Question

I have made an automator application which runs a couple scripts (and does not use any GUI, but it is opening a GUI for admin password because of my use of with administrator privileges). The main script is started using

do shell script (quoted form of myCommand) with administrator privileges

Because of this, when executing the application, a graphical admin password prompt is presented.

I am trying to execute this application automatically after install via bash and am wondering how I would be able to bypass the GUI password prompt; I'm looking for a way to execute the application via bash and run it silently (no GUI, no password prompt).

Because of the with administrator privileges all the common

sudo open -a /Application/appname.app &

sudo osascript -e 'tell app id "com.app.bundleid"' -e activate -e end

even running as root all still bring up the GUI password prompt.

Is there any way to open an application supplying the GUI password prompt via bash for OSX? Or is there a better way I should have executed the main script rather than do shell script (quoted form of myCommand) with administrator privileges?

Was it helpful?

Solution 3

The way in which I was able to bypass the GUI password prompt and still use with administrator privileges was to recompile the Automator app and supply the user and password in-line:

on run {input, parameters}
    set myCommand to POSIX path of ((path to me as string) & "Contents:Resources:script_name.sh")
    do shell script (quoted form of myCommand) user name "local-admin" password "local-adminpassword" with administrator privileges
    return input
end run

This accomplishes running the Applescript as with admin privileges, but without popping up the GUI password prompt. The app then runs silently, as I needed, and runs the script script_name.sh which in turn runs many other scripts and copies over other resource files out of (from myapp.app/Contents/Resources/) into system directories etcetera.

For the record, I needed it to act this way because I am deploying this app using Munki and wanted it to automatically run silently after install using a postinstall script:

#!/bin/bash
open -b "com.company.bundleidformyapp"
exit 0

OTHER TIPS

If access for assistive devices has been enabled, you can use GUI scripting to interact with the password dialogs:

tell application "System Events" to tell process "SecurityAgent"
    set value of text field 2 of scroll area 1 of group 1 of window 1 to "pa55word"
    click button 2 of group 2 of window 1
end tell
osascript -e 'do shell script "ls ~root" with administrator privileges' &
sleep 1
osascript -e 'tell application "System Events" to tell process "SecurityAgent"
    set value of text field 2 of scroll area 1 of group 1 of window 1 to "pa55word"
    click button 2 of group 2 of window 1
end tell'

Normally for example sudo open -a Finder doesn't open Finder as root, but sudo /System/Library/CoreServices/Finder.app/Contents/MacOS/Finder does.

I see in your comment to your question that you will enter a password in your script. This is not a good idea. If you need to use a password in a script you can use the keychain to store the password and have the script retrieve it. This is a secure way to store your passwords because if you put the password in an applescript it is stored in clear text and thus can be easily retireved by anyone.

Create the password item - Open Keychain Access application and select the keychain in the left column. Then click File>New Password Item..., give it a name, account name (can be anything), and enter the password. You can "get info" on the item and change the Kind to "generic key" to differentiate it from other passwords if you want.

NOTE: You must put the name you have given the item into the passwordItemName variable in the code

When you run this code a dialog will pop up asking if you want to allow access to the item. If you click "always allow" then you will prevent this dialog from coming up again in the future. Or you can prevent this dialog altogether by getting info on the keychain item, going to the access control tab, and adding the "security" binary in the "always allow access..." section.

-- global variables are often saved in a writable applescript
-- so we ensure it's a local variable to prevent this
local pword

set pword to getPW()
do shell script "/path/to/script/file.sh" user name "adminusershortname" password pword with administrator privileges

on getPW()
    set passwordItemName to "ApplescriptAdminPass"
    do shell script "/usr/bin/security find-generic-password -wl " & quoted form of passwordItemName
end getPW
Licensed under: CC-BY-SA with attribution
Not affiliated with StackOverflow
scroll top