Re: script for system Authentication dialog box.
Re: script for system Authentication dialog box.
- Subject: Re: script for system Authentication dialog box.
- From: "Matt Deatherage" <email@hidden>
- Date: Thu, 21 Jul 2005 00:00:15 -0500
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On Thu, 21 Jul 2005 06:34:21 +0200, Sander Tekelenburg wrote:
>> Notice that you only have to type in your password once.
>
>Indeed. Which is a surprise, given that I have set the gracetime to 0[*],
>which *does* do what I expect it to do in Terminal.app. Why would AS ignore
>the grace period?
Because no matter how many hints or tips or other myths you read on
line, the authorization dialog box is *not*, *not*, *not* some front end
to "sudo." Changes you make to sudo's grace period have absolutely
nothing to do with Mac OS X's Authorization Services, which are much
more fine-grained and flexible than sudo's "either you're root or you're
not" model.
(We covered this in detail in MWJ 2003.11.30. A sample:
> Most Mac OS X programs aren't command-line utilities, so sudo
> isn't sufficient for overcoming privilege problems. If an
> installer or other program wants root privileges so it won't
> have any problems adding or removing files, it can't invoke that
> part of its functionality with sudo because sudo will then
> expect a terminal prompt for a password, and won't complete
> until it gets one. Furthermore, even if a graphical program
> could send your password to sudo invisibly, you wouldn't want it
> to. You'd want the operating system to authenticate for you, so
> that no third-party program ever needs your unencrypted account
> password. That's part of why Mac OS X has its own standard
> authentication dialog box and accompanying services.
>
> Apple solves these problems with an API named
> AuthorizeExecuteWithPrivileges [20]. It allows any Mac OS X
> program to launch any other program with root privileges. You
> don't have to be logged in as an admin user for it to work,
> because the system authenticates and authorizes before launching
> any program with root privileges, and only those users who can
> gain the "system.privilege.admin" right can successfully
> complete the task. By default, any admin user can gain that
> right, just as by default any admin user can invoke sudo. The
> mechanisms are different, though: sudo's list of approved
> invokers is stored in the "/etc/sudoers" file, but Mac OS X's
> rights are stored in "/etc/authorization". If you change one
> file, it doesn't automatically change the other, so you can get
> the two mechanisms out of sync with each other if you're not
> careful.
>
> [20] <http://developer.apple.com/documentation/Security/Reference/
authorization_ref/01authref_ref/function_group_5.html#//apple_ref/c/func/
AuthorizationExecute>
This myth that everything in Mac OS X works by secretly calling through
to command line utilities really needs to stop. Programs like Finder
and the Installer that read or write files with admin privileges are not
secretly calling "cp", "mv", or "sudo". They're calling built-in,
binary, native Mac OS X APIs, including using Authorization Services to
get the rights necessary to work with privileged parts of the system.
- --
Matt Deatherage <email@hidden>
GCSF, Incorporated <http://www.macjournals.com>
-----BEGIN PGP SIGNATURE-----
Version: PGP Desktop 9.0.1 (Build 2185)
iQA/AwUBQt8r4uQJS+YigHjzEQKu2gCghw7TkYBRpqChUPXGCOtR9jD2eOIAoJR/
eoNwCJBqr1Kx7kd+bXMrXfHt
=juc9
-----END PGP SIGNATURE-----
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Applescript-users mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden