site_archiver@lists.apple.com Delivered-To: darwin-dev@lists.apple.com On Dec 13, 2004, at 8:55 PM, William C. McCain wrote: -jdb Any ideas? Bill _______________________________________________ Do not post admin requests to the list. They will be ignored. Darwin-dev mailing list (Darwin-dev@lists.apple.com) Help/Unsubscribe/Update your Subscription: http://lists.apple.com/mailman/options/darwin-dev/james%40jberry.us This email sent to james@jberry.us _______________________________________________ Do not post admin requests to the list. They will be ignored. Darwin-dev mailing list (Darwin-dev@lists.apple.com) Help/Unsubscribe/Update your Subscription: http://lists.apple.com/mailman/options/darwin-dev/site_archiver%40lists.appl... Is there a property in Info.plist that I can set to give my Java application, packaged as a .app bundle, the superuser privilege? Or some other simple way to run a Java app with superuser privileges? Java won't do this for you automatically. Ultimately you've got to get it running at superuser privilege. Common techniques include using a script to run it with su privileges by setting the ownership to root, and setting the suid bit. But you really don't want to run the java vm as superuser (for long) if you can help it. One reasonable technique is to be superuser just long enough to acquire the port, then drop su privileges. There is a tool and set of classes called Jakarta commons-daemon that were written to help you do this with java. The jsvc tool that commons-daemon supplies will invoke your java code initially as root to initialized itself (and get the privileged port), then drop privileges while the rest of the code runs. The best way to get commons-daemon for Mac OS X is through darwinports, as that port fixes several bugs in the code, and gets it to build on OS X. Tomcat5 as built for darwinports, uses commons-daemon to run so that it can acquire its ports this way. You might look at this as an example. Ultimately a better question, however, might be whether you can use non-privileged ports for your communication. It doesn't sound like there's anything in particular about your setup that would require you to choose a well-known privileged port, and if you pick a non-privileged port you won't need to gain superuser privs in the first place. My application exposes a small, low-function, secure HTTP server (this is not the main function of my application, but it is needed to support a master/remote interface between machines on a local area network in a user's home). This requires superuser privileges. It works fine in a shell when I prefix my application with "sudo". But I can't ask users to do that! I have also been able to get it to work from an AppleScript (something like 'do shell script "sudo open MyApp"'). That will be what I will have to ship, unless there is a better, more "transparent" solution. This email sent to site_archiver@lists.apple.com