A simple fix is to save the script as a text file instead.
At the top of the script add the osascript
shebang
#!/usr/bin/osascript
example:
#!/usr/bin/osascript
say "hello"
tell application "Safari" to activate
tell application "System Events"
delay 2
keystroke "p" using command down
tell application process "Safari"
tell application "System Events"
tell process "Safari"
click menu button "PDF" of sheet 1 of window 1
delay 1
click menu item "Save PDF to Web Receipts Folder" of menu of menu button "PDF" of sheet 1 of window 1
end tell
end tell
end tell
end tell
The in the save dialog choose Text as the file format.
The file will be saved as plain text but with the .applescript
extension.
In terminal make the save script text file executable.
I used:
chmod +x /Users/UserName/Scripts/newTest1.applescript
In the command arguments of the LaunchAgent just add the path to the file.
Do not add the osascript command to the arguments. You do not need it.
The saved script text file will act like an executable shell script.
When you first load or run the LaunchAgents you will get a prompt to set the Assistive Access in System Preferences. If you already have System preferences open you will not but the Script text file will be added to the list.
You now just have to check its check box to allow it.
I would reload the LaunchAgent so it picks up straight away.
I have double checked this with the script above and all works as expected.
OK, addressing your second question first (is my plist actually correct?), plutil
(in its default invocation) "lints" (checks) plist
files for correctness:
plutil ~/Library/LaunchAgents/local.brew.update.plist
Equivalent to:
plutil -lint ~/Library/LaunchAgents/local.brew.update.plist
Turning to your first question (how do I know my agent is being loaded (and how do I confirm that)?), here's a few things to help check that.
First, I'd recommend adding logging to aid debugging. I log to ~/Library/Logs
, so add something like this to my plist
:
<key>StandardOutPath</key>
<string>/Users/userx/Library/Logs/local.brew.update.stdout</string>
<key>StandardErrorPath</key>
<string>/Users/userx/Library/Logs/local.brew.update.stderr</string>
Try re-loading your plist
and then check your logs:
less ~/Library/Logs/local.brew.update.stdout
less ~/Library/Logs/local.brew.update.stderr
A few additional observations:
My understanding of your inetdCompatibility
is that the agent should start when it's loaded. However, you say that launchctl list
doesn't show the agent. Does that change if you try launchctl start com.my.ssh_tunnel
after loading the plist
? Do the logs show anything new?
I don't entirely understand the relationship between Program
and ProgramArguments
- could just be me, but I find man launchd.plist
's explanation of ProgramArguments
hard-going. I'd be inclined to try adding /usr/bin/ssh
as a first string
in ProgramArguments
, and removing the entry for Program
. (Then re-load and check the logs. Re-start and check the logs if needed).
Finally, I'm pretty certain that @daniel-Azuelos is correct, and you need to specify your ProgramArguments
like this (I've added usr/bin/ssh
as mentioned above):
<key>ProgramArguments</key>
<array>
<string>/usr/bin/ssh</string>
<string>-F</string>
<string>/Users/userx/.ssh/config</string>
<string>dname</string>
<string>/usr/sbin/imapd</string>
</array>
My reasoning for this is, the few plist
s I can find on my system that use (more than one) ProgramArguments
use this idiom:
<key>Label</key>
<string>com.divx.uninstall.preferences</string>
<key>ProgramArguments</key>
<array>
<string>/bin/bash</string>
<string>-c</string>
<string>if [[ ! -e "/Applications/DivX/DivX Preferences.app" ]] ; then open "/Library/Application Support/DivX/Uninstall DivX for Mac.app"; fi</string>
</array>
Note how bash
's -c
option and the corresponding command_string
are in separate arguments.
Best Answer
There’s no inherent danger per se with respect to ZSH; it’s only a shell.
What is “dangerous” is what you run in the shell. Most users don’t use the shell so securing it gives a nice level of extra security so when they inadvertently download nefarious apps from the Internet, they will have the protection that the shell doesn’t have full disk access.
Is it overkill? In my opinion, no. If you run scripts like this backup script, you’re going to want access to more than just one or two directories (which you can do, by the way); you’ll want access to the whole disk.