Re: How Do I Run a Java App with Superuser Privileges?
Re: How Do I Run a Java App with Superuser Privileges?
- Subject: Re: How Do I Run a Java App with Superuser Privileges?
- From: James Berry <email@hidden>
- Date: Mon, 13 Dec 2004 21:11:04 -0800
On Dec 13, 2004, at 8:55 PM, William C. McCain wrote:
Is there a property in Info.plist that I can set to give my Java
application, packaged as a .app bundle, the superuser privilege? Or
some other simple way to run a Java app with superuser privileges?
Java won't do this for you automatically. Ultimately you've got to get
it running at superuser privilege. Common techniques include using a
script to run it with su privileges by setting the ownership to root,
and setting the suid bit.
But you really don't want to run the java vm as superuser (for long) if
you can help it. One reasonable technique is to be superuser just long
enough to acquire the port, then drop su privileges.
There is a tool and set of classes called Jakarta commons-daemon that
were written to help you do this with java. The jsvc tool that
commons-daemon supplies will invoke your java code initially as root to
initialized itself (and get the privileged port), then drop privileges
while the rest of the code runs.
The best way to get commons-daemon for Mac OS X is through darwinports,
as that port fixes several bugs in the code, and gets it to build on OS
X. Tomcat5 as built for darwinports, uses commons-daemon to run so that
it can acquire its ports this way. You might look at this as an
example.
Ultimately a better question, however, might be whether you can use
non-privileged ports for your communication. It doesn't sound like
there's anything in particular about your setup that would require you
to choose a well-known privileged port, and if you pick a
non-privileged port you won't need to gain superuser privs in the first
place.
-jdb
My application exposes a small, low-function, secure HTTP server (this
is not the main function of my application, but it is needed to
support a master/remote interface between machines on a local area
network in a user's home). This requires superuser privileges.
It works fine in a shell when I prefix my application with "sudo". But
I can't ask users to do that! I have also been able to get it to work
from an AppleScript (something like 'do shell script "sudo open
MyApp"'). That will be what I will have to ship, unless there is a
better, more "transparent" solution.
Any ideas?
Bill
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Darwin-dev mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Darwin-dev mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden