SUDO'd Commands (Disabling Time Machine on Sleep)


I was wondering if someone could help me with figuring out how to set Keyboard Maestro to run the tmutil disable (and enable) command, which requires using sudo and admin password.

I read this thread:

especially this answer:

and I get the general idea, I have to set up a file in my system that tells it to not require the admin password for the tmutil disable / enable commands, but it's far enough from my current state of knowledge that I can't put the bits together to make it work. Currently I'm using an Applescript UI Scripting solution to it. It works, but seems a bit of a Rube Goldberg device, as compared to just issuing the command on the commandline.

If anyone could provide a "here's every step" no-presumed-knowledge explanation of setting that up, it would be appreciated.


Easiest way to stop TM from backing up while your Mac is asleep is to turn off "Power Nap" :wink: But perhaps you want it to check your email etc but not back up...

Open Terminal. Type in whoami, hit Return, and copy the text returned -- your short username.

Still in Terminal, type sudo visudo /private/etc/sudoers.d/tmutil and hit Return -- enter your password if asked. Type i to enter interactive mode then ⌘V to paste in your short username, a space, then ALL=NOPASSWD: /usr/bin/tmutil enable, /usr/bin/tmutil disable, !/usr/bin/tmutil enable *, !/usr/bin/tmutil disable *. Press the esc key then type :wq and hit Return to write-and-quit.

You should now be able to include an "Execute Shell Script" action in KM containing sudo /usr/bin/tmutil enable (or disable).

1 Like

Hi Nige_S,

Thanks for the quick reply - it's not a powernap thing, what I'm trying to do is prevent Time Machine from running as soon as the system wakes from sleep (while I troubleshoot a new Magic Trackpad & Keyboard causing dead screen lockup on wake if they're corded), so the goal would be to switch it off on sleep, then wait 5 mins after wake, before re-enabling it. The plan is to add bluetooth to it as well with Blueutil, unless KM has a built-in way to do it?

I'll give your instructions a go, and see how it goes.

One question - do I need to put the command in as "sudo /usr/bin/tmutil enable (or disable)." or can it just be "sudo tmutil enable/disable" - is the explicit path part of what makes it work with the not requiring a password thing?

Much Appreciated. :slight_smile:

No, but you should still include it. It means it will work regardless of whether anything "interesting" has happened to your PATH environment variable.

1 Like

Hi Nige_S

I just wanted to recheck this, because it's not working.


Is there supposed to be a slash between usr & bin in /usrbin/tmutil disable?

I tried:

username ALL=NOPASSWD: /usr/bin/tmutil enable, /usr/bin/tmutil disable, !/usr/bin/tmutil enable *, !/usr/bin/tmutil disable *

and it accepted the write, but upon attempting to run the script in KM, it's producing an error.


This was my KM script... am I missing something really elementary here? This is how I set it up to run Applescripts, and it works for them:


I've reopened the visudo file, and the line is in there, as instructed. Is the error saying I need a -S flag somewhere in the tmutil command?


Yes -- my bad, and good spot.

I've just tested on Monterey and the above works perfectly (after fixing the mistake you pointed out!). It's most likely that you haven't got the visudo line quite right. Is username your actual username or have you changed it for privacy reasons?

Easiest check is to open a new Terminal window (when you use sudo and authenticate you don't need to reauthenticate in that Terminal window for a few minutes -- a new window/session gets round that) and try

sudo tmutil enable

...and if you are prompted for a password the entry in the /private/etc/sudoers.d/tmutil file is wrong.

For comparison, my "short username" is nigel and a working line is:

nigel ALL=NOPASSWD: /usr/bin/tmutil enable, /usr/bin/tmutil disable, !/usr/bin/tmutil enable *, !/usr/bin/tmutil disable *

If you're worried about going deeper in a public Forum, DM me.

Hey Nige_S

Much appreciated, I'll follow up in DM after I've had a chance to grab some sleep :sleeping: and then once it's solved, put a public version here for other's reference.


Just to Close up this topic, the problem is solved. The difficulty was down to my version of the sudoers file not having a line linking to sudoers.d additions.

Once we added that, everything works beautifully, and I can set Time Machine to disable, and enable from KM.

1 Like