I need to run a script as part of an application first-run step, to remove some legacy components from a previous version. Typically these components are installed in either $HOME/Library or /Library, and the script can simply move them to the trash.
The problem is, in the case where the user is not an administrator, and the components are in the global /Library, the script needs to authenticate as an administrator, or it will fail. My current script uses AppleScript, but to my surprise, I can't find a way to become an admin user in the middle of a script.
There's the 'do shell script 'foo' with administrator privileges' command, but it always authenticates, and it's easier to express the steps I want in AppleScript than shell, though not impossible.
At the moment I'm faced with trying to move the files in AppleScript, catching a failure of the move, and then using an authenticating shell-script to move the files using 'mv'. This seems very cumbersome, so what can I do to make things neater?