3

Conditions are the following: MacOSX 10.7 and Cocoa graphical application written in objective-c.

I am faced the following problem. I can't start daemon application from /user/bin folder from my Cocoa application. I know that I should have root privileges to do that.

I have installer, not *.pkg but manually written installer application. I need to start my daemons after installation process is finished. How can I increase my privileges level in objective-c application?

I have this code. But AuthorizationExecuteWithPrivileges call is deprecated.

We should not use it.

AuthorizationItem authItem      = { kSMRightModifySystemDaemons, 0, NULL, 0 };
AuthorizationRights authRights  = { 1, &authItem };
AuthorizationFlags flags        = kAuthorizationFlagDefaults |
                                  kAuthorizationFlagInteractionAllowed |
                                  kAuthorizationFlagPreAuthorize |
                                  kAuthorizationFlagExtendRights;

AuthorizationRef authRef = NULL;

OSStatus status = AuthorizationCreate(&authRights,
kAuthorizationEmptyEnvironment, flags, &authRef);

status = AuthorizationExecuteWithPrivileges(authorizationRef, tool, kAuthorizationFlagDefaults, args, &pipe);

The second way is to use privileged helper. This way looks very complicated for my case. I just need to start daemons after install.

Of cource I can ask user to restart mac. But i would like to avoid it.

Other possibility is SUID bit on the daemon executable file. But it is not secure i think.

My question is: Is there other simpler way to do it?

anka
  • 3,817
  • 1
  • 30
  • 36
Vlad
  • 2,090
  • 3
  • 21
  • 37
  • Are you asking admin password at the time of installation? – Parag Bafna Feb 07 '13 at 07:20
  • 1
    I can ask for password. But AuthorizationCreate and AuthorizationExecuteWithPrivileges are deprecated. I am using SDK 10.8 and i have compilator warnings about it. – Vlad Feb 07 '13 at 08:24
  • Have you read this one? http://stackoverflow.com/questions/6841937/authorizationexecutewithprivileges-is-deprecated Provides a hacky-tacky solution :) – favoretti Mar 14 '13 at 20:09
  • .. not the first answer, but from the 2nd onwards, since you don't want helper tools. – favoretti Mar 14 '13 at 20:10

1 Answers1

2

Well, there may be an answer here.

You need to:

  1. Create a shell script with your operations.
  2. Create an apple script NSString in which you request the shell script to be executed with administrator privilege.
  3. Create an instance of NSAppleScript and execute the apple script.

Here are more details:

AuthorizationExecuteWithPrivileges is deprecated

Community
  • 1
  • 1
  • Thank you! Yes, NSAppleScript method works without privileged helper. But you need to enter user password every time you run this script. Actually I did it with privileged helper. – Vlad Mar 22 '13 at 10:23
  • Well, it is either that or the privileged helper... You can't have everything... sorry. Isabel –  Mar 22 '13 at 10:33