I’m having a problem with do shell script with administrator privileges. My application is fairly complex, so I’m prompting for the user’s password and saving it for future do shell script calls. I’ve also got some logic so my program behaves like normal apps that gain admin rights: entering an incorrect password re-prompts the user, and users are able to click the “Unlocked” icon in the bottom left of the window to de-authenticate the app. (In theory, at least.)
Here’s my problem, in code form:
So you can see my problem: once the app authenticates, it stays that way no matter what. Is there a way I can force de-authentication?
do shell script… with administrator privileges invokes sudo to execute the command, so your app will be authorized for the standard sudo timeout (5 minutes by default) and the password is not rechecked.
The solution is to use ‘sudo -k’ to kill (cancel) the authentication:
do shell script "ls ~root" password "realpassword" with administrator privileges -- has the correct password; command succeeds
do shell script "sudo -k" --cancels the sudo authentication
do shell script "ls ~root" password "badpass" with administrator privileges -- can't go there