This guide explains how to configure and run commands as sudo on macOS using Swif's command system, a tool that lets you run commands on Swif-managed Mac devices.
Prerequisites
Swif Admin Access: You need the Swif admin password for your device. This password is unique to each device and can be found under Device > Accounts in the Swif management interface.
Running Commands with Root Permissions
By default, Swif commands are executed under the SYSTEM user, who already has root permissions. This allows you to run commands as sudo without additional configuration.
However, if you want to run commands under a Swif admin user, follow these steps:
Use the following command structure to run commands as
sudo:echo '{{SWIF_ADMIN_PASSWORD}}' | sudo -S lsReplace
lswith your desired command.
Example:
echo 'YourAdminPassword' | sudo -S your-command-here
Note: Each Swif admin has a randomized password per device, meaning this method will only work on the specific device you're targeting.
Running on the Swif Admin Account
Swif allows you to use a placeholder like {{SWIF_ADMIN_PASSWORD}} to automatically insert the Swif admin password into your commands, making it easier to run commands across multiple devices. For more details, please refer to Running on the Swif Admin Account.
Running sudo Commands via Software Deployment
When managing macOS applications through Device Management → Applications, Swif.ai provides multiple places where scripts can be executed with sudo privileges.
All scripts listed below run as root/administrator via SYSTEM user.
1. Pre-Install Script
When it runs:
Before the installer file is executed.
Typical use cases:
Preparing the system environment
Removing previous versions of an application
Installing prerequisites or dependencies
Cleaning up failed or partial installs
Example:
#!/bin/bash rm -rf /Applications/OldApp.app exit 0
2. Installer File
The Installer File itself (PKG, DMG, or script-based installer) is executed with administrator privileges.
Swif.ai automatically handles privilege escalation—no additional sudo configuration is required.
Supported installer formats include:
.pkg.dmgCustom shell installers
3. Post-Install Command Script
When it runs:
After the installer completes successfully.
Typical use cases:
Activating or licensing software
Running vendor command-line tools
Loading agents or services
Applying additional configuration required after installation
Example (CrowdStrike-style workflow):
#!/bin/bash CID_KEY="XXXX" /Applications/Falcon.app/Contents/Resources/falconctl license XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX-$CID_KEY /Applications/Falcon.app/Contents/Resources/falconctl load /Applications/Falcon.app/Contents/Resources/falconctl stats if [ $? -eq 0 ]; then exit 0 else exit 1 fi
4. Install Check Script (Validation Rule)
When it runs:
To determine whether the application is already installed and healthy.
This script is configured under Validation Rules with Rule Type = Script.
Purpose:
Detect successful installation
Prevent unnecessary reinstalls
Support compliance and reporting
Example:
#!/bin/bash if [ -d "/Applications/Falcon.app" ]; then exit 0 else exit 1 fi
exit 0→ Application is detectedexit 1→ Application is missing or not compliant
5. Uninstaller File and Uninstall Script
When it runs:
When an application is removed or unassigned from a device.
Typical use cases:
Running vendor-provided uninstall commands
Cleaning up system files and services
Fully removing agents or background processes
Example:
#!/bin/bash /Applications/Falcon.app/Contents/Resources/falconctl uninstall rm -rf /Applications/Falcon.app exit 0
Script Execution Order on macOS
When deploying an application, scripts execute in the following order:
Pre-Install Script
Installer File
Post-Install Command Script
Install Check Script (for validation)
All steps run with sudo-level privileges.
Important Notes and Best Practices
Always include
#!/bin/bashat the top of scriptsUse absolute paths (for example,
/Applications/App.app)Return proper exit codes (
0for success, non-zero for failure)Test scripts locally before deploying broadly
Use Install Check Scripts to avoid repeated installations
Summary
Swif.ai enables secure and automated execution of sudo commands on macOS by using the Swif Admin account. Through the Software (Applications) page, administrators can run privileged commands at multiple stages of the application lifecycle, including:
Pre-install preparation
Installation
Post-install configuration
Validation
Uninstallation
This approach allows complex enterprise software to be deployed and managed without user interaction, while maintaining auditability and control.
For Windows Devices
If you're working with a Windows device, you can run a command as an administrator. For more information, visit the Windows command guide.
For Linux Devices
If you're working with a Linux device, you can run a command as sudo. For more information, visit the Linux command guide.