Re: Authorized Copy/Erase (NSFileManager)
Re: Authorized Copy/Erase (NSFileManager)
- Subject: Re: Authorized Copy/Erase (NSFileManager)
- From: "Michael Ash" <email@hidden>
- Date: Sun, 30 Nov 2008 00:10:45 -0500
On Sat, Nov 29, 2008 at 5:54 PM, Joe Turner <email@hidden> wrote:
> So, I'm creating a copy/erase tool for an app, and I need to be able to
> authorize the user so I can copy and delete files that need Admin
> permissions. I have looked thoroughly through the Security.framework, but
> could not find anything. I do not want to do a shell script, so I would
> rather not use the authorized execute command. Is there a way to do this?
Nope. You *must* use a subtool of some kind. It's a fundamental of the
UNIX security model that a process's privileges can only decrease, not
increase. If your process can't touch the file now, nothing it does
can suddenly allow it to. The only thing you can do is execute a
subtask with elevated privileges. It doesn't have to be a shell script
of course, but it has to be some separate process.
> And if there is, what is the best way to only have the user type their
> password once (using the Security framework), and never have to again the
> next time the app launches?
Check out Apple's BetterAuthorizationSample which, while being an
impressively horrible piece of code (entirely due to the constraints
it's working under, not to criticize the authors of this sample code
in any way), it shows exactly how to do this sort of thing and you can
pretty much plug it in to your own application.
Mike
_______________________________________________
Cocoa-dev mailing list (email@hidden)
Please do not post admin requests or moderator comments to the list.
Contact the moderators at cocoa-dev-admins(at)lists.apple.com
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden