Open OSX application command line solution bypassing graphical admin password

Question 1

The way in which I was able to bypass the GUI password prompt and still use with administrator privileges was to recompile the Automator app and supply the user and password in-line:

on run {input, parameters}
    set myCommand to POSIX path of ((path to me as string) & "Contents:Resources:script_name.sh")
    do shell script (quoted form of myCommand) user name "local-admin" password "local-adminpassword" with administrator privileges
    return input
end run

This accomplishes running the Applescript as with admin privileges, but without popping up the GUI password prompt. The app then runs silently, as I needed, and runs the script script_name.sh which in turn runs many other scripts and copies over other resource files out of (from myapp.app/Contents/Resources/) into system directories etcetera.

For the record, I needed it to act this way because I am deploying this app using Munki and wanted it to automatically run silently after install using a postinstall script:

#!/bin/bash
open -b "com.company.bundleidformyapp"
exit 0

Question 2

If access for assistive devices has been enabled, you can use GUI scripting to interact with the password dialogs:

tell application "System Events" to tell process "SecurityAgent"
    set value of text field 2 of scroll area 1 of group 1 of window 1 to "pa55word"
    click button 2 of group 2 of window 1
end tell

osascript -e 'do shell script "ls ~root" with administrator privileges' &
sleep 1
osascript -e 'tell application "System Events" to tell process "SecurityAgent"
    set value of text field 2 of scroll area 1 of group 1 of window 1 to "pa55word"
    click button 2 of group 2 of window 1
end tell'

Normally for example sudo open -a Finder doesn't open Finder as root, but sudo /System/Library/CoreServices/Finder.app/Contents/MacOS/Finder does.

Question 3

I see in your comment to your question that you will enter a password in your script. This is not a good idea. If you need to use a password in a script you can use the keychain to store the password and have the script retrieve it. This is a secure way to store your passwords because if you put the password in an applescript it is stored in clear text and thus can be easily retireved by anyone.

Create the password item - Open Keychain Access application and select the keychain in the left column. Then click File>New Password Item..., give it a name, account name (can be anything), and enter the password. You can "get info" on the item and change the Kind to "generic key" to differentiate it from other passwords if you want.

NOTE: You must put the name you have given the item into the passwordItemName variable in the code

When you run this code a dialog will pop up asking if you want to allow access to the item. If you click "always allow" then you will prevent this dialog from coming up again in the future. Or you can prevent this dialog altogether by getting info on the keychain item, going to the access control tab, and adding the "security" binary in the "always allow access..." section.

-- global variables are often saved in a writable applescript
-- so we ensure it's a local variable to prevent this
local pword

set pword to getPW()
do shell script "/path/to/script/file.sh" user name "adminusershortname" password pword with administrator privileges

on getPW()
    set passwordItemName to "ApplescriptAdminPass"
    do shell script "/usr/bin/security find-generic-password -wl " & quoted form of passwordItemName
end getPW