• Open Menu Close Menu
  • Apple
  • Shopping Bag
  • Apple
  • Mac
  • iPad
  • iPhone
  • Watch
  • TV
  • Music
  • Support
  • Search apple.com
  • Shopping Bag

Lists

Open Menu Close Menu
  • Terms and Conditions
  • Lists hosted on this site
  • Email the Postmaster
  • Tips for posting to public mailing lists
Re: Using the security framework
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Using the security framework

  • Subject: Re: Using the security framework
  • From: Joe Turner <email@hidden>
  • Date: Mon, 19 Jan 2009 20:56:30 -0600
On Jan 6, 2009, at 10:45 AM, Nick Zitzmann wrote:


On Jan 3, 2009, at 6:50 PM, Joe Turner wrote:

I am making a hard drive cloner/backuper, and to do some deleting and copying, I need to use the security framework. What I need to be able to do is have the user type in their password one time, and then it would give me system.privilege.admin rights until a time that they want to unauthorized it (could be days, weeks, months, years). I have looked through the security framework, but have not really found how to have one system.privilege.admin authorization, and have it last a long time. So, if anyone could point me in the right direction with this, like what methods to use, and what parameters to use.

If you pre-authorize an admin authorization, then it will last for 300 seconds and then must be renewed. This is not something you can programmatically change; it's set in the computer's /etc/ authorization file.

That makes sense, but then how does an app like SuperDuper! do it. You click the lock, enter your password, and then you don't need to enter your password again until you lock it again. And, it is the regular security framework password window, so the developer must be doing some sort of authorization that lasts forever. And I checked, it does authorize system.privilege.admin.


I'm also wondering another thing. To delete the files, I need admin privileges, but, do I need to create a new target (e.g. a shell script) to do the copying and then run the command (blanking on the name) that runs the script at a given path with admin privileges. Or, could I somehow use NSFileManager in an authorized state.


You have to have something else do the work, since the security model of Mac OS X (and all Unix-like OSes) do not allow the escalation of privileges in an existing task.
Makes sense. So, if I create a separate target for the unix script, do I need to add something to it that takes the authorization? Or will anything it does that uses admin files be allowed?

Thanks a lot!

Joe 


Nick Zitzmann
<http://www.chronosnet.com/>




_______________________________________________

Cocoa-dev mailing list (email@hidden)

Please do not post admin requests or moderator comments to the list.
Contact the moderators at cocoa-dev-admins(at)lists.apple.com

Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden




  • Follow-Ups:

      

    • Re: Using the security framework

      • From: Nick Zitzmann <email@hidden>
      • 

    • Re: Using the security framework

      • From: Rob Keniger <email@hidden>
      • 





References: 


 >Using the security framework (From: Joe Turner <email@hidden>)


 >Re: Using the security framework (From: Nick Zitzmann <email@hidden>)






    

  • Prev by Date:
Re: CoreData entity mutability

    • 

  • Next by Date:
Re: Using the security framework

    • 

  • Previous by thread:
Re: Using the security framework

    • 

  • Next by thread:
Re: Using the security framework

    • 

  • Index(es):

      

    • Date
      • 

    • Thread
      • 

    

    •