• Open Menu Close Menu
  • Apple
  • Shopping Bag
  • Apple
  • Mac
  • iPad
  • iPhone
  • Watch
  • TV
  • Music
  • Support
  • Search apple.com
  • Shopping Bag

Lists

Open Menu Close Menu
  • Terms and Conditions
  • Lists hosted on this site
  • Email the Postmaster
  • Tips for posting to public mailing lists
Re: Opening a file for writing text in /private/var/log
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Opening a file for writing text in /private/var/log

  • Subject: Re: Opening a file for writing text in /private/var/log
  • From: Ken Thomases <email@hidden>
  • Date: Mon, 14 Jun 2010 14:22:26 -0500
On Jun 13, 2010, at 10:24 AM, Pierre Fournier wrote:

> Hi,I want to log something in a file at /private/var/log, using NSFileHandle.

Do you really want to do that?  Have you considered ~/Library/Logs?  Or using the Apple System Log facility <http://developer.apple.com/mac/library/documentation/Darwin/Reference/ManPages/man3/asl.3.html> and <http://boredzo.org/blog/archives/2008-01-19/next-week-apple-system-logger>?

> With the app launched as root, everything runs ok using [NSFileHandle fileHandleForWritingToURL:url error:&err]. I get a valid handle and can write what I want to.
> With the app launched as non-root user, I create an Authorization using AuthorizationCreate(), with following flags:m_AuthFlags = kAuthorizationFlagDefaults | kAuthorizationFlagInteractionAllowed | kAuthorizationFlagExtendRights;
> and further use it using AuthorizationCopyRights(m_AuthRef, &m_AuthRights, NULL, m_AuthFlags, NULL)), which returns errAuthorizationSuccess.However, the call of [NSFileHandle fileHandleForWritingToURL:url error:&err] throws the Cocoa Error 13 (Permission Denied).It seems that although having set kAuthorizationFlagExtendRights, I am still not allowed to open and write this file located at /private/var/log.Am I doing something wrong here, to cause such permission denial?Thx.

You are misunderstanding how permissions and authorization works.

The Unix permissions model is that no process can ever acquire privileges that it didn't start life with.  It can only reduce its privileges.

Authorization Services is a means to start a new process that starts life with higher privileges.  (Well, actually, it's for a much broader purpose than that, but that's one use to which it can be put.)

You want to examine BetterAuthorizationSample <http://developer.apple.com/mac/library/samplecode/BetterAuthorizationSample/>.

Actually, you probably just want to look up the authopen command <http://developer.apple.com/mac/library/documentation/Darwin/Reference/ManPages/man1/authopen.1.html> which is pretty much ideally suited to your needs.

Cheers,
Ken

_______________________________________________

Cocoa-dev mailing list (email@hidden)

Please do not post admin requests or moderator comments to the list.
Contact the moderators at cocoa-dev-admins(at)lists.apple.com

Help/Unsubscribe/Update your Subscription:

This email sent to email@hidden
References: 
 >Opening a file for writing text in /private/var/log (From: Pierre Fournier <email@hidden>)

  • Prev by Date: Re: How to Create Auto-resize TableView or NSTextField?
  • Next by Date: Re: CocoaEcho
  • Previous by thread: Re: Opening a file for writing text in /private/var/log
  • Next by thread: CocoaEcho
  • Index(es):
    • Date
    • Thread