Reputation: 7820
Open OSX application command line solution bypassing graphical admin password
I have made an automator application which runs a couple scripts (and does not use any GUI, but it is opening a GUI for admin password because of my use of with administrator privileges). The main script is started using
do shell script (quoted form of myCommand) with administrator privileges
Because of this, when executing the application, a graphical admin password prompt is presented.
I am trying to execute this application automatically after install via bash and am wondering how I would be able to bypass the GUI password prompt; I'm looking for a way to execute the application via bash and run it silently (no GUI, no password prompt).
Because of the with administrator privileges all the common
sudo open -a /Application/appname.app &
sudo osascript -e 'tell app id "com.app.bundleid"' -e activate -e end
even running as root all still bring up the GUI password prompt.
Is there any way to open an application supplying the GUI password prompt via bash for OSX? Or is there a better way I should have executed the main script rather than do shell script (quoted form of myCommand) with administrator privileges?
Upvotes: 2
Views: 5074
Answers (3)
Reputation: 19032
I see in your comment to your question that you will enter a password in your script. This is not a good idea. If you need to use a password in a script you can use the keychain to store the password and have the script retrieve it. This is a secure way to store your passwords because if you put the password in an applescript it is stored in clear text and thus can be easily retireved by anyone.
Create the password item - Open Keychain Access application and select the keychain in the left column. Then click File>New Password Item..., give it a name, account name (can be anything), and enter the password. You can "get info" on the item and change the Kind to "generic key" to differentiate it from other passwords if you want.
NOTE: You must put the name you have given the item into the passwordItemName variable in the code
When you run this code a dialog will pop up asking if you want to allow access to the item. If you click "always allow" then you will prevent this dialog from coming up again in the future. Or you can prevent this dialog altogether by getting info on the keychain item, going to the access control tab, and adding the "security" binary in the "always allow access..." section.
-- global variables are often saved in a writable applescript
-- so we ensure it's a local variable to prevent this
local pword
set pword to getPW()
do shell script "/path/to/script/file.sh" user name "adminusershortname" password pword with administrator privileges
on getPW()
set passwordItemName to "ApplescriptAdminPass"
do shell script "/usr/bin/security find-generic-password -wl " & quoted form of passwordItemName
end getPW
Upvotes: 1
Reputation: 7820
The way in which I was able to bypass the GUI password prompt and still use with administrator privileges was to recompile the Automator app and supply the user and password in-line:
on run {input, parameters}
set myCommand to POSIX path of ((path to me as string) & "Contents:Resources:script_name.sh")
do shell script (quoted form of myCommand) user name "local-admin" password "local-adminpassword" with administrator privileges
return input
end run
This accomplishes running the Applescript as with admin privileges, but without popping up the GUI password prompt. The app then runs silently, as I needed, and runs the script script_name.sh which in turn runs many other scripts and copies over other resource files out of (from myapp.app/Contents/Resources/) into system directories etcetera.
For the record, I needed it to act this way because I am deploying this app using Munki and wanted it to automatically run silently after install using a postinstall script:
#!/bin/bash
open -b "com.company.bundleidformyapp"
exit 0
Upvotes: 0
Reputation: 27593
If access for assistive devices has been enabled, you can use GUI scripting to interact with the password dialogs:
tell application "System Events" to tell process "SecurityAgent"
set value of text field 2 of scroll area 1 of group 1 of window 1 to "pa55word"
click button 2 of group 2 of window 1
end tell
osascript -e 'do shell script "ls ~root" with administrator privileges' &
sleep 1
osascript -e 'tell application "System Events" to tell process "SecurityAgent"
set value of text field 2 of scroll area 1 of group 1 of window 1 to "pa55word"
click button 2 of group 2 of window 1
end tell'
Normally for example sudo open -a Finder doesn't open Finder as root, but sudo /System/Library/CoreServices/Finder.app/Contents/MacOS/Finder does.
Upvotes: 1
Related Questions
- Opening a file with an app using a command line in apple script or an automator app
- How to make Automator run Shell Script that requires sudo password?
- Mac OS X: interacting with an application programmatically
- osx - Permission denied (126) using AppleScript with Administrator Privileges
- How to "do shell script with administrator privileges" as a regular user and not as root?
- How to overwrite the asking for authentication when running an admin shell script in Apple Script?
- Mac applescript - ask for administrator privileges prompt
- Applescript Execute Shell with Input and Admin Privileges
- How to grant administrator privileges in Mac OS X shell script?
- Running script with admin permissions on OS X