Security - Write to protected directory
Security - Write to protected directory
- Subject: Security - Write to protected directory
- From: Kelly Graus <email@hidden>
- Date: Thu, 2 Oct 2008 13:30:17 -0600
Hello,
I have an application that needs to be able to write to a protected
directory (either Library/Application Support/ or Applications/
depending on the case). I've separated out all writing operations to
a separate application, which currently is run using NSTask.
I've read the "Performing Privileged Operations With Authorization
Services" documentation, which seems to mostly be about allowing an
application to define custom privileged operations. The closest thing
to my case is when it talks about Installers and says to use the
AuthorizationExecuteWithPrivileges function. However, I've read in
several places that this function is "mostly" decremented (whatever
that means) and probably shouldn't be used. Also, I need the ability
to wait for the separate application to finish, which is provided by
NSTask but doesn't seem to be available with
AuthorizationExecuteWithPrivileges.
I've also read about using a setuid tool, which would allow me to run
any application as root, but I've also read that it causes problems
with drag-and-drop uninstalls, since the setuid tool would be owned by
root.
So my questions are:
Is the only way to allow a user to write to a protected location use
the AuthorizationExecuteWithPrivileges function?
If so, is there a way to tell when the application has quit, and get
the exit code?
If not, how would I go about getting sufficient privileges to write to
protected locations?
Does using a setuid tool mess up the ability for a user to delete an
application, assuming the setuid tool is imbedded in an application's
bundle?
Thanks for any help!
Kelly
_______________________________________________
Cocoa-dev mailing list (email@hidden)
Please do not post admin requests or moderator comments to the list.
Contact the moderators at cocoa-dev-admins(at)lists.apple.com
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden