RE: simple root authentication for executing shell scripts (DYLD_LIBRARY_PATH!!!)
RE: simple root authentication for executing shell scripts (DYLD_LIBRARY_PATH!!!)
- Subject: RE: simple root authentication for executing shell scripts (DYLD_LIBRARY_PATH!!!)
- From: "Huyler, Christopher M" <email@hidden>
- Date: Tue, 7 Oct 2003 10:14:16 -0400
- Thread-topic: simple root authentication for executing shell scripts (DYLD_LIBRARY_PATH!!!)
Thank you, this helps a lot.
I set up my pref pane to use AuthorizationCopyRights() and
AuthorizationExecuteWithPrivileges().
However, I have run into another problem. Our script adds a couple
paths to DYLD_LIBRARY_PATH so that our daemons can find the libraries
they need. Linux (and I am assuming now BSD/Darwin), does not allow you
to update (DY)LD_LIBRARY_PATH from a setuid process. Yet, running a
command using "sudo" does allow you to update this. We set this along
with some other private environment variables inside our startup script.
Maybe I'm just setting up the flags wrong, but how can I execute a
script AS root, not just execute it with root permissions? Here's some
pseudo code for what I am doing now:
------------------------------------------------------------------------
----
AuthorizationRights rights;
AuthorizationRights *authorizedRights;
AuthorizationRef authorizationRef;
AuthorizationItem authItems[4];
OSStatus err = 0;
If(authorizationRef == NULL)
{
rights.count=0;
rights.items=NULL;
err = AuthorizationCreate(&rights,kAuthorizationEmptyEnvironment,
kAuthorizationFlagDefaults,
authorizationRef);
}
...
authItems[0].name = kAUthorizationRightExecute;
authItems[0].value = pathToScript;
authItems[0].valueLength = sizeof(pathToScript);
authItems[0].flags = 0;
rights.count=1;
rights.items=authItems;
err = AuthorizationCopyRights(authorizationRef,&rights,
kAuthorizationEmptyEnvironment,
flags,&authorizedRights);
...
err = AuthorizationExecuteWithPrivileges(authorizationRef, pathToScript,
0, NULL, NULL);
...
------------------------------------------------------------------------
----
Any help would be appreciated,
~ Chris
-----Original Message-----
From: Sailesh [
mailto:email@hidden]
Sent: Monday, October 06, 2003 11:19 PM
To: Huyler, Christopher M
Cc: email@hidden
Subject: Re: simple root authentication for executing shell scripts
>
Take a look at:
>
http://developer.apple.com/documentation/Security/Reference/
>
authorization_ref/01authref_ref/function_group_4.html
>
>
When you say you were searching the archive what site did you use ?
The
>
search tool on apple's site sucks ass. A search for run as root on
>
http://cocoa.mamasam.com returns tons of relevant results.
>
>
good luck
>
Sailesh
_______________________________________________
cocoa-dev mailing list | email@hidden
Help/Unsubscribe/Archives:
http://www.lists.apple.com/mailman/listinfo/cocoa-dev
Do not post admin requests to the list. They will be ignored.