What option should I give the sudo command to have the password asked through a graphical interface?

This problem has ben bugging me for a while now.

Every now and then, I need to write a script file that should execute sudo commands. I do not necessarily know in advance that I will run as sudo so I am sure there is a way to open a nice graphical interface (such as the one popping up when installing software) but how ?

The man sudo says:

-A          Normally, if sudo requires a password, it will read it from the current terminal.  If the -A (askpass) option is specified, a (possibly
            graphical) helper program is executed to read the user's password and output the password to the standard output.  If the SUDO_ASKPASS
            environment variable is set, it specifies the path to the helper program.  Otherwise, the value specified by the askpass option in
            sudoers(5) is used

So I am pretty sure the solution resides in that -A and SUDO_ASKPASS tuple however I've managed to find what to put into those.

Solution 1:

OS X doesn't have an entirely clean way to do this, but there are a few ways to fake it. First, AppleScript has a good way to do sudo-ish things based on a graphical authentication, and you can use that:

osascript -e "do shell script \"stufftorunasroot\" with administrator privileges"

You can also use that mechanism to set the sudo timestamp, and then use the regular sudo (within the 5-minute timeout window) to do things:

osascript -e "do shell script \"mkdir -p /var/db/sudo/$USER; touch /var/db/sudo/$USER\" with administrator privileges" && \
    sudo stufftorunasroot

Finally, you can use AppleScript to prompt for a password, then pass that to sudo:

pw="$(osascript -e 'Tell application "System Events" to display dialog "Password:" default answer "" with hidden answer' -e 'text returned of result' 2>/dev/null)" && /
    echo "$pw" | sudo -S stufftorunasroot