Allow non-admin users to run Software Update
Sep 10, '07 07:30:00AM
Contributed by: MrLint
Software Update has a 'quirk' in which non-admin users will never get prompted to install updates, even if the administrator sets them automatically download. So the problem is that if you have multiple machines in a mostly unmanaged environment, updates only occur if an admin logs in or if users run Software Update manually, and in either case the process must be authenticated with an admin password
But partially no more! If you edit the sudoers file, you can allow the CLI version of Software Update (i.e. softwareupdate) to be executed by your users.
- Edit the sudoers file /etc/sudoers. Use the command sudo visudo; this will drop you into the default visual editor (usually vim).
- Add ALL ALL= NOPASSWD: /usr/sbin/softwareupdate to the file. Placing it at the bottom is OK. Be sure to add comments on your change by using # as the first character. Do not comment out the actual sudoers directive you just added, however. Save and exit the editor.
- Run softwareupdate -ia from Terminal in a non-admin user (any) account and watch the show.
WARNING:
I don't think this action will prompt for a restart, so the system will be running in an indeterminate state. Be sure to restart right away if you are trying this on a reboot-needed update. You have been warned.
Real world uses
With this hurdle covered, you can now add a cron/launchd job to download updates for sure (softwareupdate -d). I have been thinking about seeing if I can work this into the logouthook function. If so, then shutdown -r now will also need to be in sudoers. It has also been suggested to use an osascript command to issue a Finder restart to allow users the normal warnings.
Comments (13)
Mac OS X Hints
http://hints.macworld.com/article.php?story=20070906181925132