Re: Addressbook framework without a regular user
Re: Addressbook framework without a regular user
- Subject: Re: Addressbook framework without a regular user
- From: Karl Kuehn <email@hidden>
- Date: Mon, 6 Jan 2003 22:13:39 -0500
Thanks for the response. In the mean time I have discovered the tie-in
that the addressbook framework has with the current user. I do have to
say that the getSharedAddressbook call is a bit misleading... And I
would ask any apple framework engineer to add my request for a
getAddressBook: withUser: method to the pile of other trivial requests.
That would make my life a bit easier.. of course then you start having
to add in security (my idea is simple: if you can read the file you
have read access, if you can write it.. well... you get the idea).
But in the mean time... I have been looking into ways of getting a
thread, or a whole 'nother process that could be run as various users
at run time. This would have to run without any user intervention (any
authentication would have to come at install time, not at run time). I
have peeked at the Authentication Services, but that seems a bit
daunting (encouraging works appropriate at this point).
The setuid process seems to be a better match, but having to start
with a chomod 4000 program, and then play from there for each person is
a bit scary. I am seeing major security situations dancing in my
head... Allong that line, anyone want to venture an opinion on whether
it would be better to fork processes and setuid on each one, or just go
through a series of chances on the main process?
Thanks for the guidance!
Karl Kuehn
email@hidden
On Monday, January 6, 2003, at 09:39 PM, Barry Books wrote:
I don't think it's possible to run without a user context, but should
be able to start the daemon with
su - user -c program
and get the context of whatever user you like. If you need the address
book of any user on the system that would be more complicated but
possible. The simplest way would be build a deamon that forks then
setuid to whatever user you like to handle the request. Not really
that much different than a setuid program but at least you don't have
setuid programs laying around.
_______________________________________________
cocoa-dev mailing list | email@hidden
Help/Unsubscribe/Archives:
http://www.lists.apple.com/mailman/listinfo/cocoa-dev
Do not post admin requests to the list. They will be ignored.