• Open Menu Close Menu
  • Apple
  • Shopping Bag
  • Apple
  • Mac
  • iPad
  • iPhone
  • Watch
  • TV
  • Music
  • Support
  • Search apple.com
  • Shopping Bag

Lists

Open Menu Close Menu
  • Terms and Conditions
  • Lists hosted on this site
  • Email the Postmaster
  • Tips for posting to public mailing lists
Re: Another approach to root user?
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Another approach to root user?

  • Subject: Re: Another approach to root user?
  • From: Ethan Funk <email@hidden>
  • Date: Tue, 28 Mar 2006 10:28:31 -0700
This is my plist  for launchd:

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple Computer//DTD PLIST 1.0//EN" "http:// www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>Label</key>
<string>com.redmountainradio.arserver</string>
<key>ProgramArguments</key>
<array>
<string>/usr/local/arserver/arserver</string>
<string>-c</string>
<string>/etc/arserver/ars_startup.conf</string>
<string>-u</string>
<string>arserver</string>
<string>-n</string>
</array>
<key>RunAtLoad</key>
<true/>
<key>ServiceDescription</key>
<string>AudioRack Server Daemon</string>
</dict>
</plist>

NOTE: -n signifies that arserver should not daemonize, in keeping with launchd requirements. -u instructs arserver what user to drop privileges to for processes it forks off.

This works fine, except for midi. The problem is, I want to drop privileges down from root since arserver forks off external programs for automation. I don't want a root process to be able to fork off some other program... HUGE security problem. Even worse considering the ability of an outside user to cause the fork via the tcp control interface! I guess I'll settle for running arserver as root and having it drop privileges for the processes it forks... it is, in my opintion, a hack but it does work.

Ethan...

On Mar 28, 2006, at 10:11 AM, Shaun Wexler wrote:

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple Computer//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd";>
<plist version="1.0">
<dict>
<key>Label</key>
<string>com.redmountainradio.arserverd</string>
<key>OnDemand</key>
<false/>
<key>ProgramArguments</key>
<array>
<string>/path/to/arserverd</string>
</array>
</dict>
</plist>

Your daemon will be launched as root when the system is booted. You can also enable/disable the process from Terminal or sh (sudo ensures it runs in the global bootstrap with ppid=1, otherwise it runs as a child of a new launchd process in the console session):

sudo launchctl load /Library/LaunchDaemons/ com.redmountainradio.arserverd.plist
sudo launchctl unload /Library/LaunchDaemons/ com.redmountainradio.arserverd.plist

You can also make a handy post-flight script build phase to restart the daemon when built (albeit with an embedded admin pw):

if echo myAdminP@sSw0rD | sudo -S launchctl list | grep com.redmountainradio.arserverd; then
sudo launchctl stop com.redmountainradio.arserverd
fi

HTH~
--
Shaun Wexler
MacFOH
http://www.macfoh.com

"No problem is so formidable that you can't walk away from it." - Charles Schulz



_______________________________________________
Do not post admin requests to the list. They will be ignored.
Coreaudio-api mailing list      (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden






References: 


 >Another approach to root user? (From: Ethan Funk <email@hidden>)


 >Re: Another approach to root user? (From: Jeff Moore <email@hidden>)


 >Re: Another approach to root user? (From: Ethan Funk <email@hidden>)


 >Re: Another approach to root user? (From: Shaun Wexler <email@hidden>)






    

  • Prev by Date:
Re: Another approach to root user?

    • 

  • Next by Date:
Re: Setting kAudioDevicePropertyBufferFrameSize

    • 

  • Previous by thread:
Re: Another approach to root user?

    • 

  • Next by thread:
Re: Another approach to root user?

    • 

  • Index(es):

      

    • Date
      • 

    • Thread
      • 

    

    •