Run a command using sudo, prompting the user with an OS dialog if necessary.
Find a file
Joran Dirk Greef 5052cb8401 2.3.0
2016-02-16 08:54:05 +02:00
.gitignore Add .gitignore 2015-06-08 15:57:03 +02:00
index.js Package applet.app as a base64 zip file within index.js to fix issue with asar files 2016-02-09 09:30:04 +02:00
LICENSE Initial commit 2015-06-08 14:41:53 +02:00
osx.png Add exec options (support options.icns on OS X), add beta Linux support, improve concurrency 2015-11-17 15:40:53 +02:00
package.json 2.3.0 2016-02-16 08:54:05 +02:00
README.md Document how to invalidate the sudo time stamp file 2016-02-09 09:16:12 -04:00
test.js Add exec options (support options.icns on OS X), add beta Linux support, improve concurrency 2015-11-17 15:40:53 +02:00

sudo-prompt

Run a non-graphical terminal command using sudo, prompting the user with a graphical OS dialog if necessary. Useful for background Node.js applications or native Electron apps that need sudo.

A sudo prompt on OS X for an app called "Ronomon"

sudo-prompt provides a native OS dialog prompt on OS X and Linux (beta) with custom name and optional icon.

sudo-prompt has no external dependencies and does not require any native bindings.

Installation

npm install sudo-prompt

Usage

Note: Your command should not start with the sudo prefix.

var sudo = require('sudo-prompt');
var options = {
  name: 'Ronomon',
  icns: '/path/to/icns/file', // (optional)
  onChildProcess: function(childProcess) {} // (optional)
};
sudo.exec('echo hello', options, function(error, stdout, stderr) {});

sudo-prompt will use process.title as options.name if options.name is not provided. options.name must be alphanumeric only (spaces are supported) and at most 70 characters.

If options.onChildProcess is provided, then this callback will be called whenever the command is executed, which may be several times if a password prompt is required. For example, options.onChildProcess will be called when the command is first run, and if the command fails because of the lack of a sudo session, then options.onChildProcess will be called again the next time the command is run after the password prompt.

Please note that sudo.setName() and sudo.touch() have been deprecated to provide a completely functional interface to exec(). These calls will be removed in the next major release of sudo-prompt.

Behavior

On OS X, sudo-prompt should behave just like the sudo command in the shell. If your command does not work with the sudo command in the shell (perhaps because it uses > redirection to a restricted file), then it will not work with sudo-prompt. However, it is still possible to use sudo-prompt to get a privileged shell, see this closed issue for more information.

Please note that Linux support is currently in beta and requires more testing across Linux distributions.

On Linux, sudo-prompt will use either gksudo, pkexec, or kdesudo to show the password prompt and run your command. Where possible, sudo-prompt will try and get these to mimic sudo as much as possible (for example by preserving environment), but your command should not rely on any environment variables or relative paths, in order to work correctly. Depending on which binary is used, and due to the limitations of some binaries, the name of your program or the command itself may be displayed to your user. Passing options.icns is currently not supported by sudo-prompt on Linux. Patches are welcome to add support for icons based on polkit.

Just as you should never use sudo to launch any graphical applications, you should never use sudo-prompt to launch any graphical applications. Doing so could cause files in your home directory to become owned by root. sudo-prompt is explicitly designed to launch non-graphical terminal commands. For more information, read this post.

Concurrency

On OS X, you can issue multiple calls to sudo.exec concurrently, and sudo-prompt will batch up multiple permission requests into a single password prompt. These calls will be batched to the extent that they share the same options.name and options.icns arguments (including the actual content of options.icns if provided).

On Linux, sudo usually has tty-tickets enabled. This prevents sudo-prompt from batching up multiple permission requests, and will result in a separate password prompt for each call.

While sudo-prompt may batch up calls, you should never rely on sudo-prompt to execute your calls in order. For example, several calls may be waiting on a password prompt, and the next call after the password prompt may execute before any of these calls. If you need to enforce ordering of calls, then you should explicitly order your calls in your application.

Invalidating the timestamp

You can invalidate the user's sudo timestamp file to force the prompt to appear by running the following command in your terminal:

$ sudo -k