site_archiver@lists.apple.com Delivered-To: darwin-dev@lists.apple.com Hi all, This is not a limitation of the installer. This is a limitation of the sh (and perl). Well, not really a limitation, it's a security feature. Some script interpreters will refuse to run a script as root as a security precaution. I don't recall the exact details about when this choice is made or how to overcome it. My choice for overcoming the problem was to choose a different interpreter (python). I suppose it's just a matter of time before that door is closed also. I'd like to know what the alternatives are so that scripts within an installer can be run with Administrator/root privileges. You can turn it on if you, as root, do: sudo sysctl -w kern.sugid_scripts=1 ...every time you reboot. -- Terry _______________________________________________ Do not post admin requests to the list. They will be ignored. Darwin-dev mailing list (Darwin-dev@lists.apple.com) Help/Unsubscribe/Update your Subscription: http://lists.apple.com/mailman/options/darwin-dev/site_archiver%40lists.appl... On Apr 5, 2009, at 8:27 AM, Duane Murphy wrote: --- At Sun, 5 Apr 2009 20:03:42 +0530, Rakesh Singhal wrote: I have created an installer for my daemon application. I want my daemon to run as root after installation. Before installation I used to run daemon using "sudo launchctl load /Library/LaunchDaemons/ com.mycompany.mydaemon.plist". In installer I tried using run command or run script but it works only in 10.4.11 ppc but not with 10.5.4 intel. I want to set some file permissions/ownerships also but it doesnt work. Installer can be run only from admin users. Is there anyway to run daemon as root using command or script? It's disabled by default. You could also device to use a sugid interpreter. Either one of these options is going to require that you obtain root privilege in order for you to be able to obtain root privilege. We disabled this for very real security reasons. You can go way, way out of your way to shoot your foot off on your own, if you insist, but things like sugid shell scripts are notoriously easy to subvert in order to attack a system, and we aren't going to support them by default. This email sent to site_archiver@lists.apple.com