Re: setuid installer?
Re: setuid installer?
- Subject: Re: setuid installer?
- From: Karl Kuehn <email@hidden>
- Date: Fri, 3 Apr 2009 15:55:58 -0700
On Apr 3, 2009, at 3:42 PM, Rick Mann wrote:
We want to execute our updates in the background, but they require
authentication. I've tried creating a script with setuid set, but
the installer still complains that it needs to be authenticated. I
then wrote a tiny C program that execs my script, and prints the
effective user ID, but it still complains.
I don't know why the c program is not working, but in 10.5 Apple
restricted setuid to only being available to compiled programs (ie: no
scripts).
But if you are going to need root permissions to update things, then
don't you need it during the install? And if so, then if you put in a
postflight script it should run as root already (script or program),
solving your problem.
However, I am going to urge you to think this through, there are two
cases you should make sure that your installer (and by extension now
your updater) takes into consideration:
1) The installer could be run via something like Apple Remote Desktop
and be running either underneath a totally unaware user, or it could
be running behind the loginwindow. Both of these circumstances mean
that you should not have any GUI component that is not part of the
normal installer system (ie: installer bundles).
2) Your installer could be run on a filesystem other than the booted
one, even if you have set the "only on booted volume" flag. This is
used internally by Apple in packaging computers (for special runs),
and projects like InstaDMG also do this.
Both of these are used in large-scale deployments of computers.
--
Karl Kuehn
email@hidden
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Installer-dev mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden