"Run as administrator" doesn't seem to be working

[arvindsree]

Probably, this is broken with the newer Mac OS updates

[sveinbjornt]

Works fine on 10.12.1. If I wrap the following script in a Platypus app set to run with admin privileges:

echo "/usr/bin/whoami:"
whoami
echo ""
echo "Real User ID:"
echo $UID \($USER\)
echo ""
echo "Effective User ID:"
/usr/bin/id -u
echo ""
echo "Current working directory:"
echo "$PWD"

I get the following:

/usr/bin/whoami:
root

Real User ID:
501 (sveinbjorn)

Effective User ID:
0

Current working directory:
/Users/sveinbjorn/Desktop/Script 5.app/Contents/Resources

You are aware that running AuthorizationExecuteWithPrivileges() is not equivalent to running AS the root user. Rather, it is run with root privileges. See documentation.

[Kriechi]

I'm running a python3 script with this code:

print(subprocess.check_output(['/usr/bin/id', '-u']))

and it does not yield the expected result of 0, but instead my regular uid of 501 is printed.
Also the python built-in command shows the same behaviour: import os; os.geteuid().

[sveinbjornt]

Hmmm, strange. What version of macOS are you running? Which python interpreter? Could you try running
Test.app.zip and post your output?

[Kriechi]

@sveinbjornt no offense, but I'm not going to run your application with root privileges on my system... 😄 I'm sure it's clean and you have no malicious intend in mind - I'm just paranoid.

I'm using pyenv and python3.6 installed to /Users/foobar/.pyenv/shims/python3.

[sveinbjornt]

Well, you're running my code any time you authenticate a Platypus-generated app... :)

Anyway, could you create an app that authenticates from the following script and tell me your result:

#!/bin/sh

echo "/usr/bin/whoami:"
whoami
echo ""
echo "Real User ID:"
/usr/bin/id -r -u
echo ""
echo "Effective User ID:"
/usr/bin/id -u
echo ""
echo "Current working directory:"
echo "$PWD"

[Kriechi]

@sveinbjornt output:

​/usr/bin/whoami:
root
Real User ID:
501
Effective User ID:
0
Current working directory:
/Users/foobar/Downloads/Foo.app/Contents/Resources

looks correct... I'm trying to use the "None" interface - maybe there is something wrong there?

[Kriechi]

If I use this python3 script:

import sys
import os
import subprocess
print(subprocess.check_output(['whoami']))
print(subprocess.check_output(['/usr/bin/id', '-r', '-u']))
print(subprocess.check_output(['/usr/bin/id', '-u']))
print(os.getuid())
print(os.geteuid())
sys.exit(0)

• with "Run with root privileges"
• with "Remain running after execution"
• with "Text Window" interface
• with Script Type: Other: /Users/foobar/.pyenv/shims/python3 and no additional args

I get:

foobar
b'501\n'
b'501\n
501
501

which is not what I was hoping for... Any ideas?

[sveinbjornt]

Strange. I tested this on Python 3.7 installed via Brew, and everything worked as it should:

​b'root\n'
b'501\n'
b'0\n'
501
0

[Kriechi]

Thanks for testing this again @sveinbjornt - what shebang and "Script Type" did you use on your system?

[sveinbjornt]

Platypus apps don't use the shebang line to determine the interpreter when they execute scripts. I had set the Python3.7 binary in /usr/local/bin/python3 as interpreter.

This issue may be related to #97 . /bin/bash cannot run directly as root, it seems. Perhaps a similar issue is affecting your python build.

[Kriechi]

ugh - that sounds like a serious drawback if the shebang is just ignored...
You are probably right - pyenv and shebangs might mess things up for me.
I'll give it another try with the built-in OS python.

[sveinbjornt]

The shebang line is just meta-data for the shell to determine which interpreter to use when the script is executed without specifying an interpreter directly in the shell command. E.g.

./myscript.py
vs
/usr/bin/python myscript.py

But of course, Platypus-generated apps don't run scripts in a shell.

However, the shebang line IS used to infer which interpreter to use. When you drag a script on the Platypus application, it intelligently parses the shebang line for an interpreter and configures the GUI controls accordingly. When the ensuing Platypus-generated app actually runs, it uses the interpreter (and arguments etc.) specified in a file bundled with the app (AppSettings.plist).

You can always press the Args button in the Platypus main window to see the command used to execute the script.

[sveinbjornt]

Any luck with the system python?

[PaulVaroutsos]

I'm also experiencing this issue on MacOS Mojave Version 10.14.2 (18C54) using the system python version 2.7.10. No other versions of python are installed.
Running the above script from a Platypus created .app with "Run with root privileges" selected results with the following:
/usr/bin/whoami:
foobar
Real User ID:
501
Effective User ID:
501
Current working directory:
/Users/foobar/Desktop/Test.app/Contents/Resources

[sveinbjornt]

@PaulVaroutsos I cannot reproduce this. You're using the /bin/sh interpreter, right? Here's a thought: This might be related to whether SIP is enabled. I always turn the damn thing off because I like mucking about with the OS. Maybe SIP somehow cripples the system Python install.

[Kriechi]

@sveinbjornt My system:

$ csrutil status
System Integrity Protection status: enabled.

[PaulVaroutsos]

I was using /usr/bin/python, which Platypus auto-populated when I selected my Python script. The python script includes the shebang.

I also get: System Integrity Protection status: enabled.

[simone-pignotti]

Hi, I am experiencing the same problem with /bin/bash on 10.12.6 and 10.14.6 when SIP is enabled.

[sveinbjornt]

@simone-pignotti It looks like /bin/bash cannot run as root. See #97

[simone-pignotti]

I see, thank you!

[actuallymentor]

@sveinbjornt I am able to run bash scripts as root now. Not sure if this was an OSX upgrade.