• Open Menu Close Menu
  • Apple
  • Shopping Bag
  • Apple
  • Mac
  • iPad
  • iPhone
  • Watch
  • TV
  • Music
  • Support
  • Search apple.com
  • Shopping Bag

Lists

Open Menu Close Menu
  • Terms and Conditions
  • Lists hosted on this site
  • Email the Postmaster
  • Tips for posting to public mailing lists
Simple authorization question
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Simple authorization question

  • Subject: Simple authorization question
  • From: Martin Hairer <email@hidden>
  • Date: Wed, 4 Jul 2007 13:54:42 +0100
Hi, I have a simple helper app that allows my main application to self-update. The helper app simply copies the updated application into the "Applications" folder. All works fine, as long as the user has admin privileges...

I tried to get the helper application to gain admin privileges by adding the line

[[SFAuthorization authorization] permitWithRight:kAuthorizationRightExecute
flags:(kAuthorizationFlagInteractionAllowed | kAuthorizationFlagExtendRights)];

into the -(void)awakeFromNib method. This shows the authorization dialog as expected, but even if a correct password is entered, the subsequent call to [[NSFileManager defaultManager] copyPath: ...] fails if the user is not an admin. What am I doing wrong? Intuitively, I expected to have to have to call permitWithRights:flags:environment:authorizedRights and to have to somehow pass the "authorizedRights" variable to the function that copies the files. However, Apple's documentation states:

Executing the Privileged Operation

You should use the result of the authorization to determine whether the user is allowed to perform the privileged operation. There are no Authorization Services functions required for actually executing the privileged operation.


which is rather confusing to me.

I looked into using AuthorizationExecuteWithPrivileges, but this somehow seems overkill. I don't need root privileges and I don't want to create a useless security hole... Thank you very much for any insight (or pointers to the correct mailing list; I am not sure that this one is appropriate). Best wishes,


Martin

HairerSoft
http://www.hairersoft.com/


_______________________________________________

Cocoa-dev mailing list (email@hidden)

Please do not post admin requests or moderator comments to the list.
Contact the moderators at cocoa-dev-admins(at)lists.apple.com

Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden




  • Follow-Ups:

      

    • Re: Simple authorization question

      • From: PGM <email@hidden>
      • 

    • Re: Simple authorization question

      • From: James Bucanek <email@hidden>
      • 



    

  • Prev by Date:
Re: Git (and a rant on subversion)

    • 

  • Next by Date:
NSPopUpButton when to addItemsWithTitles

    • 

  • Previous by thread:
When is -validateForUpdate: invoked?

    • 

  • Next by thread:
Re: Simple authorization question

    • 

  • Index(es):

      

    • Date
      • 

    • Thread
      • 

    

    •