Re: Opening a file for writing text in /private/var/log
Re: Opening a file for writing text in /private/var/log
- Subject: Re: Opening a file for writing text in /private/var/log
- From: Nick Zitzmann <email@hidden>
- Date: Mon, 14 Jun 2010 12:58:32 -0600
On Jun 13, 2010, at 9:24 AM, Pierre Fournier wrote:
> Hi,I want to log something in a file at /private/var/log, using NSFileHandle.With the app launched as root, everything runs ok using [NSFileHandle fileHandleForWritingToURL:url error:&err]. I get a valid handle and can write what I want to.
> With the app launched as non-root user, I create an Authorization using AuthorizationCreate(), with following flags:m_AuthFlags = kAuthorizationFlagDefaults | kAuthorizationFlagInteractionAllowed | kAuthorizationFlagExtendRights;
> and further use it using AuthorizationCopyRights(m_AuthRef, &m_AuthRights, NULL, m_AuthFlags, NULL)), which returns errAuthorizationSuccess.However, the call of [NSFileHandle fileHandleForWritingToURL:url error:&err] throws the Cocoa Error 13 (Permission Denied).It seems that although having set kAuthorizationFlagExtendRights, I am still not allowed to open and write this file located at /private/var/log.Am I doing something wrong here, to cause such permission denial?Thx.
AuthorizationCopyRights() does not elevate a task's privileges. If you need root privileges to do something, then you need to do it in a child task, because there is no way to elevate a running task's privileges, and GUI apps are not allowed to run with root privileges anymore. See the BetterAuthorizationSample sample code for details.
Nick Zitzmann
<http://www.chronosnet.com/>
_______________________________________________
Cocoa-dev mailing list (email@hidden)
Please do not post admin requests or moderator comments to the list.
Contact the moderators at cocoa-dev-admins(at)lists.apple.com
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden