Entering a password securely

I’m putting together an application that runs terminal commands, and to do that the password has to be entered for the command to work. Here’s the command:

do shell script "sudo update_prebinding -force -root /" password thePass with administrator privileges

Now, the variable is set by entering it into a secure text field, and then it has to be set. Here’s the code:

on savePassword()
set thePass to contents of secure text field "PassText" of window "main"
end savePassword

It’s part of a subroutine here, and I inserted a little display dialog command into it, and the dialog diplays, but when I run the command, it still says that thePass is not defined. Any help would be appreciated.

Try just using “text field” and not “secure text field”. Also, make sure you’ve got thePass defined as a property or a global otherwise its scope won’t make it out of your handler. Finally, there is no need to use both “sudo” & “with administrator privileges”, just use:

do shell script "update_prebinding -force -root /" password thePass with administrator privileges


To do that, do I just insert the code below at the top of the script?

global thePass

Hey John, would you happen to know what “with administrator privileges” uses to be able to run with root permissions? Like does it rely on shell commands such as sudo or su (behind the scenes), or is it similar to “authexec” which many apps to gain those permissions?

For example, if the permissions of “su” and “sudo” were damaged, say with no root ownership and no SetUID bit, would the “do shell script with administrator privileges” still be able to succeed?

Sorry, Mark, I don’t know the answer to that. Perhaps it’s covered in Apple’s TechNote on “do shell script”.


Nope, but after posting this to the AppleScript mailing list I got an idea on how to check what’s going on. I thought of a clever (at least IMHO :-)) way to see what’s going on behind the scenes:

set sh_ps_grep_ to "ps axw |grep 'ps ax'"

set result_ to do shell script sh_ps_grep_ with administrator privileges
--display dialog result_

Running that script in Script Editor will produce the following Result:

4117 ?? S 0:00.01 sh -c echo ‘my_password’ | sudo -p “” -S ps axw |grep ‘ps ax’
4119 ?? R 0:00.03 ps axw
4120 ?? S 0:00.01 grep ps ax"

Looks like my guess was right. Reason I asked is because I wrote a little app ( Repair Disk Utility’s Permissions ) for Jaguar that repairs the permissions of the Disk Utility in case the “SetUID” bit and root ownership of the Mach-O executable became corrupt. I included a check to see what DU’s permissions were, but then also what the permissions on sudo were as well. Since, if sudo’s also lost the “SetUID” bit and root ownership, then I figured there’s no way my app can fix it.

So I guess using “sudo” within the string used in the “do shell script” is like being redundant by repeating yourself. :stuck_out_tongue:

Anyway, hope this helps…