After some research and testing, I hit on this method:
- Edit the macOS "sudoers" file (using sudo visudo) and change the %admin line to ALL=(ALL) NOPASSWD:ALL
- use sudo in the embedded Hazel script with "echo" to overwrite the existing file in place, with a note that Hazel rolled it...but you have to do it a certain way, by invoking another shell using "sh -c":
 - Code: Select all
- sudo sh -c "echo \"Log rolled by Hazel, $(date +"%m-%d-%y_%H:%M:%S")\n\" > fileToRoll.log"
 
Note that editing sudoers like this gives all admin-level accounts on the machine the ability to do anything they want as root. That has security implications, so be aware of that. You could get fancier and edit sudoers to give only a single account the ability to use only the "echo" command as root if you wanted to get more specific.
Hope this helps someone that is trying to elevate Hazel's permissions in the shell.
John
* My specific goal was to do log-rolling for Tomcat’s “catalina.out” file, because the macOS logroller (newsyslog) doesn’t have the ability to truncate a log in-place (like other unixes do with logrotate using the copytruncate option), and I didn't want to have to restart Tomcat every time I rolled the log.