Re: AuthorizationExecWithPrivileges and /bin/cp
Re: AuthorizationExecWithPrivileges and /bin/cp
- Subject: Re: AuthorizationExecWithPrivileges and /bin/cp
- From: Darkshadow <email@hidden>
- Date: Mon, 7 Nov 2005 17:24:01 -0500
On Nov 7, 2005, at 3:55 PM, Cryptic Caveman wrote:
I'm creating an application that needs to write to a
few files owned by root, and I need a bit of security
advice. Basically, I want to run a tool (/bin/cp)
with root priviledges. In Apple's AuthSample, they
state that that I have two options:
"1) Use AuthorizationExecWithPrivileges to execute
your tool
2) Make your tool setuid root"
[snip]
So, is there a reason I shouldn't use
AuthorizationExecWithPrivileges with a tool that is
already owned by root? Any advice is appreciated.
If you only make a call to AEWP, your users will have to authorize
every time that they need to use that functionality in your app. If
you use a setuid root tool, they'll only need to authorize once (when
the tool self-repairs itself), and afterwards it doesn't require
authorization.
So it depends on if you want your users to enter their admin password
every time they need to do a privileged task or not.
Oh, and if you decide to use a setuid tool, save it in the user's
Application Support folder. Things like this should really go there
in the first place, and if you do that then the user can move the
application around wherever they want without problems.
Darkshadow
(aka Michael Nickerson)
Attachment:
smime.p7s
Description: S/MIME cryptographic signature
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Cocoa-dev mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden