I have a couple of privileged operations I need to perform during installation, and I created a small executable to do it that runs as setuid root. That all seems to be working fine, however I want the tool to be self-repairing, so that if the permissions aren't correct the user will be prompted for an admin password and the permissions will be fixed. I am using AuthorizationExecuteWithPrivileges to run chown and chmod on the executable file. It runs without any errors, but there is no apparent effect (i.e. permissions all remain the same). Is this not the right way to go about doing this? Does anyone have suggestions of a better way, or what I may be doing wrong? I've been scratching my head over this for a while now...
Here's a code snippet:
OSStatus MyApp::FixPermissions( const char* filename ) { OSStatus myStatus = noErr; AuthorizationFlags myFlags = kAuthorizationFlagDefaults; AuthorizationRef myAuthorizationRef;
myStatus = AuthorizationCreate(NULL, kAuthorizationEmptyEnvironment, myFlags, &myAuthorizationRef); if (myStatus != errAuthorizationSuccess) return myStatus;
do { { AuthorizationItem myItems = { kAuthorizationRightExecute, 0, NULL, 0 }; AuthorizationRights myRights = { 1, &myItems }; myFlags = kAuthorizationFlagDefaults | kAuthorizationFlagInteractionAllowed | kAuthorizationFlagPreAuthorize | kAuthorizationFlagExtendRights; myStatus = AuthorizationCopyRights( myAuthorizationRef, &myRights, NULL, myFlags, NULL ); } if (myStatus != errAuthorizationSuccess) break; { char *myToolPath = "/usr/sbin/chown"; char fn[strlen(filename)+1]; strcpy(fn, filename); char *myArguments[] = { "root:admin", fn };
myStatus = AuthorizationExecuteWithPrivileges( myAuthorizationRef, myToolPath, kAuthorizationFlagDefaults, myArguments, NULL ); if (myStatus == errAuthorizationSuccess) { myToolPath = "/bin/chmod"; myArguments[0] = "a+s"; myStatus = AuthorizationExecuteWithPrivileges( myAuthorizationRef, myToolPath, kAuthorizationFlagDefaults, myArguments, NULL ); } } } while (0);
AuthorizationFree( myAuthorizationRef, kAuthorizationFlagDefaults ); return myStatus; }
Any help would be greatly appreciated!
TIA, Chad |