More Authorization.h questions...
More Authorization.h questions...
- Subject: More Authorization.h questions...
- From: Murray Todd Williams <email@hidden>
- Date: Thu, 8 Nov 2001 19:51:40 -0500
Thanks to everyone who has been talking about Authorization in the
recent "Authorization.h" thread. I've been *lurking* and reading
everyone's comments carefully because I'm trying to write a System
Preferences Panel that requires some simple file access be done as root.
I now understand that I have to separate my "privileged operations" into
executables that can be run via AuthorizationExecuteWithPrivileges.
(Finlay, I know you recently mentioned that this isn't the intended
future Way to Do This as per Michael Brouwer, but the Authorization and
AuthorizationTags headers seem to imply that the future direction will
be to make sure that authorization be secured for only a single
executable path--not the case now it seems--to be launched with AEWP. If
you have any reference to recent Apple materials speaking the contrary,
I'd be very interested.)
It also appears that one of the most straightforward ways to pass
"details" of what should be done to the "tool" executable is via the
parameters that are passed and/or a IPC pipe (stdin).
It also seems to be recommended that the tool be designed to have some
sort of custom-designed authentication to make sure the calling process
is legal. I've got no idea of what good design pattern would be
sufficient for that step.
Here's my question: does it make sense to have these "tool" executables
be packaged in the primary application's bundle, in the same directory
as the executable itself? If so, how can I specify in Project Builder to
have another executable be created and placed there in the build phase?
Is there anything else I would seem to be missing?
Cheers,
Murray Todd Williams