Re: setuid to root App cannot compile NSAppleScript
Re: setuid to root App cannot compile NSAppleScript
- Subject: Re: setuid to root App cannot compile NSAppleScript
- From: Dave Camp <email@hidden>
- Date: Thu, 11 Dec 2003 13:33:49 -0800
Ooops. I accidentally hit Send prematurely on that last email...
On Dec 11, 2003, at 9:12 AM, Lorenzo wrote:
Hi,
thank you for the prompt reply.
I don't have to use the AS to copy the file. I have to use the AS to
close
all the open applications. Then my tool will copy the file, and
restore the
ownership and privileges.
The problem is that my tool is so big and complex that is has to run
as root
at all. It cannot launch a smaller sub-process.
Can you explain what your tool does that it's so big an complex that it
_has_ to be root? Root processes are a rarity. Running something as
root has security consequences that need to be taken into account.
This may sound rude, but it's not meant to be that way... Anyone
writing a program that is large and complex and has a legitimate need
to always be root (like a daemon process) should have a thorough
knowledge of UNIX security, and I certainly wouldn't expect it to stop
processes with an AppleScript.
If we knew why your app needed needed root privileges, maybe we could
suggest alternative means of solving your problems that would simplify
your code and make it more safe.
So the user authenticate himself as root then I set seteuid = 0 to the
tool,
and quit and relaunch the tool. So starting from the next time the tool
works as root all the time.
So my problem is the opposite. How to launch a no-root sub-process
from a
root process?
man setgid.
Dave
_______________________________________________
cocoa-dev mailing list | email@hidden
Help/Unsubscribe/Archives:
http://www.lists.apple.com/mailman/listinfo/cocoa-dev
Do not post admin requests to the list. They will be ignored.