Use sudo for command line programs (like nano), but use gksu or gksudo for GUI programs, which often use configuration files in the home directory. If you use plain sudo, the root user can take ownership or your user ID's configuration files and the program used that way will stop working (unless you continue using sudo). From the dropdown menu click on Open. The application is now saved as an exception in your security settings and can be opened like any other registered app. Method 2: Bring back the 'anywhere. Mar 16, 2015 In my Mac OS X career, I've only used this trick a handful of times. You must bypass the open command and drill into the Package Contents to run the app with sudo and admin privileges. Apps can of course use API to ask the system for authentication and pop up the dialog you expect when asked for an administrator user and password. TextEdit doesn't have that function so you have to work around the file permissions before and after you open and write the files desired. Have you tried using sudo open -a textedit to open the app? Enter administrator commands in Terminal on Mac You must be an administrator or root user, also called superuser, to execute many of the commands used to manage a server. For example, if you’re not an administrator or a root user, entering the shutdown command gives you an error.
- Macos - How To Open The Finder As Root - Ask Different
- Cached
- Run OS X Apps As Root. If You’ve Used Mac OS X’s Command Line .
- C++ - How To Debug Programs With 'sudo' In VSCODE
In recent software updates, Apple has included more stringent security measures in its OS with the goal of better protecting your Mac from malware. While this gives you an added layer of protection, it also makes it more difficult to open applications that Apple is not familiar with (such as those not in the App Store or those created by unidentified developers).
While it may be tricky, opening these apps is possible. Here, we’ll explain the reasoning behind Apple’s enhanced security, show you how to allow any and all apps on your Mac, and even briefly discuss keeping yourself safe from malware.
What does it mean to be able to download apps from anywhere?
Apple puts many safety measures in place in order to reduce users’ chances of being infected by viruses and other forms of malware. This is why Apple is known as a “closed platform”: It’s strict about what apps it allows to be easily downloaded onto and accessed from Apple devices.
The apps you can download onto an Apple device are generally limited to those that can be found in the App Store because they’re seen as more secure — they’re created by developers that Apple trusts and have been checked by Apple for malware.
In order to check an app’s safety, Apple uses a software called Gatekeeper.
Gatekeeper is Apple’s program that recognizes whether an app has been downloaded from the App Store. This program warns you when you’ve downloaded and attempted to run software from another location for the first time.
Downloading apps from anywhere, then, means accessing and using apps that either:
- Don’t come from the App store
- Were created by unidentified developers
It’s a good idea to know how to download and access these kinds of applications. So many of the great apps out there simply aren’t available on the App Store. This is a crucial skill for those who rely on apps that aren’t necessarily meant for Macs (such as Microsoft software), as well as those who have recently begun using Apple devices and want to be able to use non-iOS/macOS apps.
Luckily, your Mac does allow you to download apps from anywhere — it just requires a few more steps.
How to download apps that aren’t on the App Store or come from unidentified developers
Os x yosemite 10.10 bootable usb for intel pcs. There are two main ways to give your Mac access to a broader range of apps:
- Set your Mac to allow you to open apps that aren’t from the App Store
- Set your Mac to allow apps from unidentified developers
Both of these methods consist of changing your Mac’s Security & Privacy settings to allow you to open apps that haven’t been checked by Gatekeeper. Once you’ve bypassed Gatekeeper, you’ll be able to download and run all the apps you’d like. (To learn how to do this, check out our piece on how to open apps from unidentified developers.)
How to download apps from anywhere
Before macOS Sierra, it was much easier to set your Mac to allow you to download apps from anywhere. You’d simply go to System Preferences > Security & Privacy > General, then under Allow apps to be downloaded from, select Anywhere.
Since new updates to macOs, however, you’ll need to change a few more settings on your Mac in order to do so. Here’s how:
- Launch Terminal by going to Finder > Applications > Utilities or by locating it with Spotlight search (
[CMD] + [SPACE]
). - In Terminal, type the code
sudo spctl --master-disable
and hit Return. Enter your Mac’s password when prompted. - Go to System Preferences > Security & Privacy > General. At the bottom of the window, you’ll see multiple options under Allow apps to be downloaded from. Select Anywhere to allow your Mac to download any and all apps.
If you later decide that you’d like to return to your Mac’s default settings and no longer allow apps to be downloaded from anywhere, just follow these steps:
- Launch Terminal.
- Once it’s running, enter the code
sudo spctl --master-enable
You’ll no longer be able to select Anywhere.
Macos - How To Open The Finder As Root - Ask Different
After this is done, you will only be allowed to download apps from the App Store, unless you use the steps mentioned above to access apps from other locations.
How to open Mac apps bypassing Gatekeeper
There is another way to open restricted apps that many Mac users don’t know about.
- Open your Applications directory.
- Click Finder > Go > Applications.
- Now, Control + click on an app you’d like to open.
This way you can open apps no matter where they come from.
![Privileges Privileges](/uploads/1/3/4/1/134120460/142872212.png)
How many suspicious apps do you have?
You probably have downloaded apps from all kinds of sources. Some of them (especially, the dubious ones) may install additional components on top of their main functionality. Chances are, you wouldn’t even know.
Such invisible applications are sometimes called launch agents or daemons. They may stay in the background for years. Probably, you have a couple of those lurking on your Mac.
How to check your Mac for hidden background apps
To check it, you can run a free version of CleanMyMac X
CleanMyMac X itself comes from MacPaw, which is a popular Mac developer and its apps are notarized by Apple. https://yellowconnections929.weebly.com/blog/deleting-apps-on-mac-mini.
- So, download and install a free version of CleanMyMac X.
- Click on Optimization and choose Launch Agents
You’ll see background apps you can disable in one click.
- In the same app, click on Malware Removal.
When it comes to finding suspicious apps and adware trojans, CleanMyMac X is way ahead of many other antiviruses.
CleanMyMac X will check your computer for all potentially unwanted apps (PUA) and all kinds of malware. Google video player mac download. It also helps you keep track of malware regularly with a real-time malware monitor.
A free version of CleanMyMac X is available here.
Is it safe to download apps from anywhere?
There’s no guarantee that apps downloaded from outside of the App Store will be safe. As these apps haven’t been vetted for security by Apple, it’s more difficult to confirm whether they’re safe and free of malware.
Because of this, you should be wary in changing your settings to allow apps downloaded from anywhere. Doing so leaves your Mac vulnerable malware and malicious software, as Gatekeeper won’t be able to check if the app downloaded is legitimate (or just malware disguised as the desired software).
The safety of your Mac, then, is in your hands. The best you can do to try to make sure that an app is safe to download is to look into its reviews and the experiences other users have had. Doing your due diligence can help you avoid using untrustworthy apps.
Downloading anti-virus software is another means of protection, as this software will check whether an app is safe for you. If, when researching all you can about an app, you decide you’d rather not download it, you can opt for a similar app with better reviews or one that is already in the App Store.
Execute commands as another user | 23 comments | Create New Account
Click here to return to the 'Execute commands as another user' hint |
The following comments are owned by whoever posted them. This site is not responsible for what they say.
You should really use sudo for this. Just type:
sudo -u usernamecommand
Not only is it easier, but it's also very customizable -- you can control which users can execute which programs as what users.
-Esme
You can also use the following to become the root user (if you have sudo access and authorization to execute the command):
It will then prompt you for your password; enter the one you use to login.
sudo -s
It will then prompt you for your password; enter the one you use to login.
This next command is helpful if you want to run a series of commands as another user (after you are root, naturally):
su username
This method is much safer than logging in as root; you don't even have to enalbe the root password. I've been using UNIX for years, and I haven't enabled the root password on any of my Macs without loosing any flexibility.
su bob will work just fine if all you want to do is change to another identity; you don't need to su to root first if you know that id's password. At the password prompt, just type 'bob's' password.
This of course only works if you an administrator. You can't su to root or any other user if you are not an admin on the box.
Only users in group 'wheel' (normally gid 0) or group 'admin' (normally gid 20) can su to 'root'.
The su command will work as ANY user, regardless of privilege. If I am logged in as 'sam' and wish to execute commands as 'joe', I type:
su joe
and then enter the password for the user 'joe'. No admin privileges necessary, just password knowledge.
I frequently use this command on UNIX-like machines to help friends or perform some tasks when they are logged into the machine. I often su to my account to access a file, for example.
su joe
and then enter the password for the user 'joe'. No admin privileges necessary, just password knowledge.
I frequently use this command on UNIX-like machines to help friends or perform some tasks when they are logged into the machine. I often su to my account to access a file, for example.
su stands for 'substitute user identity'.
This is exactly what the utilty is there for.
Most of the time you are changing to root, but you can change to any user (more or less.)
Dan
PS Try 'man su' at a command line.
This is exactly what the utilty is there for.
Most of the time you are changing to root, but you can change to any user (more or less.)
Dan
PS Try 'man su' at a command line.
sudo -u [username] [command]
It's simpler to just use sudo. Then you don't need to enter the root password, and you don't need to know the user's password.
It's simpler to just use sudo. Then you don't need to enter the root password, and you don't need to know the user's password.
I guess this was covered in the first reply. That'll teach me for starting a post, forgetting about it, and then submitting it a couple of hours later.
Anyways, sudo is your friend.
man sudo
man sudoers
man visudo
and you'll find a wealth of information on how to do all kinds of things with permissions. You can do some pretty cool things with sudo.
Anyways, sudo is your friend.
man sudo
man sudoers
man visudo
and you'll find a wealth of information on how to do all kinds of things with permissions. You can do some pretty cool things with sudo.
Note, it is often preferred to execute the command this way:
The presence of the hyphen means 'use the new user's environment'. otherwise the su command will not overwrite the old user's environment variables.
Yet another hint that requires root to be enabled when, as has been pointed out by many others, sudo is what you want to be using!
root does NOT and should NOT, EVER, need to be enabled for 99.9% of all Mac OS X systems. (Yes, there are other enterprise/server/speciality environments where having root enabled for various reasons is appropriate and accepted; I'm NOT talking about those here.)
You can and should do EVERYTHING with sudo.
You can get a root shell with sudo. You can execute any command as any other user as sudo. You can BECOME other users with sudo.
Why do people insist on enabling and using root?
And for the lazy, if you really just refuse to learn any of sudo's capabilities, at a bare minimum, just use 'sudo su' - that right there gives you a root shell, where literally ANYTHING can be done, and is the exact functional equivalent of using 'su' and using root's password.
Repeat: you do NOT need root enabled; you do NOT need to be using 'su' by itself.
Reasons:
1. Getting into the habit of not having root enabled discourages unnecessary uses of root (like logging in as root via the gui), where much harm can be done. Say whatever you will; this is still a good practice.
2. You REALLY CAN do ANYTHING with sudo, just as conveniently. 'It's more convenient/quicker/etc to just use su' is NOT a valid excuse, and is totally untrue: if you really need a full root shell, 'sudo su' or 'sudo -s' gets you one!
3. Having the root account enabled fundamentally exposes you to more exploit possibilities.
4. Encouraging people to use tools like sudo also encourages learning, and more responsible and wise use of the tools at our disposal.
sudo: learn it.
Rob, I'd actually consider removing this hint, or amending it to say something like 'sudo su <user>', which accomplishes the same thing, or any number of the other alternate other suggestions that use sudo.
root does NOT and should NOT, EVER, need to be enabled for 99.9% of all Mac OS X systems. (Yes, there are other enterprise/server/speciality environments where having root enabled for various reasons is appropriate and accepted; I'm NOT talking about those here.)
You can and should do EVERYTHING with sudo.
You can get a root shell with sudo. You can execute any command as any other user as sudo. You can BECOME other users with sudo.
Why do people insist on enabling and using root?
And for the lazy, if you really just refuse to learn any of sudo's capabilities, at a bare minimum, just use 'sudo su' - that right there gives you a root shell, where literally ANYTHING can be done, and is the exact functional equivalent of using 'su' and using root's password.
Repeat: you do NOT need root enabled; you do NOT need to be using 'su' by itself.
Reasons:
1. Getting into the habit of not having root enabled discourages unnecessary uses of root (like logging in as root via the gui), where much harm can be done. Say whatever you will; this is still a good practice.
2. You REALLY CAN do ANYTHING with sudo, just as conveniently. 'It's more convenient/quicker/etc to just use su' is NOT a valid excuse, and is totally untrue: if you really need a full root shell, 'sudo su' or 'sudo -s' gets you one!
3. Having the root account enabled fundamentally exposes you to more exploit possibilities.
4. Encouraging people to use tools like sudo also encourages learning, and more responsible and wise use of the tools at our disposal.
sudo: learn it.
Rob, I'd actually consider removing this hint, or amending it to say something like 'sudo su <user>', which accomplishes the same thing, or any number of the other alternate other suggestions that use sudo.
You know, preaching to people on why not to use root is really pointless. If they want to use root, they will. It's really none of your concern.
You don't like using root? Fine. Don't. Screaming about it whenever someone else mentions using it doesn't help.
You don't like using root? Fine. Don't. Screaming about it whenever someone else mentions using it doesn't help.You don't like using root? Fine. Don't. Screaming about it whenever someone else mentions using it doesn't help.
Actually, it helped a lot; I didn't really think about some of the points he brought up. Inasmuch as this is a HINTS website, you know, a place where some of us come to learn things that we previously didn't know or hadn't figured out on our own about OS X (including the CLI/ UNIX'ish underpinnings of it, I think that the original poster's comments were infact very helpful. Yours, on the otherhand, was pure flamebait.
Not to mention the fact that sudo as a command can't properly be tailored to a particular system unless someone on the system has access to /etc/sudoers for editing -- ie, is root.
Any properly managed UNIX system needs root access. The trick is to confine root use only to managing the system, not as a general purpose user.
--
el bid
Any properly managed UNIX system needs root access. The trick is to confine root use only to managing the system, not as a general purpose user.
--
el bid
Mac OS X is configured so that all administrators are placed in the admin (80) group, and the admin group is given sudo privileges in /etc/sudoers. Therefore, administrators can edit /etc/sudoers by 'sudo visudo', and can create more groups and assign individual non-admin users or groups whatever sudo privileges they merit (none, by default). If an administrator removes the admin group's permission to edit the config file, root has to be enabled, but that's why you only give admin access to people you trust!
Mac OS X does not need root access to be properly managed because administrators have the privileges to temporarily become root (via sudo) to do anything that needs to be done, and this is without sharing one root password among (potentially) multiple administrators.
-Alex Hill
Mac OS X does not need root access to be properly managed because administrators have the privileges to temporarily become root (via sudo) to do anything that needs to be done, and this is without sharing one root password among (potentially) multiple administrators.
-Alex Hill
I discovered this trick some time ago, but didn't find it useful because I
couldn't get any apps that run graphically to work.
For example, if I cd to /Applications/Calculator.app/Contents/MacOS and
run Calculator, I get:
kCGErrorIllegalArgument : initCGDisplayState: cannot map display
interlocks.
kCGErrorIllegalArgument : CGSNewConnection cannot get connection
port
INIT_Processeses(), could not establish the default connection to the
WindowServer.Abort
The same exact process works if I'm not su'ed to another user.
Am I missing something?
couldn't get any apps that run graphically to work.
For example, if I cd to /Applications/Calculator.app/Contents/MacOS and
run Calculator, I get:
kCGErrorIllegalArgument : initCGDisplayState: cannot map display
interlocks.
kCGErrorIllegalArgument : CGSNewConnection cannot get connection
port
INIT_Processeses(), could not establish the default connection to the
WindowServer.Abort
The same exact process works if I'm not su'ed to another user.
Am I missing something?
'open' will open the command on whatever users display it is executed under. if they arent logged in, they dont have a display. you can ssh in as the logged in user, and run open, and it will work.
This is similar to the way displays are handled on Xwindows with xhost set to -, only I don't think there's any way to allow all hosts to connect to OSX's display (I haven't seen one yet, at least). The purpose of xhosts on Xwindows systems is to allow other hosts to connect to and bring up windows on your display.
On an Xwindows system, typing 'xhost -' disables anyone else from sending a window to your display. What is the video recording software on mac. If you've got X11 or XFree86 installed, try the following:
start X11
launch an xterm
xhost + (or xhost + [your machine/remote machine])
echo $DISPLAY
su - [some other user]
echo $DISPLAY
note that the display won't be set for this user, so you won't be able to launch any new Xwindows from here -
try one:
xterm
(error about Can't open display)
if using csh, tcsh, or zsh type
setenv DISPLAY [use value from DISPLAY above]
otherwise, type
export DISPLAY=[value from DISPLAY above]
xterm
the xterm is now be launched as the other user on your display.
btw, setting and leaving xhost + is a BAD IDEA, because anyone can send a window to your display, and it could look like another window you have open (tricking you into sending them information you don't want to send), or they could send you annoying pictures or ads (hey admin, Al's looking at porn again. no I'm no. - where the heck did that come from!?!).
On an Xwindows system, typing 'xhost -' disables anyone else from sending a window to your display. What is the video recording software on mac. If you've got X11 or XFree86 installed, try the following:
start X11
launch an xterm
xhost + (or xhost + [your machine/remote machine])
echo $DISPLAY
su - [some other user]
echo $DISPLAY
note that the display won't be set for this user, so you won't be able to launch any new Xwindows from here -
try one:
xterm
(error about Can't open display)
if using csh, tcsh, or zsh type
setenv DISPLAY [use value from DISPLAY above]
otherwise, type
export DISPLAY=[value from DISPLAY above]
xterm
the xterm is now be launched as the other user on your display.
btw, setting and leaving xhost + is a BAD IDEA, because anyone can send a window to your display, and it could look like another window you have open (tricking you into sending them information you don't want to send), or they could send you annoying pictures or ads (hey admin, Al's looking at porn again. no I'm no. - where the heck did that come from!?!).
Mac app that will open conf. The short answer is, no. Under Mac OS X, you can't launch an application as another user (other than root).
Pardon my ignorance as I am very new to all this, but is there a way to change a user like this, and then perform tasks as that user in the Finder? (without loggin out) Or does this switch mentioned in this hint only apply for the Terminal session and to commands entered within the Terminal?
Let's say, for instance, I wanted to make a slight change in a file within the System Library, but can't unless I'm root (or I change the permissions for said file). Can I enter a command in the Terminal to change my UID so I can go and make the change as 'root', then enter another command to switch back to my UID?
Let's say, for instance, I wanted to make a slight change in a file within the System Library, but can't unless I'm root (or I change the permissions for said file). Can I enter a command in the Terminal to change my UID so I can go and make the change as 'root', then enter another command to switch back to my UID?
Cached
Nope: you'll be root in the terminal if you execute a command such as
sudo -s
(this will be indicated with the '#' prompt), but changing your terminal identity this way doesn't affect the GUI: the critical windowing processes that are doing all the heavy lifting were started by the user who logged in via the GUI, and that's not going to change without a logout (or a change in the way that apple implements this stuff so that there can be multiple, swappable sessions on the go at the same time, with only one 'visible').
Cheers,
Paul
sudo -s
(this will be indicated with the '#' prompt), but changing your terminal identity this way doesn't affect the GUI: the critical windowing processes that are doing all the heavy lifting were started by the user who logged in via the GUI, and that's not going to change without a logout (or a change in the way that apple implements this stuff so that there can be multiple, swappable sessions on the go at the same time, with only one 'visible').
Cheers,
Paul
Run OS X Apps As Root. If You’ve Used Mac OS X’s Command Line .
I've used sudo and su a lot, and there are reasons for using one or the other.
By what you're saying, you want to edit a file you don't own, which you can do by using 'sudo command', where command is the command you want to do (with any required parameters).
Say I want to edit /etc/passwd (for some reason)
I would type
sudo vim /etc/passwd
[my normal password]
This file is opened for editing as root, but when I save it and exit, I'm back to being my normal user.
Additional sudo commands done within the next 5 minutes don't need a password (and the timer resets with each call, so if you edit a bunch of files within 5 minutes of each other you can potentially chain hours or days together), so as long as you keep doing sudos, you won't need to authenticate yourself each time. The 5 minute limit is to ensure you don't walk away from your keyboard and give someone else temporary root.
I almost never use sudo -s, unless I need to do a ton of actions as root (debugging an install, for instance). With sudo -s you're leaving a door open in your system. For the most part, it's not that dangerous if you're just doing it at home, but you never know when the feds are going to wiretap your home for all those napster downloads.
A few notes about 'su':
using su instead of sudo makes your effective user ID=root (euid) as well as your uid. This has implications if you're running programs that have the sticky bit set that do a setuid or setgid - er, in English, that's programs that run as a different user than the owner of them and the program itself runs some part of itself as a different user. The ONLY place I've ever used anything like this is in a Web perl-CGI that needed to be executed with root priveleges, but run as a specific user (specifically because I was remote logging into machines where I didn't have a root password).
using 'su' without the '-' uses the current user's shell and environment variables. This is handy if you want to figure out problems with another user's shell variables. I've used this FAR too much (usually because of slow logins due to stale remote mounts or someone putting Xwindows display settings in their .cshrc).
The su I'm describing above is always 'su username' though - you really never need 'su -' unless you need your effective user ID set.
By what you're saying, you want to edit a file you don't own, which you can do by using 'sudo command', where command is the command you want to do (with any required parameters).
Say I want to edit /etc/passwd (for some reason)
I would type
sudo vim /etc/passwd
[my normal password]
This file is opened for editing as root, but when I save it and exit, I'm back to being my normal user.
Additional sudo commands done within the next 5 minutes don't need a password (and the timer resets with each call, so if you edit a bunch of files within 5 minutes of each other you can potentially chain hours or days together), so as long as you keep doing sudos, you won't need to authenticate yourself each time. The 5 minute limit is to ensure you don't walk away from your keyboard and give someone else temporary root.
I almost never use sudo -s, unless I need to do a ton of actions as root (debugging an install, for instance). With sudo -s you're leaving a door open in your system. For the most part, it's not that dangerous if you're just doing it at home, but you never know when the feds are going to wiretap your home for all those napster downloads.
A few notes about 'su':
using su instead of sudo makes your effective user ID=root (euid) as well as your uid. This has implications if you're running programs that have the sticky bit set that do a setuid or setgid - er, in English, that's programs that run as a different user than the owner of them and the program itself runs some part of itself as a different user. The ONLY place I've ever used anything like this is in a Web perl-CGI that needed to be executed with root priveleges, but run as a specific user (specifically because I was remote logging into machines where I didn't have a root password).
using 'su' without the '-' uses the current user's shell and environment variables. This is handy if you want to figure out problems with another user's shell variables. I've used this FAR too much (usually because of slow logins due to stale remote mounts or someone putting Xwindows display settings in their .cshrc).
The su I'm describing above is always 'su username' though - you really never need 'su -' unless you need your effective user ID set.
C++ - How To Debug Programs With 'sudo' In VSCODE
You can actually use GUI programs as root without logging out—it just involves restarting the program you want to use as root. So, on the rare occasion I need to use the Finder as root, I
osascript -e 'tell app 'Finder' to quit'
sudo /System/Library/CoreServices/Finder.app/Contents/MacOS/Finder
If you look up the Finder's PID, you could also quit it with
sudo kill -HUP <finder_pid>
but I'm not sure if the Finder will quit cleanly that way. When you're done, you can quit the same way, and start the Finder as yourself as above without the sudo, or by clicking in the Dock.
My slight guesswork explanation as to why this works is that root, having access to everything, has access to your display interlocks (whatever those are), and so can use your display. I imagine that with the appropriate tweaking of groups and permissions that you could set up your computer to allow you to use your display as other users, too.
MJ
osascript -e 'tell app 'Finder' to quit'
sudo /System/Library/CoreServices/Finder.app/Contents/MacOS/Finder
If you look up the Finder's PID, you could also quit it with
sudo kill -HUP <finder_pid>
but I'm not sure if the Finder will quit cleanly that way. When you're done, you can quit the same way, and start the Finder as yourself as above without the sudo, or by clicking in the Dock.
My slight guesswork explanation as to why this works is that root, having access to everything, has access to your display interlocks (whatever those are), and so can use your display. I imagine that with the appropriate tweaking of groups and permissions that you could set up your computer to allow you to use your display as other users, too.
MJ