Re: Communicating to a process started by root from non-root app
Re: Communicating to a process started by root from non-root app
- Subject: Re: Communicating to a process started by root from non-root app
- From: Ken Thomases <email@hidden>
- Date: Wed, 5 Jan 2011 07:09:03 -0600
On Jan 3, 2011, at 1:22 PM, eveningnick eveningnick wrote:
>> Unless I'm forgetting something basic, you should be able to connect to your daemon's socket from a non-root process if you first change the permissions on the socket (using chmod, as if it were a file). The man page for the unix-domain protocol family alludes to this briefly:
>>
>>> All addresses are absolute- or relative-pathnames of other UNIX-domain sockets. Normal >filesystem access-control mechanisms are also applied when referencing pathnames; e.g., the >destination of a connect(2) or sendto(2) must be writable.
>
> I dont want everyone to be able to write to that socket, the point is
> to let only System Preferences (for example, by displaying
> "Autorization dialog box" - like "User Accounts" preference pane, for
> example.
> I am wondering if that is possible to achieve using Authorization Server and how
You can use the "authopen" command to open the socket and pass the descriptor back to you. It will prompt for admin authentication for you, if necessary.
However, I suspect that making your daemon an on-demand launchd daemon will give you better tools. Be sure to read this, if you haven't:
http://developer.apple.com/library/mac/#technotes/tn2005/tn2083.html
Regards,
Ken
_______________________________________________
Cocoa-dev mailing list (email@hidden)
Please do not post admin requests or moderator comments to the list.
Contact the moderators at cocoa-dev-admins(at)lists.apple.com
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden