Is it possible to run software as a different user under OS X Mountain Lion?
I've been trying to run apps as a different user.
Attempt 1sudo -u otheruser open /Applications/TextEdit.app launches the app but it uses the current user, not otheruser.
Attempt 2login username and su - otheruser successfully login as otheruser, the different user pops up in Activity Monitor, but something like open /Applications/TextEdit.app returns the error LSOpenURLsWithRole() failed with error -10810 for the file /Applications/TextEdit.app.
Attempt 3sudo su - otheruser -c /Applications/TextEdit.app/Contents/MacOS/TextEdit seems to launch the app (it appears under Activity Monitor as launched by otheruser) but this error appears while the dock icon bounces indefinitely: _RegisterApplication(), FAILED TO establish the default connection to the WindowServer, _CGSDefaultConnection() is NULL.
Question
So… how do I run an app as a different user?
The answers to this question don't seem to be completely correct for me on 10.8 Mountain Lion.
I think demure has a typing error at point 2, there must be something else than the "-".
What works for me: Your attempt 3, without su and -c.
sudo -u testuser /Applications/TextEdit.app/Contents/MacOS/TextEdit
This opens TextEdit as testuser, and i could save a file to /. Saving to the user folder of testuser did not work, but that could be due to me giving this account very little rights at all since i use it for other test purposes. Interestingly, i could log-in as root as well even though i have the root user deactivated in KeyChain.app. This seems to only affect the Desktop log-in from root, not the Terminal log-in.
The file i saved as testuser had the correct owning privilges etc. set.
$ cd /
$ ls -la | grep testuser
-rw-r--r-- 1 testuser staff 330 18 Okt 20:07 Untitled.rtf
Normally running a GUI app as a different user (except a few cases of gui software designed for root) doesn't really work.
This used to work, I am unsure if it still does on current macs. Verbatim:
This is regurgitating a hint I got from the comments section of another hint about Apache (I think). What this does is allow you to keep a program within the constraints of another user, without having that user logged in via the GUI. Run a suspect program within a bubble! I'd advise setting up a dummy account with very limited access if you wanted to make a "bubble." Note: I'm going to refer to the subsequent account as the "bubble account" and that account's session as the "bubble" from now on to give you the right idea about this.
- Open a new terminal window
- Type the following where
short_nameis the short name of the "bubble" account:sudo short_name -- Type the password to the "bubble" account.
- Type the following where
app_nameis the name of the app you wish to open:/Applications/app_name.app/Contents/MacOS/app_name
For instance, this would launch Safari:/Applications/Safari.app/Contents/MacOS/SafariA couple of things to remember (very important!):
- Copying and pasting between this app and others will not work unless the others are also in the bubble.
- Apps running from within the bubble will still be able to launch subsequent applications under the original account (from what I can tell). For instance, going to an
ftp://URL in Safari while it's in the bubble will use the Finder running in the non-bubble account, with all available privileges.- Closing the terminal (or hitting Ctrl+C while in the window) will close the app running within the bubble. Many programs will show exceptions and weird messages in the Terminal at various times while the program is running, if you've programmed before you'll know this is totally normal and expected.
- The programs running in the bubble may have different appearance settings than those you would otherwise run. To change this, login under the bubble account and go to System Preferences
- Running two copies of a program (one inside and one outside the bubble) works absolutely perfectly, in fact I'm writing this on my "bubbled" Safari app right now!
- Some problems may occur, like not being able to drag and drop using Safari. Work around them *This does not seem to save preferences with the bubble account as file vault if the user is not logged in in the background.
And another hack-ish method. But both the following examples are for X11 apps
sudo -i -u other_user \`
env DISPLAY="$DISPLAY" XAUTHORITY="${XAUTHORITY-$HOME/.Xauthority}" \`
xapplication`
or
xauth extract -f - "$DISPLAY" |`
sudo -u other_user xauth -f ~other_user/.Xauthority merge -`