Mailing Lists: Apple Mailing Lists
Image of Mac OS face in stamp
 
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Authorization Question

On Wednesday, July 30, 2003, at 08:26 PM, Isaac Sherman wrote:

After giving myself a condition similar in appearance to an advanced case of
pink eye, I finally threw my hands up in aggravation, searching for some
form of aid. Friends, I petition thee!

How would I make a program that always runs with Root access, but doesn't
ask for administrator authorization every time it's launched?
I've been working on the docs and example code, and it appears that I always
need said permission, contrary to the docs. After setting it's UID Bit, it
still requires me to authorize to execute it.

Can someone point me in the right direction?



The most common UNIX way to always run a process with certain privileges beyond those of any particular user logged into a system is to start the process from an already privileged process. Processes inherit the privileges of their parent. Many such processes are started by inetd. However, every such process is a potential security hole and the fewer the better according to most respected gurus on the subject.

I am sure you have a good reason for doing what you are doing, but there is a reason why systems are designed to request authorization from a privileged person before performing privileged operations instead of performing privileged operations for anybody. If anybody can perform privileged operations, there is no point in having different privileges.

Is there a reason why you don't just always log in as root and run all processes with root privileges ?
_______________________________________________
cocoa-dev mailing list | email@hidden
Help/Unsubscribe/Archives: http://www.lists.apple.com/mailman/listinfo/cocoa-dev
Do not post admin requests to the list. They will be ignored.
References: 
 >Authorization Question (From: Isaac Sherman <email@hidden>)



Visit the Apple Store online or at retail locations.
1-800-MY-APPLE

Contact Apple | Terms of Use | Privacy Policy

Copyright © 2007 Apple Inc. All rights reserved.