#1 03 Sep 2018 15:55

tomhsiung
Member
Registered: 20 Aug 2018
Posts: 8

Automator run shell script - running setugid(), which is not allowed

I have made a automator shell script to add static routes. It needs root privilege. Because the Mac's route table gets back to default every time system reboots, I need this script to run automatically every time the system starts up.

sudo route -n add 192.168.1.0/24 192.168.2.1

However, if I use this syntax as the automator script, a prompt window pops up and I have to type in the password manually. My Mac is to be a server, without monitor. I need to let the script execute by itself

I could easily write the script like this:

echo password | sudo -S route -n add 192.168.1.0/24 192.168.2.1

This method works, but it is not safe as your password is stored in the script in plain text.

Someone suggests to use the setuid mehtod.

I locate the executable file of the automator app (I saved the automator shell script as an app). The executable file is called "Application Stub".

4045609 -rwsr-xr-x@ 1 root       staff  69136 Aug 18 09:33 Application Stub

After that, I try to run the app by double-clicking the app file. Nothing happens, neither any error message. Later I double-clicked the executable "Application Stub" file and an error prompt window popped up saying:

Toms-MacBook-Pro:~ tomhsiung$ /Users/tomhsiung/launch/netstat.app/Contents/MacOS/Application\ Stub ; exit;
2018-09-03 22:13:29.331 Application Stub[869:372645] The application with bundle ID com.apple.automator.netstat is running setugid(), which is not allowed.
logout
Saving session...
...copying shared history...
...saving history...truncating history files...
...completed.

[Process completed]

Any solution?

Last edited by tomhsiung (03 Sep 2018 15:56)

Offline

#2 04 Sep 2018 22:56

Simon Sheppard
Super Administrator
Registered: 27 Aug 2005
Posts: 976
Website

Re: Automator run shell script - running setugid(), which is not allowed

The simple way to hide a password is to store it in a file (with suitable permissions) and then have your script read the value from the file.

However, I think you really want to use 'networksetup' instead
see this page for an example
http://www.marcoach.nl/persistent-stati … s-on-os-x/

Offline

#3 05 Sep 2018 07:11

tomhsiung
Member
Registered: 20 Aug 2018
Posts: 8

Re: Automator run shell script - running setugid(), which is not allowed

There is two LANs and two routers. 

The route (Mac mini):
172.31.30.1/27

LAN 1:
172.31.30.x
gateway: 172.31.30.1

The router (TP-Link):
192.168.2.1/24

LAN 2:
192.168.2.x
gateway: 192.168.2.1

If the hosts within LAN 1 want to access hosts within LAN2, a static route must be added to router (Mac mini), like:
Destination: 192.168.2.0
Genmask: 255.255.255.0
Next hop: 172.31.30.x (IP address of one of the network interface of router TP-Link that attaches to LAN 1).

What happens if the Mac mini reboots? It seems that even without the statistic route, hosts within LAN 2 is able to access router Mac mini.

Tom

Last edited by tomhsiung (05 Sep 2018 07:11)

Offline

Board footer

Powered by FluxBB