XYMer's Home away from Home

When http://bbs.xlr8yourmac.com is down (i.e. always)
It is currently Mon Apr 24, 2017 3:24 am

All times are UTC - 8 hours




Post new topic Reply to topic  [ 20 posts ] 
Author Message
PostPosted: Thu Apr 06, 2017 6:41 am 
Offline

Joined: Thu May 15, 2008 8:21 pm
Posts: 1054
Location: Burblandia
I've got a small file.sh that runs in terminal and does this:
Code:
#!/bin/bash
sudo kextunload /System/Library/Extensions/AppleHDA.kext
sudo kextload /System/Library/Extensions/AppleHDA.kext


It has worked fine but I recently lowered the administrative privilege of my everyday account (better security habit) so now terminal does not see that user in sudo list. I can logout and then log into the administrator account to run the command but I wonder if there is a more simple way. Can I temporarily 'call' my administrative account to just run that command (it's actually a .sh file) without logging out and into the admin account? I also want to be certain the elevated privilege (if that's the correct term) is temporary and is returned to 'normal' upon closing terminal. Thanks.


Last edited by db5owat on Thu Apr 06, 2017 7:45 pm, edited 1 time in total.

Top
 Profile  
 
PostPosted: Thu Apr 06, 2017 8:19 am 
Offline

Joined: Sat Apr 11, 2009 2:15 pm
Posts: 5806
Location: NYC
I'm sure someone else will come along with a more direct way of running this small script. I always run standard. When I need to run anything sudo, I su to my admin account first, give the admin password, enter the command and give the admin password again, when requested.

As in

su - shortnameadminaccount

Maybe that can somehow be incorporated directly into the script.


Top
 Profile  
 
PostPosted: Thu Apr 06, 2017 5:36 pm 
Offline

Joined: Thu May 15, 2008 8:21 pm
Posts: 1054
Location: Burblandia
Anyone know how to add something like that to the code above to provide a one click solution?


Top
 Profile  
 
PostPosted: Thu Apr 06, 2017 6:24 pm 
Offline
User avatar

Joined: Thu May 15, 2008 8:13 pm
Posts: 9168
Location: Caught between the moon and NYC
You can just insert the su - shortname in front of the kextload. then add exit at the end.

It will make you enter your admin account password but it should work normally otherwise.


Top
 Profile  
 
PostPosted: Thu Apr 06, 2017 7:43 pm 
Offline

Joined: Thu May 15, 2008 8:21 pm
Posts: 1054
Location: Burblandia
MonkeyBoy wrote:
You can just insert the su - shortname in front of the kextload. then add exit at the end.

It will make you enter your admin account password but it should work normally otherwise.

Would 'su - shortname' take the place of 'sudo' in the code above? If so does it need to replace both 'sudo' spots?Forgive one last clarification...where exactly should 'exit' go? Thanks.


Top
 Profile  
 
PostPosted: Thu Apr 06, 2017 8:41 pm 
Offline
Benevolent Dictator
User avatar

Joined: Mon Apr 21, 2008 2:03 am
Posts: 14361
http://osxdaily.com/2014/02/06/add-user ... -file-mac/


Top
 Profile  
 
PostPosted: Fri Apr 07, 2017 6:33 am 
Offline

Joined: Sat Apr 11, 2009 2:15 pm
Posts: 5806
Location: NYC
BDAqua wrote:
http://osxdaily.com/2014/02/06/add-user-sudoers-file-mac/

Wouldn't doing that defeat the purpose of running standard?


Top
 Profile  
 
PostPosted: Fri Apr 07, 2017 9:34 am 
Offline
Benevolent Dictator
User avatar

Joined: Mon Apr 21, 2008 2:03 am
Posts: 14361
Duh, I guess so. :oops:


Top
 Profile  
 
PostPosted: Fri Apr 07, 2017 12:01 pm 
Offline

Joined: Thu May 15, 2008 8:21 pm
Posts: 1054
Location: Burblandia
MonkeyBoy wrote:
You can just insert the su - shortname in front of the kextload. then add exit at the end.

It will make you enter your admin account password but it should work normally otherwise.

Like this?
Code:
#!/bin/bash
su - shortname kextunload /System/Library/Extensions/AppleHDA.kext
su - shortname kextload /System/Library/Extensions/AppleHDA.kext
exit


Top
 Profile  
 
PostPosted: Sat Apr 08, 2017 4:39 am 
Offline

Joined: Sat Apr 11, 2009 2:15 pm
Posts: 5806
Location: NYC
db5owat wrote:
MonkeyBoy wrote:
You can just insert the su - shortname in front of the kextload. then add exit at the end.

It will make you enter your admin account password but it should work normally otherwise.

Like this?
Code:
#!/bin/bash
su - shortname kextunload /System/Library/Extensions/AppleHDA.kext
su - shortname kextload /System/Library/Extensions/AppleHDA.kext
exit

You're omitting the sudo. su - shortname is not a substitute for the needed sudo prefix in these two commands.

