• Open Menu Close Menu
  • Apple
  • Shopping Bag
  • Apple
  • Mac
  • iPad
  • iPhone
  • Watch
  • TV
  • Music
  • Support
  • Search apple.com
  • Shopping Bag

Lists

Open Menu Close Menu
  • Terms and Conditions
  • Lists hosted on this site
  • Email the Postmaster
  • Tips for posting to public mailing lists
Re: Addressbook framework without a regular user
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Addressbook framework without a regular user

  • Subject: Re: Addressbook framework without a regular user
  • From: Karl Kuehn <email@hidden>
  • Date: Mon, 6 Jan 2003 22:13:39 -0500
Thanks for the response. In the mean time I have discovered the tie-in that the addressbook framework has with the current user. I do have to say that the getSharedAddressbook call is a bit misleading... And I would ask any apple framework engineer to add my request for a getAddressBook: withUser: method to the pile of other trivial requests. That would make my life a bit easier.. of course then you start having to add in security (my idea is simple: if you can read the file you have read access, if you can write it.. well... you get the idea).

But in the mean time... I have been looking into ways of getting a thread, or a whole 'nother process that could be run as various users at run time. This would have to run without any user intervention (any authentication would have to come at install time, not at run time). I have peeked at the Authentication Services, but that seems a bit daunting (encouraging works appropriate at this point).

The setuid process seems to be a better match, but having to start with a chomod 4000 program, and then play from there for each person is a bit scary. I am seeing major security situations dancing in my head... Allong that line, anyone want to venture an opinion on whether it would be better to fork processes and setuid on each one, or just go through a series of chances on the main process?

Thanks for the guidance!

Karl Kuehn
email@hidden

On Monday, January 6, 2003, at 09:39 PM, Barry Books wrote:

I don't think it's possible to run without a user context, but should be able to start the daemon with

su - user -c program

and get the context of whatever user you like. If you need the address book of any user on the system that would be more complicated but possible. The simplest way would be build a deamon that forks then setuid to whatever user you like to handle the request. Not really that much different than a setuid program but at least you don't have setuid programs laying around.
_______________________________________________
cocoa-dev mailing list | email@hidden
Help/Unsubscribe/Archives: http://www.lists.apple.com/mailman/listinfo/cocoa-dev
Do not post admin requests to the list. They will be ignored.
References: 
 >Re: Addressbook framework without a regular user (From: Barry Books <email@hidden>)

  • Prev by Date: Use of alloc in class (factory) methods
  • Next by Date: stringByTrimmingCharactersInSet: problem
  • Previous by thread: Re: Addressbook framework without a regular user
  • Next by thread: Re: Addressbook framework without a regular user
  • Index(es):
    • Date
    • Thread