• Open Menu Close Menu
  • Apple
  • Shopping Bag
  • Apple
  • Mac
  • iPad
  • iPhone
  • Watch
  • TV
  • Music
  • Support
  • Search apple.com
  • Shopping Bag

Lists

Open Menu Close Menu
  • Terms and Conditions
  • Lists hosted on this site
  • Email the Postmaster
  • Tips for posting to public mailing lists
AuthorizationRef expiration
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

AuthorizationRef expiration

  • Subject: AuthorizationRef expiration
  • From: Damien Sorresso <email@hidden>
  • Date: Fri, 31 Mar 2006 15:27:23 -0600
Apologies in advance to the members of Cocoa-dev, but CDSA seems to be kind of dead lately, so I figured I'd post this question here as well and see if anyone can help.

I'm writing an application which needs to do scripted installs. I'll be using Apple's command-line `installer' tool and calling it from a SetUID helper tool. The helper tool will receive an array of paths to packages that need to be installed. The idea is to have the user authenticate once, and then the needed packages can be installed in one shot.

Here is the basic flow of control.

The main GUI app will pre-authorize the user and pass the AuthorizationRef along with the paths to the packages that need installing to the helper tool, as is done in AuthForAll.

The helper tool will receive the AuthorizationRef and go through each package, calling `/usr/sbin/installer' to install each one. Now here's my question, before I get too deep into this. The amount of time it takes for each package to install is not predictable, nor is the total time it will take for all the packages. The default right expiry for an unknown right is 5 minutes.

So, my theory is as follows, if I understand this correctly.

The helper tool is launched with root privileges, so any child processes it creates will have those privileges as well. So I should be able to just do an exec(...) call for `installer' and supply the relevant arguments to install with root privileges. As long as the helper tool is running, it should retain its privileges until close, right? I'm worried that privileges would expire when starting a new install.

If I cannot do an exec(...), then I'd have to do an AuthorizationExecuteWithPrivileges(...), which means that I'd be continually passing an AuthorizationRef around, and that if it was expired when the helper tool attempts to initiate another install, the privileges won't be there.

So is my understanding here correct?

Thanks in advance.
--

Damien Sorresso
Macintosh Developer
Computer Infrastructure Support Services
Illinois State University
email@hidden
309.438.5777


Attachment: smime.p7s
Description: S/MIME cryptographic signature

 _______________________________________________
Do not post admin requests to the list. They will be ignored.
Cocoa-dev mailing list      (email@hidden)
Help/Unsubscribe/Update your Subscription:

This email sent to email@hidden
  • Follow-Ups:
    • Re: AuthorizationRef expiration
      • From: "Finlay Dobbie" <email@hidden>
  • Prev by Date: Error with application - -[NSManagedObject copyWithZone:]: selector not recognized
  • Next by Date: Re: Displaying progress of lengthy operation: complication with bindings and threads
  • Previous by thread: Re: Error with application - -[NSManagedObject copyWithZone:]: selector not recognized
  • Next by thread: Re: AuthorizationRef expiration
  • Index(es):
    • Date
    • Thread