Re: Communicating to a process started by root from non-root app
Re: Communicating to a process started by root from non-root app
- Subject: Re: Communicating to a process started by root from non-root app
- From: "Stephen J. Butler" <email@hidden>
- Date: Mon, 3 Jan 2011 13:29:40 -0600
On Mon, Jan 3, 2011 at 1:22 PM, eveningnick eveningnick
<email@hidden> wrote:
> I dont want everyone to be able to write to that socket, the point is
> to let only System Preferences (for example, by displaying
> "Autorization dialog box" - like "User Accounts" preference pane, for
> example.
> I am wondering if that is possible to achieve using Authorization Server and how
It's Authorization Services, and yes. The basic process is:
- Make your socket world writeable.
Client:
- Obtain and authorization ref with the proper rights
- Externalize it
- Write it to the socket with every data transmission
Server:
- Read a transmission from the socket
- Unpack the externalized authorization ref
- Validate that it contains the proper rights
- Perform the requested action
The BetterAuthorizationSample has some good code for how to do this.
In fact, if you could move away from a persistent root daemon to an on
demand helper too, BAS is the way to go. Even if you still need a
persistent root daemon you might want to have a helper tool for your
pref pane that writes out the settings and then sends SIGHUP to your
daemon.
_______________________________________________
Cocoa-dev mailing list (email@hidden)
Please do not post admin requests or moderator comments to the list.
Contact the moderators at cocoa-dev-admins(at)lists.apple.com
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden