logroller (newsyslog) doesn’t have the ability to truncate a log in-place (like other unixes do with logrotate using the copytruncate option), and I didn't want to have to restart Tomcat every time I rolled the log.