Re: How Do I Run a Java App with Superuser Privileges?
Re: How Do I Run a Java App with Superuser Privileges?
- Subject: Re: How Do I Run a Java App with Superuser Privileges?
- From: "William C. McCain" <email@hidden>
- Date: Mon, 13 Dec 2004 22:56:55 -0800
All this is very interesting, guys, but a bit academic. After all, as I
pointed out in my original question, Apple provides "sudo", which does
essentially the same thing, cleanly -- and *IS* supported. In fact, not
only does "sudo" work in shell scripts, it works (indirectly) in
AppleScripts. It actually works BETTER in AppleScripts than directly in
a shell, because it skips the password prompt if you are already logged
in as a user with admin privileges.
But what I'm really looking for is a simple "property list"-oriented way
of doing this. I have a strong suspicion something like that exists --
not a Java property, something external to Java. In the "CF" series of
keys, perhaps ...
Yes, I have considered changing the port from well-known 80 to the
private or reserved range. But I'm reluctant to do so, for the
following reasons (none of which are really persuasive, I admit):
1. Apple lets users run Apache on their Macs, though few non-geek
end-users do so. So why not my app, too?
2. My app has been available for some time on the dominant monopolist's
OS, and it runs fine there without any privileges (even on XP SP2).
3. If I change the port number, I'll have to make it configurable, which
is a real PITA (not that I'm lazy, mind you). Of course, if one of my
users ever DOES want to run both Apache and my app on the same machine,
at least ONE of us will have to be re-configured ...
4. It's actually rather convenient for my built-in Web server to be
"standard", as it has other uses besides the master/remote interface.
For instance, users (and I) can check my product's "log files" from
their Web browsers on the remote machines. (Yes, I know you can specify
a non-standard port in a URL, but I said this was a "convenience" issue.)
As for letting the Java VM run in su mode the whole time my app is
running (and it's a LONG running app, controls the playing of music on
external CD changers and could runs for days or weeks) -- THAT doesn't
worry me. The Java VM is about the LAST program in the world that I
would consider to be a "security risk". And it's only MY instance of
the Java VM that is privileged, not anybody else's.
Bill
Justin Walker wrote:
On Dec 13, 2004, at 22:08, Justin Walker wrote:
On Dec 13, 2004, at 21:45, James Berry wrote:
On Dec 13, 2004, at 9:24 PM, Justin Walker wrote:
On Dec 13, 2004, at 21:11, James Berry wrote:
[snip]
Most systems will not permit shell scripts to execute 'setuid'.
Works for me... (TM). (Note the euid...)
Well, well, well, ....
It'll take me a while to figure this one out. Seems that bash and sh
have somewhat different behaviors:
[snip]
Whilst I mull this over, I have reported it as bug #3919279. Seems like
a problem to me, but perhaps there's an explanation...
Regards,
Justin
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Darwin-dev mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden