• Open Menu Close Menu
  • Apple
  • Shopping Bag
  • Apple
  • Mac
  • iPad
  • iPhone
  • Watch
  • TV
  • Music
  • Support
  • Search apple.com
  • Shopping Bag

Lists

Open Menu Close Menu
  • Terms and Conditions
  • Lists hosted on this site
  • Email the Postmaster
  • Tips for posting to public mailing lists
Re: Run daemon from installer as root
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Run daemon from installer as root

  • Subject: Re: Run daemon from installer as root
  • From: Terry Lambert <email@hidden>
  • Date: Thu, 9 Apr 2009 05:49:25 -0700
On Apr 5, 2009, at 8:27 AM, Duane Murphy wrote:
--- At Sun, 5 Apr 2009 20:03:42 +0530, Rakesh Singhal wrote: 
Hi all,

I have created an installer for my daemon application. I want my daemon
to run as root after installation. Before installation I used to run
daemon using "sudo launchctl load /Library/LaunchDaemons/
com.mycompany.mydaemon.plist". In installer I tried using run command or
run script but it works only in 10.4.11 ppc but not with 10.5.4 intel. I
want to set some file permissions/ownerships also but it doesnt work.
Installer can be run only from admin users. Is there anyway to run
daemon as root using command or script? 

This is not a limitation of the installer. This is a limitation of the
sh (and perl). Well, not really a limitation, it's a security feature.
Some script interpreters will refuse to run a script as root as a
security precaution. I don't recall the exact details about when this
choice is made or how to overcome it.

My choice for overcoming the problem was to choose a different
interpreter (python). I suppose it's just a matter of time before that
door is closed also.

I'd like to know what the alternatives are so that scripts within an
installer can be run with Administrator/root privileges.



You can turn it on if you, as root, do:

	sudo sysctl -w kern.sugid_scripts=1

...every time you reboot.

It's disabled by default. You could also device to use a sugid interpreter. Either one of these options is going to require that you obtain root privilege in order for you to be able to obtain root privilege.

We disabled this for very real security reasons. You can go way, way out of your way to shoot your foot off on your own, if you insist, but things like sugid shell scripts are notoriously easy to subvert in order to attack a system, and we aren't going to support them by default.

-- Terry
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Darwin-dev mailing list      (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden






References: 


 >Run daemon from installer as root (From: Rakesh Singhal <email@hidden>)


 >Re: Run daemon from installer as root (From: "Duane Murphy" <email@hidden>)






    

  • Prev by Date:
Re: Are kqueue events "round robin"?

    • 

  • Next by Date:
darwin equivalent of gflags.exe?

    • 

  • Previous by thread:
Re: Run daemon from installer as root

    • 

  • Next by thread:
Re: Run daemon from installer as root

    • 

  • Index(es):

      

    • Date
      • 

    • Thread
      • 

    

    •