Using sudo command in shell script in Automator app?
I'm planning to make a small Automator app to make these commands into something I can run regularly:
rm -rf ~/Library/Caches/*
rm -rf ~/Library/Saved\ Application\ State/*
sudo rm -rf /Library/Caches/*
sudo rm -rf /System/Library/Caches/*
atsutil databases -removeUser
sudo atsutil databases -remove
sudo atsutil server -shutdown
sudo atsutil server -ping
sudo rm -rf /var/folders/*
Since it involves sudo, which I understand is a dangerous command, is this recommended for someone new to Automator, and it won't damage the Mac?
I tried the command suggested at iMac not shutting down since upgrading to OS X 10.11, El Capitan to fix problems with my Mac shutting down (it's MacOS Sierra 10.12.6 on an old Mac Mini).
I would welcome any advice on this, as I know the basics of Automator, just whether it's recommended to do so with sudo commands as an Automator app.
Sudo is not (in and of itself) dangerous. Sudo merely removes protective restrictions, putting the burden of running safe code on you, rather than protecting you behind the scenes. Sudo can be dangerous when, for instance:
-
You make a coding mistake which has unintended consequences: e.g., if you intend to run:
-
sudo rm -Rf /Users/yourname/something/something/
but instead you type:
-
sudo rm -Rf /Users/yourname/ something/something/
(with an accidental space after 'yourname')
the second script (with the erroneous space) will delete all of the data for user 'yourname' without warning.
-
- You run someone else's code which happens to be malicious. Malicious code run without sudo can do some damage, but malicious code run with sudo can compromise your system entirely.
As long as you're careful, sudo is safe enough. Just be aware of the potentials for harm.
sudo
Being Dangerous
There are no dangerous commands, per se. It's what you do with them that can cause problems. For instance, the harmless command yes
which will output a string repeatedly until you kill it, can be used nefariously to bring a machine to a crawl:
echo "Spawning 1000 yesses"
for i in {1..1000} ;
do
( /usr/bin/yes & )
; done
Nothing in there is dangerous. It's how it's used that causes the problem.
sudo
doesn't give or remove permissions/restrictions on your account. It allows you to run a command as another user. This is usually the super user (aka root), thus the command - su "do" (su
= Substitute User Identity)
The key to remember is that when you issue a command prefixed with sudo
you are running it as root and not as "you."
Fixing your Script
Here are some tips...
- Run the script itself (not the individual commands) with
sudo
. -
Before running the "meat" of the script, check for root privileges, first:
# Validates that user is root; exits if not echo "Checking Root Priviliges" if [ $(id -u) -ne 0 ] then echo "User is not root" exit 1; else echo "User is root. Continuing"; fi
-
Don't use tilde (~) expansion for your path. Use the whole path instead. This will ensure you're affecting the directory you want to affect. The home directory for you is very different from the root home directory.
rm -rf ~/Library/Caches/* ← Don't do this!!! rm -rf /Users/FooBarUser/Library/Caches/* ← Do this instead!
If you plan on automating this (it sounds like you do), you'll need to save it as a script (bash or zsh) and then I suggest using
launchd
and not Automator for this. See the post launchd plist format for running a command at a specific time on a weekday for details on how to accomplish this.