Not certain of this, but could give it a try (edited.) Or maybe wait for MB to turn up:
Code:
#!/bin/bash
su - shortname
sudo kextunload /System/Library/Extensions/AppleHDA.kext
sudo kextload /System/Library/Extensions/AppleHDA.kext
exit


You will be prompted for your password at least once, maybe twice. What is happening is that su - shortname(adminaccount) is asking the system to give your non-admin user the elevated privileges of the admin user, to act as if it is the admin user. So to get there you need to authenticate that request with the admin user password--the admin user first has to agree to that--and then probably another time to authenticate the sudo in the first command of the script--but not sure if there will be that second password request or not. There would be a second password request for the first sudo if these commands were being executed independently. Not sure what happens when it's a bash script.


Top
 Profile  
 
PostPosted: Sat Apr 08, 2017 8:30 pm 
Offline
User avatar

Joined: Thu May 15, 2008 8:13 pm
Posts: 9168
Location: Caught between the moon and NYC
Just to back up WZZZ, su is not a replacement for sudo.

su - shortname simply changes you over to that super user account. From that point on everything you do is as that user.

I normally use "sudo su -" to switch to root, at which point I don't have to sudo anything because it's all run as root. Otherwise I don't normally use su.

I think you may need to issue your kextload/unload with a sudo.

Code:
#!/bin/bash
su - adminaccount
sudo kextunload /System/Library/Extensions/AppleHDA.kext
sudo kextload /System/Library/Extensions/AppleHDA.kext
exit

Note that I haven't tested this. Worst case you may be prompted for your admin account password twice.

You might be able to get away w/o the sudos but I doubt it. su - adminuser drops you at a terminal where whoami reports you are adminuser (not root). You need to sudo su - to run as root at that point, which would seem to indicate sudo is required to execute commands as root.


Top
 Profile  
 
PostPosted: Sun Apr 09, 2017 6:57 am 
Offline

Joined: Thu May 15, 2008 8:21 pm
Posts: 1054
Location: Burblandia
MonkeyBoy wrote:
Just to back up WZZZ, su is not a replacement for sudo.

su - shortname simply changes you over to that super user account. From that point on everything you do is as that user.

I normally use "sudo su -" to switch to root, at which point I don't have to sudo anything because it's all run as root. Otherwise I don't normally use su.

I think you may need to issue your kextload/unload with a sudo.

Code:
#!/bin/bash
su - adminaccount
sudo kextunload /System/Library/Extensions/AppleHDA.kext
sudo kextload /System/Library/Extensions/AppleHDA.kext
exit

Note that I haven't tested this. Worst case you may be prompted for your admin account password twice.

You might be able to get away w/o the sudos but I doubt it. su - adminuser drops you at a terminal where whoami reports you are adminuser (not root). You need to sudo su - to run as root at that point, which would seem to indicate sudo is required to execute commands as root.

This isn't quite working. I'm not sure what is hanging it up but if I run it in terminal the result is that I am elevated to admin acct but it does not seem to run any of the code that follows. Obviously I can copy and paste the code at that point but as a learning experience and to simplify this process to a single click I wonder if there is anything else I might try? Could it simply be a timing issue? It seems like it wants to be a two part operation. Switch to admin, then run the code. I appreciate the help thus far from everyone (WZZZ, MonkeyBoy, BDA).


Top
 Profile  
 
PostPosted: Sun Apr 09, 2017 8:48 pm 
Offline

Joined: Thu Jul 05, 2012 4:02 pm
Posts: 942
Location: Melbourne
I was wondering why you want to unload and load this AppleHDA.kext. Googling brings it up with mentions of patching it, so there seems to be some problem with it but I was always reading the end of the conversation. Just as a general outline, what is the bug you are experiencing with this that unloading/reloading seems to fix.


Top
 Profile  
 
PostPosted: Mon Apr 10, 2017 5:27 am 
Offline

Joined: Thu May 15, 2008 8:21 pm
Posts: 1054
Location: Burblandia
roam wrote:
I was wondering why you want to unload and load this AppleHDA.kext. Googling brings it up with mentions of patching it, so there seems to be some problem with it but I was always reading the end of the conversation. Just as a general outline, what is the bug you are experiencing with this that unloading/reloading seems to fix.

