Shell Script not working in KM but works in Terminal

I'm trying to turn off a network interface and really struggling with how to get KM to do it in a shell script.

It works fine in the Terminal but not via KM. I really don't know my way around this kind of stuff. I've searched thru the forum and the wiki but there is precious little info that I can use.

Can anyone help me out with this please?

Execute a Shell Script.kmactions (751 B)
Keyboard Maestro Export

By default you can't plain "sudo" without entering your password, and "Execute Shell Script" has no way for you to type...

If your account is an "Administrator" account, you might not need sudo anyway -- try it without. If it does require sudo, and assuming you are an administrator, you should be able to

sudo -u username ifconfig en7 down

...without entering a password (swap username for your short username, as used on your Home folder).

Perhaps a silly question, but why are you trying to shut down the interface? There may be a better way of achieving what you want to do...

Thanks for your help.

I did what you suggested and it gives me a permission denied error.

The reason I want to turn it off is to switch back to Wi-Fi only after an Apple TV session at lunch. I could just unplug the cable but I thought this would be neater and tidier.

I haven't played with an Apple TV but, depending how your network(s) is/are setup you might not need to do any of this. If the Apple TV can only be reached via your ethernet, to your wireless, try setting the "Service Order" in the Network pane of System Preferences so that Wi-Fi is above the connection used for the TV.

The alternative would be to edit your sudoers file so that, ideally, your account only can "sudo ifconfig" without a password. The "proper" way to do that these days is to add a file to /private/etc/sudoers.d/ using visudo, containing the single line:

username ALL=NOPASSWD: /sbin/ifconfig

...swapping "username" for your short account name, but that is totally from memory and you should have a Google to check! Or let me know what OS you are running and I'll try and set up a test machine tomorrow.

I'm using macOS Monterey 12.3.1

I tried with visudo but I have no clue as to what I am doing.

Thanks for your assistance

OK, going slowly and explicitly so you know I'm not sneaking in an "erase your system drive" command :wink: :

  • Open the Terminal application.
  • Type whoami and hit Return to check your short username.
  • Type sudo visudo /private/etc/sudoers.d/ifconfig, hit Return, enter your macOS account password, hit Return -- that launches the special sudo file editor and creates a new file called "ifconfig" in the "sudoers.d" directory. sudo reads any file in there as well as the main file, and that directory is where user additions should sensibly be put.
  • Type I to put visudo into editing mode.
  • Type your short username, a space, then ALL=NOPASSWD: /sbin/ifconfig -- that means "for the user username, from any host, sudo doesn't need a password to run /sbin/ifconfig". So your line will look something like:
    ⠀⠀exampleuser ALL=NOPASSWD: /sbin/ifconfig
  • Hit the ESC key to get out of editing mode.
  • Type :wq and hit Return to write the file and quit visudo.

You should now be able to test by typing sudo ifconfig -a and listing your interfaces without entering a password. This will work because KM runs shell commands in the current user space, ie as you, as you can check by making a simple macro with this action:

Before you get too slap-happy with the sudoers file, remember that various commands require you to authenticate for a reason!

Try to allow as little as possible, if only because an authentication request reminds you that you're about to do something important and gives you a chance to check/reconsider

we are very close with this.

I did all the instructions but when I type :wq nothing happens. If I hit return after that it just beeps at me. I don't think it is writing the file nor is it exiting visudo.


Your patience is much appreciated.

Perhaps I wasn't as explicit as I thought! I've edited the post to make it clear that the final step is "type :wq then hit Return".

I've just followed the steps again and it works. When you try, does any message come up at the bottom of the editing window? visudo is clever and checks the format of the file -- it may be that you've a typo in there. Or perhaps your Mac is under Mobile Device Management (eg from work, or because you've a maintenance deal with an MSP) and they're blocking this type of thing?

Ok, I went thru everything again and it exits visudo properly.

Back in KM, if I execute shell script with "sudo ifconfig -a" I get a notification saying " a terminal is required to read the password...". It works in terminal, however. If I try the shell script that I want to run (sudo -u larrywilson ifconfig en7 down) using KM, I get an error saying permission denied.

In terminal, sudo -u larrywilson ifconfig en7 down gets me a permission denied error, where as sudo ifconfig en7 down just asks for the password and then proceeds without error.

I only have one user on this machine and that's me. It is an administrator account too.

So close yet so far...

All I can say is "it works for me" -- I even downloaded the KM trial to my test machine to make sure it wasn't a shell environment issue.

That you are still getting password requests in Terminal suggests your sudoers edit isn't correct -- I'm not too happy about such things being posted publicly, so DM me a screenshot of the visudo window after you've run sudo visudo /private/etc/sudoers.d/ifconfig and we'll take it from there...

1 Like

This man is a Saint – so patient and so helpful.

Thanks again.