Execute alias with sudo at session startup

Question

I created the following alias and put it into my ~/.zshrc:

alias kiosk-proxy="echo \"rdr pass inet proto tcp from any to any port 80 -> 127.0.0.1 port 8080\" | sudo pfctl -ef -"

It's basically a pf rule which redirects all incoming traffic with the destination port 80 to 127.0.0.1:8080 (but what it does is not important, it's just to give you some context)

Currently, I have to manually run this at every session startup, I'd like to automate it.

It would be rather simple if it didn't need sudo rights, I'd just put kiosk-proxy in my ~/.bash_profile, I guess.

But since it needs sudo, it's gonna ask for the password and I doubt it's gonna prompt it. So... How can I execute this alias with sudo rights without asking for the password? Also, it needs to know there is such alias existing in ~/.zshrc, which may not have been loaded yet. Worse case, I can move the alias to another file.

A few things....Do you want this only for a shell environment for a particular user or do you want this for the whole computer? Are you using zsh or bash? You mention both. Why wouldn't you want to execute that command as a script? — Allan, Jan 26 '17 at 11:09
I'm mostly relying on Zsh, but thought I'd have to use bash_profile since it's the default profile file. I don't really care if it's for a single user or all of them, I only have one user on this computer. I could execute it as a script as well, it's just that, currently, it's an alias. So I used it as example. — Vadorequest, Jan 26 '17 at 13:25
bash_profile is not read by zsh - so stick to one or the other — mmmmmm, Jan 26 '17 at 17:52
Do you want this to run only when you're logged in, or when the computer starts up? I have the root user enabled on my box, so I have no idea what a Mac looks like without that... but the root user has it's own startupitems and doesn't need permissions to run stuff so, in theory, that should work for you? G> — MrBungleBear, Jan 26 '17 at 15:26
Good to know, I though bash was always executed, having zsh as default terminal I figured I could have aliases in either .bashrc or .zshrc and it would work the same. Thought it was identical for the profile. — Vadorequest, Jan 27 '17 at 09:37

score 1 · Answer 1 · edited Apr 13 '17 at 12:45

Enabling pf (with the rdr rule) with a command/alias or a shell script/function in your bash/zsh profile like in your question is neither common nor good practice. It is possible though:

To disable a password prompt modify the sudoers file:

Open Terminal and enter sudo visudo to modify the file /etc/sudoers.

Change the part:

## User privilege specification
##
root ALL=(ALL) ALL
%admin  ALL=(ALL) ALL

to

## User privilege specification
##
root ALL=(ALL) ALL
%admin  ALL=(ALL) ALL
your_username ALL=(ALL) NOPASSWD: /sbin/pfctl

and save the file.

If you don't know vi: after entering sudo visudo you have to change to insert mode by hitting i. Enter the additional line as indicated above. To leave insert mode hit esc. Then enter :wq and the Enter key to write the modified file to disk and quit vi.

bash:

Entering kiosk-proxy shouldn't require a password anymore. You can then simply add kiosk-proxy as a separate line in your bash_profile (after the alias kiosk-proxy ...line)

After exiting the shell, pf won't be disabled and the passed rule is still redirecting! To disable pf and the rdr rule while exiting the (bash) shell, create a file with touch ~/.bash_logout and the content sudo pfctl -d.

zsh:

The same works with ~/.zprofile containing:

alias kiosk-proxy="echo \"rdr pass inet proto tcp from any to any port 80 -> 127.0.0.1 port 8080\" | sudo pfctl -ef -"

kiosk-proxy

and ~/.zlogout containing

sudo pfctl -d

A more recommended way is to simply add the rdr rule in pf.conf and enable pf while booting.

Execute alias with sudo at session startup

1 Answers1