Great question roam. I'll give it a try although I'm not sure I can give 'under the hood' specifics. I have a hackintosh and as you probably know the audio for hackintosh users has always been somewhat of an issue. These days I think it is larglely worked out pretty well but my rig is an older one, vintage 2010 and therefore uses a non UEFI motherboard. When UEFI boards came on the scene it coincided with most hackintosh users moving to Clover as a bootloader. I in fact use Clover, however, since I use a 'legacy' mother board I need to keep the Clover efi folder in the root directory while UEFI users tend to take advantage of the existing hidden apple created EFI partition as a storage area for that same Clover EFI partition. It keeps it out of sight and makes for a seemingly more 'vanilla' apple-like experience. What does this have to do with audio? Well, sometime during this move to Clover developers came up with various ways to address the finicky audio issues (most of the problems revolved around losing audio after updates). It seems the audio could be made to survive updates with particular scripts that patched kext files et al. and kept those things as part of the Clover EFI folder within the hidden EFI partition. My legacy set up didn't provide for this and even though there is supposed to now be a way of dealing with my system using Clover and keeping EFI folder in hidden EFI partition and with audio surviving after updates I have never been successful getting it to work. In fact my system is further complicated by the fact that I use a Tascam audio interface requiring an additional kext. I still need onboard audio though for use with screen/audio capture programs. To make a long story short, my audio works perfectly well but gets 'knocked' offline about once a week. I have no idea what causes it. The script to unload and load the HDA kext brings back full function if only for a week or so. When I commit to Sierra, I think this will no longer be necessary. Not ready to go there quite yet.


Top
 Profile  
 
PostPosted: Mon Apr 10, 2017 2:48 pm 
Offline

Joined: Thu Jul 05, 2012 4:02 pm
Posts: 942
Location: Melbourne
Ah thanks, I had no idea about any of that. It sounds like running a hackintosh requires a full set of tools.

I'm a little vague about this script. You wondered if it was a timing issue. Playing around with it, I think it is an environment issue.
You start in standard account, then running the script [line 2] opens another terminal in admin account with nothing to do. When you exit that it goes back to standard and returns to the running script, and [line 3] who then no longer has privileges. i.e the script creates a second environment that is disconnected from the first.
But I don't know what to do about that, though I expect it needs to be more complex code.

At least you have a workaround, of knowing how to easily slip into admin.


Top
 Profile  
 
PostPosted: Mon Apr 10, 2017 3:48 pm 
Offline
User avatar

Joined: Thu May 15, 2008 8:13 pm
Posts: 9168
Location: Caught between the moon and NYC
Yeah, this has gotten into an area I haven't played with in several years. I think roam is spot on though, su is opening a new terminal session, and there's nothing for it to do because the script is executing in the previous terminal.


Top
 Profile  
 
PostPosted: Tue Apr 11, 2017 9:28 am 
Offline

Joined: Thu May 15, 2008 8:21 pm
Posts: 1054
Location: Burblandia
Thanks for the suggestions all. At this point I'm going to activate fast user switching and just pop into the admin account for those few occasions when I need to run the script to return audio function. It's a fairly quick process and I can then easily return to the standard user account.


Top
 Profile  
 
PostPosted: Tue Apr 11, 2017 9:51 am 
Offline
User avatar

Joined: Thu May 15, 2008 8:13 pm
Posts: 9168
Location: Caught between the moon and NYC
I would just sudo su - adminuser and then put the kext script in whatever folder the su dumps you in... usually the user folder. So then in Terminal I just type ./scriptname.sh and it executes. After you're done type exit to log out of the su terminal and quit Terminal. It's not as simple as a double click but once you get in the habit its not that bad.

I don't allow any of my Linux servers to automatically update, it's all a manual process so i can be sure I have a snapshot and backups and review change notes and all the associated headaches before plunging ahead with the updates, which I do via a similar method... log into an administrator account and there's bunch of scripts in the user directory to do all my routine tasks.


Top
 Profile  
 
PostPosted: Fri Apr 14, 2017 7:08 pm 
Offline

Joined: Thu May 15, 2008 8:21 pm
Posts: 1054
Location: Burblandia
MonkeyBoy wrote:
I would just sudo su - adminuser and then put the kext script in whatever folder the su dumps you in... usually the user folder. So then in Terminal I just type ./scriptname.sh and it executes. After you're done type exit to log out of the su terminal and quit Terminal. It's not as simple as a double click but once you get in the habit its not that bad.

I don't allow any of my Linux servers to automatically update, it's all a manual process so i can be sure I have a snapshot and backups and review change notes and all the associated headaches before plunging ahead with the updates, which I do via a similar method... log into an administrator account and there's bunch of scripts in the user directory to do all my routine tasks.

Just confirming that this works very nicely and is quite easy to do. I had to wait awhile for the audio to drop out before I could try it out.


Top
 Profile  
 
PostPosted: Fri Apr 21, 2017 4:00 pm 
Offline

Joined: Sat Sep 27, 2008 6:28 pm
Posts: 185
You can set the permissions of a command to be run in root. There is a security risk for shell files because they can be interrupted and you end up in root. Some unix system still let you setuid for shell files. Do no know about macOS.

Here is the hack:
https://superuser.com/questions/440363/ ... te-as-root

R


Top
 Profile  
 
Display posts from previous:  Sort by  
Post new topic Reply to topic  [ 20 posts ] 

All times are UTC - 8 hours


Who is online

Users browsing this forum: No registered users and 1 guest


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for:
Jump to:  
cron
Powered by phpBB® Forum Software © phpBB Group