Incorporating Admin priviliges (hidden)

I have just started Applescripting and have created some rudimentary scripts.
I have a script that moves a plugin out of the Adobe Illustrator Plugins folder and into a temporary folder, and then back again. This is because aspects of the Plugin are licenced and we only have a limited amount of licences. Thus, operators that do not need the funcionality of the Plugin may still have it, depriving other operators. The aim is to have two icons for Illustrator - the normal one, and one that moves the plugin and then launches Illustrator.

Unfortunately, our production Macs have been locked down to limited user status, and the permissions on the Illustrator folders do not allow for copying/moving etc. The IT dept have requested this functionality, but do not want to change the permissions on the folders, nor have a Admin password in any format that can be viewed/extracted.

I have read on these forums about sudo/shell scripts, but have not grasped the concept. Could anyone enlighten me or point me to a good resource? I would like to go back and confidently tell IT that it can be done and how :slight_smile:

The script is:

 tell application "Finder"
	if exists folder "temp_Plug-ins" of folder "Adobe Illustrator CS2" of folder "Applications_test" of desktop then
		set temp_folder to folder "temp_Plug-ins" of folder "Adobe Illustrator CS2" of folder "Applications" of startup disk
		make new folder at folder "Adobe Illustrator CS2" of folder "Applications" of startup disk with properties {name:"temp_Plug-ins"}
	end if
	set temp_folder to folder "temp_Plug-ins" of folder "Adobe Illustrator CS2" of folder "Applications" of startup disk
	set ai_plugin to folder "AIClient" of folder "Plug-ins" of folder "Adobe Illustrator CS2" of folder "Applications" of startup disk
end tell

tell application "Finder"
	if ai_plugin exists then move ai_plugin to temp_folder
end tell
tell application "Adobe Illustrator"
end tell

tell application "Finder"
	set plugin_moved to folder "AIClient" of folder "temp_Plug-ins" of folder "Adobe Illustrator CS2" of folder "Applications" of startup disk
	move plugin_moved to folder "Plug-ins" of folder "Adobe Illustrator CS2" of folder "Applications" of startup disk
end tell

Thank you for any help


Hi Ian

Scripting the shell to do stuff is not my strong point, there is a lot more folk on here with greater knowledge,
However i think you need to be looking at something like this.

do shell script "chmod -R 777 " & quoted form of (POSIX path of theplugin) with administrator privileges

i could be wrong but i don’t think you write “sudo” like you would in terminal you need to write “with administrator privileges”
i think it maybe because sudo will prompt you for an admin password.

you need to direct the variable “theplugin” as a path to the real plug-in in illustrator folder and coerce it to a string if its not already
and the line do shell script will convert it to a posix path which the shell can understand.

you may even still be prompted for an admin password…

i hope this has helped you a little bit my apologies if it has just confused you even more.


Thanks for your reply, I appreciate your help.

Don’t worry, you can’t confuse me more!

Tried the script and set theplugin definition, but it came back with:
“Can’t make «class cfol» "AIClient" of «class cfol» "Plug-ins.localized" of «class cfol» "Adobe Illustrator CS2" of «class cfol» "Applications" of «class sdsk» of application "Finder" into the expected type.”

If you are referencing the actual password as a string, be it in the script or in a separate file, or telling the script just to have admin priviliges, then what’s to stop someone from gleaning this information?


ps. Incidently, is the whole folder “blah” of folder “blah” necessary or is there an easier way to specify a path. I have tried path/path… and path:path…, but neither of these work.

Ultimately if the permissions on the folder are locked down your going to have to provide the password somewhere… wether the users enter it or you have it in the script or a text file it WILL be somewhere.

You could put the password and make the script a run only app. I’m sure a hex editor would be able to pull the password out of it though… then again I’m sure you IT dept is also managing which applications can and can’t be run so that may not be an issue for you.

So something like this

property AdminName : {"<your admin sn>"}
property pword : {"<your admin pw>"}

-- You can do your moves here or as pidge stated a chmod and then use pure applescript to do the moves
do shell script "your script" user name AdminName password pword with administrator privileges

Hi Ian

You can refer to a path as an alias.

choose folder

run this and see the result better if you go a few folders deep.
you can copy and paste the result into your script then.

if you have an alias to file or folder and then delete the file or folder then re compile your script
you will get an error it needs to find the path to the file or folder when you compile your script.


Thank you!

Making the app run-only might be an option.

Having the system locked down is obviously necessary in a managed production environment, but it makes things really difficult to script!


Hi Ian,

Making the app run only doesn’t hide the password, but as James wrote, the user would need an app that can get to the scpt data. What you could do is encode the password. You would then need a key to decode. I’m trying to think of a good way to hide the key, but at least the admin password wouldn’t be in the script and you can separate the key and the encoded password.

There might be a better way than swapping the plug-in in and out. Can’t you use two apps and allow selected users to use the one with the plugin? I don’t know.


I don’t think it is posssible to have two copies of Illustrator running, unless they have separate serials.
It will probably be easier to convince them to allow permissions on the Illustrator folder.

Many thanks