Better is to use this full format explicit way:
your_short_username ALL= NOPASSWD: /usr/bin/pmset -a disksleep 10, !/usr/bin/pmset -a disksleep 10 *
That allows the command, and only the command, to be executed without a password.
Much better than allowing any pmset without a password.
Perhaps I misunderstand. I just tried this:
noisyneilALL= NOPASSWD: /usr/bin/pmset -a disksleep 10, !/usr/bin/pmset -a disksleep 10 *
and got...
Just follow the pattern shown in post #15: insert a space before ALL and remove the space after the equals sign… that’s my guess!
Yes, I never nail these down hard enough. Thanks for the reminder, @peternlewis!
That command should be put into the pmset file created with visudo, replacing the line from before. It's basically replacing my "let me do everything with pmset without asking for a password" with "let me do this specific thing with pmset without asking for a password".
As @peternlewis said -- much better practice to allow only what is necessary, and no more.
Ohhhhhh sorry, I get it now.
Trying to use this to automate changes to scheduled wake times by running this shell script after setting the variable wakeTime with a prompt–
sudo pmset repeat wake MTWThFSSu %Variable%wakeTime%:00
I have so far unsuccessfully tried these variations of Peter's solution:
my_username ALL= NOPASSWD: /usr/bin/pmset -a wake 10, !/usr/bin/pmset -a wake 10 *
my_username ALL= NOPASSWD: /usr/bin/pmset -a repeat wake 10, !/usr/bin/pmset -a repeat wake 10 *
my_username ALL= NOPASSWD: /usr/bin/pmset -a pmset repeat wake 10, !/usr/bin/pmset -a pmset repeat wake 10 *
my_username ALL= NOPASSWD: /usr/bin/pmset -a sudo repeat wake 10, !/usr/bin/pmset -a sudo repeat wake 10 *
my_username ALL= NOPASSWD: /usr/bin/pmset -a sudo pmset repeat wake 10, !/usr/bin/pmset -a sudo pmset repeat wake 10 *
I then press esc, :wq, return, and try to run the shell script, getting this error:
Execute a Shell Script failed with script error: sudo: a terminal is required to read the password; either use the -S option to read from standard input or configure an askpass helper
sudo: a password is required. Macro “Trying” cancelled (while executing Set schedule).
I know virtually nothing about using the terminal etc. This is my first time making a macro with a shell script. So, noob questions-
@peternlewis If you happen to have time, do you know what the correct version of your solution would look like for this function?
Thanks for reading!
I've found this macro written by @ccstone to be very helpful to do sudo commands that require a password.
Hi cyoungers!
I appreciate the thought, but the typing the password part scares me.
Good to know it's an option though. Cheers
It sounds like you want to allow sudo pmset repeat wake MTWThFSSu (anything) in which case I think you just want:
my_username ALL= NOPASSWD: /usr/bin/pmset repeat wake MTWThFSSu
I think. But I am not an expert.
Thank you so much Peter! That got me very close and it was just a couple adjustments from there and now it all works perfectly.
For anyone's future reference, what ended up working was:
my_username ALL=(ALL) NOPASSWD: /usr/bin/pmset repeat wake *
Also, chatGPT suggested I had been putting it in the wrong place in the sudoers file, so I moved it from the top line to the bottom line. Once I did that, I stopped getting the 'needs password' error and started getting a 'badly formatted power command' error. I eventually realized thatI shouldn't have been putting token text in a shell script action, so looked it up on the KM wiki and quickly found the answer was to change it to:
sudo pmset repeat wake MTWThFSSu $KMVAR_wakeTime:00
Seems I have a similar issue here.
I have a KM macro that includes this shell script action:
du -d2 -ch "$KMVAR_local_Path_iCloudCache"
(with $KMVAR_local_Path_iCloudCache being "/Users/%Variable%local User%/Library/Application Support/CloudDocs" and %Variable%local User% being "tom" (aka me, current user, grabbed with whoami).)
This worked fine on my old Intel iMac and with Sonoma. But now, on my brand new M4 MacBook with Sequoia I get …
"Shell Script failed with script error: du: /Users/tom/Library/Application Support/CloudDocs: Operation not permitted"
I created a file named du in /private/etc/sudoers.d with content "tom ALL=(ALL) NOPASSWD: /usr/bin/du".
And in my sudoers file I do have "#includedir /private/etc/sudoers.d."
But I still get "/Users/tom/Library/Application Support/CloudDocs: Operation not permitted".
In the Terminal, I can run du and sudo du without any issues, sudo du does not ask me for a password, as expected.
Well, it seems this is rather a shell issue, but I'm not a shell expert so I'm posting it here nonetheless. Maybe someone has a quick idea (I'm almost sure it's something very trivial I'm just missing 
)
Forgive the obvious question, but did you update your shell script in KM to include sudo? (I very recently had to do this process and missed this step.) So the KM action would have sudo du -d2 -ch "$KMVAR_local_Path_iCloudCache"
Not that obvious. Indeed, I did forget to update my actions before (yeah, also with this macro), but in this particular case and post I verified that my actions correspond to what I said here. Just verified them again, right now.
PS: copy from the enabled action:
sudo du -d2 -ch “$KMVAR_local_Path_iCloudCache"
And yes, I know I could run the shell stuff in an AppleScript wrapper with administer privileges, but I’m already doing that in another action in the same macro. Do not want to have two prompts.
@peternlewis Any way to remember AppleScript with administer privileges for subsequent AS actions (possible feature request, should be optional via contextual menu).
Oh, forgot to mention, running it in an AS wrapper (with admin privileges) does not change anything, which is puzzling too.
And this is the real macro, for reference:
Troubleshoot iCloud Sync.kmmacros (32.5 KB)
In the meantime I fixed my AS to:
tell application id "com.stairways.keyboardmaestro.engine"
set inst to system attribute "KMINSTANCE"
set thePath to (getvariable "local Path iCloudCache" instance inst)
end tell
do shell script "du -d2 -ch " & quoted form of thePath with administrator privileges
I did test this before, but this wasn’t in the macro, as uploaded.
Or with sudo.
Update:
Oh, wait, the shell invoked by KM does not read the sudoers file or any included files at all?
You don't need sudo for this (as you found in Terminal).
Check System Settings->Privacy & Security->Full Disk Access -- my guess is that the OS upgrade turned off KM's full disk access permission (if it was ever on, I can't remember).
Not that I know of.
Oh yes, this was it 
.
I could have sworn it was never on (KM Engine yes of course, but not KM), but the facts suggest I was wrong here.
Thanks!