Re: Run an application as another user not root
Re: Run an application as another user not root
- Subject: Re: Run an application as another user not root
- From: "Bryan S. Lee" <email@hidden>
- Date: Wed, 18 Jun 2008 00:10:16 -0400
- Thread-topic: Run an application as another user not root
Title: Re: Run an application as another user not root
Sort of found an odd method around the problem, but not totally within PackageMaker.
Since this was an applescript that was installed/run by PackageMaker, we changed it to run without Admin authentication, which allows it to run as the user instead of root. However, there were several steps in the script that actually needed to do tasks as root (touch a file in /var, add a certificate to the keychain, .etc). Also realizing that we were obtaining the account name (theUser) and password (MyMacPass) from the user as part of the script needing to get through authentication dialogs, we just changed up the stuff that had to run as sudo with the following applescript:
do shell script "sudo touch /private/var/db/.AccessibilityAPIEnabled" user name theUser password myMacPass with administrator privileges
Which allowed the main script to run as the user (so that we hit the right login.keychain) and the special steps to run as sudo.
Worked great in testing and went live today,
then promptly crashed and burned....
Back to the drawing board.
--
Bryan S. Lee
Information Resource Consultant II
Computer Support Services
Clemson Computing and Information Technology
Clemson University
email@hidden
ACHDS 10.4, MCP NTS/NTW
From: Michael Kiaer <email@hidden>
Date: Sat, 14 Jun 2008 05:33:21 -0400
To: <email@hidden>
Subject: Re: Run an application as another user not root
Someone else might have a fancier solution to this but here are a few thoughts:
I would have tried something like 'su $USER...', too, but I see the reason if fails is that as far as the script $USER *is* root.
If you can find another way to get the user name you want into a variable MYUSER, then 'su $MYUSER...' should work.
Is the package always being run from the desktop of the user? Then you could use the path to the package to get the user name (I think $1 is the path to the package).
A whole other question is why is it necessary to run the the package as root? Could you simply turn off that requirement and let it execute as the user?
On Jun 4, 2008, at 3:04 PM, email@hidden wrote:
Message: 1
Date: Tue, 03 Jun 2008 16:29:38 -0400
From: "Bryan S. Lee" <email@hidden>
Subject: Run an application as another user not root
To: "email@hidden" <email@hidden>
Message-ID: <C46B21F2.1249A%email@hidden">C46B21F2.1249A%email@hidden>
Content-Type: text/plain; charset="US-ASCII"
I'm wrestling with having an Applescript App engage by a postscript in
PackageMaker 3. It will run fine except that it is running as root (due to
being started by the installer script) and there are certain steps in the
process that deal with Keychains and System Preferences (attempting to
automatically setup multiple wireless connections) that require it be run as
the current user.
I've tried a couple of things and either can't get it to work correctly or
only partially work (which is more confusing).
I've tried running my script as all of the following:
open /tmp/fakename/fakename/setupwireless.app (runs as root as far as I can
tell and won't show the login.keychain in Keychain access)
su ${USER} -c /tmp/fakename/fakename/setupwireless.app (again, runs as root)
osascript -e "do shell script \"open
/tmp/fakename/fakename/setupwireless.app\" administrator privileges true"
(works for showing the correct login.keychain in Keychain access, but won't
actually put the password keychain item for the wireless setup, created by
sys prefs into the correct keychain for the local user)
su ${USER} -c osascript -e "do shell script \"open
/tmp/clemson/cuwireless/setup_cu_wireless.app\" administrator privileges
true" (get an interesting error about not being able to get to the keychain
and wants to reset to defaults)
Any ideas or other methods to try and run this particular app as the user
rather than root would be appreciated.
--
Bryan S. Lee
Information Resource Consultant II
Computer Support Services
Clemson Computing and Information Technology
Clemson University
864-656-3716
email@hidden
ACHDS 10.4, MCP NTS/NTW
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Installer-dev mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Installer-dev mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden