Re: Security - Write to protected directory
Re: Security - Write to protected directory
- Subject: Re: Security - Write to protected directory
- From: Jason Coco <email@hidden>
- Date: Thu, 2 Oct 2008 23:20:50 -0400
On Oct 2, 2008, at 21:20 , Bill Bumgarner wrote:
On Oct 2, 2008, at 12:30 PM, Kelly Graus wrote:
Is the only way to allow a user to write to a protected location
use the AuthorizationExecuteWithPrivileges function?
If so, is there a way to tell when the application has quit, and
get the exit code?
If not, how would I go about getting sufficient privileges to write
to protected locations?
Does using a setuid tool mess up the ability for a user to delete
an application, assuming the setuid tool is imbedded in an
application's bundle?
Thanks for any help!
See Nick's response... it was helpful.
However -- I have a question:
What are you trying to do and what do you hope to gain by protecting
the data in this fashion?
Specifically, going down this path means that any non-admin user
will not be able to use whatever functionality in your application
requires authorization.... is that intended?
If you do need administrators to write to privileged areas sometimes,
you should look at the /sbin/libexec/authopen tool which is designed
for that.
However, I believe the default for both those directories is admin +w
anyway.
J
Attachment:
smime.p7s
Description: S/MIME cryptographic signature
_______________________________________________
Cocoa-dev mailing list (email@hidden)
Please do not post admin requests or moderator comments to the list.
Contact the moderators at cocoa-dev-admins(at)lists.apple.com
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden