Launch sudo command from MacOS App Swift

Question

I need to launch a terminal command to xcode. This is the command:

sudo xattr -d -r com.test.exemple /Desktop/file.extension

I tried so

   let task = Process()
        task.launchPath = "/usr/sbin/xattr"
        task.arguments = ["-d","-r", "com.test.exemple"," /Desktop/file.extension"]
        let pipe = Pipe()
        task.standardOutput = pipe
        task.standardError = pipe
        task.launch()
        task.waitUntilExit()
        let data = pipe.fileHandleForReading.readDataToEndOfFile()
        let output : String = NSString(data: data, encoding: String.Encoding.utf8.rawValue) as! String
        print(output)

And what was the outcome of your attempt? Sudo generally requires the user to enter their password. — David S., Feb 27 '17 at 18:36
You cannot use `Process()` with `sudo`. You need a privileged helper. — vadian, Feb 27 '17 at 18:41
You could ask for the password from the user then pass it into sudo. See http://stackoverflow.com/questions/233217/how-to-pass-the-password-to-su-sudo-ssh-without-overriding-the-tty — David S., Feb 27 '17 at 18:42
@vadian No, the question is about executing the macOS terminal command 'sudo', which is identical on MacOS and Linux. The fact that he is executing it via a `Process` in swift is incidental. — David S., Feb 27 '17 at 18:47
@DavidShaw The way(s) described in the link does definitely not work with `Process()` in Swift. — vadian, Feb 27 '17 at 18:49

score 1 · Answer 1 · answered Feb 27 '17 at 21:11

Here's one way to do it using a pipe between commands. I verified that when I use the arguments in the commented out line that the file gets created by the super user.

What it is doing is this:

echo 'password' | sudo -S /usr/bin/xattr -d -r com.test.exemple /Desktop/file.extension

func doTask(_ password:String) {
    let taskOne = Process()
    taskOne.launchPath = "/bin/echo"
    taskOne.arguments = [password]

    let taskTwo = Process()
    taskTwo.launchPath = "/usr/bin/sudo"
    taskTwo.arguments = ["-S", "/usr/bin/xattr", "-d", "-r", "com.test.exemple", " /Desktop/file.extension"]
    //taskTwo.arguments = ["-S", "/usr/bin/touch", "/tmp/foo.bar.baz"]

    let pipeBetween:Pipe = Pipe()
    taskOne.standardOutput = pipeBetween
    taskTwo.standardInput = pipeBetween

    let pipeToMe = Pipe()
    taskTwo.standardOutput = pipeToMe
    taskTwo.standardError = pipeToMe

    taskOne.launch()
    taskTwo.launch()

    let data = pipeToMe.fileHandleForReading.readDataToEndOfFile()
    let output : String = NSString(data: data, encoding: String.Encoding.utf8.rawValue) as! String
    print(output)
}

this throws an error `Couldn't posix_spawn: error 1` – Martin Dec 06 '17 at 08:21 — Martin, Dec 06 '17 at 08:21
Use this "/usr/bin/env" instead of "/usr/bin/sudo" – Santosh Feb 24 '21 at 04:59 — Santosh, Feb 24 '21 at 04:59

score 1 · Answer 2 · answered Jul 02 '21 at 18:00

I came across this question after reading this newer question. Just in case somebody arrives here via search, here's the code from my answer to that question.

There's no real need to pipe through echo; the following works just fine: The following more direct approach is tested and working:

import Foundation

let password = "äëïöü"
let passwordWithNewline = password + "\n"
let sudo = Process()
sudo.launchPath = "/usr/bin/sudo"
sudo.arguments = ["-S", "/bin/ls"]
let sudoIn = Pipe()
let sudoOut = Pipe()
sudo.standardOutput = sudoOut
sudo.standardError = sudoOut
sudo.standardInput = sudoIn
sudo.launch()

// Show the output as it is produced
sudoOut.fileHandleForReading.readabilityHandler = { fileHandle in
    let data = fileHandle.availableData
    if (data.count == 0) { return }
    print("read \(data.count)")
    print("\(String(bytes: data, encoding: .utf8) ?? "<UTF8 conversion failed>")")

}
// Write the password
sudoIn.fileHandleForWriting.write(passwordWithNewline.data(using: .utf8)!)

// Close the file handle after writing the password; avoids a
// hang for incorrect password.
try? sudoIn.fileHandleForWriting.close()

// Make sure we don't disappear while output is still being produced.
sudo.waitUntilExit()
print("Process did exit")

The crux is that you must add a newline after the password.

When I tried this code, it says 'expressions are not allowed at top level' — alex, Jan 05 '23 at 22:09
@alex your best bet is to open a new question explaining a bit more about what you were doing and a reproducible example. If sounds like you copied and pasted the code into a file that was not the main Swift file. — idz, Jan 11 '23 at 20:00

score 1 · Answer 3 · answered Jan 06 '22 at 10:17

In Xcode's "Signing & Capabilities" tab, disable "App Sandbox"
Use AppleScript:

func runScriptThatNeedsSudo() {
    let myAppleScript = """
do shell script \"sudo touch /Library/hello
sudo launchctl kickstart -k system/com.apple.audio.coreaudiod" with administrator privileges
"""
    var error: NSDictionary?
    let scriptObject = NSAppleScript(source: myAppleScript)!
    scriptObject.executeAndReturnError(&error)
}

This will prompt the user for their password.

Consider this a security issue because it will indiscriminately run any tool or application, severely increasing the user's security risk. Always inform the user about what your application is about to do. You should avoid the use of this functionality if possible.

Launch sudo command from MacOS App Swift

3 Answers3

Linked