• Open Menu Close Menu
  • Apple
  • Shopping Bag
  • Apple
  • Mac
  • iPad
  • iPhone
  • Watch
  • TV
  • Music
  • Support
  • Search apple.com
  • Shopping Bag

Lists

Open Menu Close Menu
  • Terms and Conditions
  • Lists hosted on this site
  • Email the Postmaster
  • Tips for posting to public mailing lists
Re: Run daemon from installer as root
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Run daemon from installer as root

  • Subject: Re: Run daemon from installer as root
  • From: Rakesh Singhal <email@hidden>
  • Date: Mon, 13 Apr 2009 14:37:40 +0530
Hi Terry,
 
Thanks. I dont want to change any setting of system. I want to do it only for my daemon to run as root, that also I want to run only when I run installer. When system reboot, it will automatically run as root. 
 
Hi Duane,
 
I tried with python script as following:
 
import os
os.system("launchctl load /Library/LaunchDaemons/com.mycompany.mydaemon.plist")
 
Installer asks for authetication in starting still it runs the daemon as admin (current user which has admin rights). If I use sudo anywhere then it is not able to run that command. I dont understand, that how does it work on 10.4.11 ppc?
 
Regards
rksinghal 
 


On Apr 5, 2009, at 8:27 AM, Duane Murphy wrote:
> --- At Sun, 5 Apr 2009 20:03:42 +0530, Rakesh Singhal wrote:
>> Hi all,
>>
>> I have created an installer for my daemon application. I want my
>> daemon
>> to run as root after installation. Before installation I used to run
>> daemon using "sudo launchctl load /Library/LaunchDaemons/
>> com.mycompany.mydaemon.plist". In installer I tried using run
>> command or
>> run script but it works only in 10.4.11 ppc but not with 10.5.4
>> intel. I
>> want to set some file permissions/ownerships also but it doesnt work.
>> Installer can be run only from admin users. Is there anyway to run
>> daemon as root using command or script?
>
> This is not a limitation of the installer. This is a limitation of the
> sh (and perl). Well, not really a limitation, it's a security feature.
> Some script interpreters will refuse to run a script as root as a
> security precaution. I don't recall the exact details about when this
> choice is made or how to overcome it.
>
> My choice for overcoming the problem was to choose a different
> interpreter (python). I suppose it's just a matter of time before that
> door is closed also.
>
> I'd like to know what the alternatives are so that scripts within an
> installer can be run with Administrator/root privileges.


You can turn it on if you, as root, do:

       sudo sysctl -w kern.sugid_scripts=1

...every time you reboot.

It's disabled by default.  You could also device to use a sugid
interpreter.  Either one of these options is going to require that you
obtain root privilege in order for you to be able to obtain root
privilege.

We disabled this for very real security reasons.  You can go way, way
out of your way to shoot your foot off on your own, if you insist, but
things like sugid shell scripts are notoriously easy to subvert in
order to attack a system, and we aren't going to support them by
default.

-- Terry


 _______________________________________________
Do not post admin requests to the list. They will be ignored.
Darwin-dev mailing list      (email@hidden)
Help/Unsubscribe/Update your Subscription:

This email sent to email@hidden
  • Prev by Date: Re: kext symbol exports?
  • Next by Date: Force a crash on SIGABRT?
  • Previous by thread: Re: Run daemon from installer as root
  • Next by thread: Double Fault Causes?
  • Index(es):
    • Date
    • Thread