I'm writing a tool with a GUI for OS X that is launched by the user only when needed, e.g. to delete locked files.
To enable the deletion of such files, root level access to the file system is sometimes required.
Currently, I solve this in a very simple way: The app relaunches itself using AuthorizationExecuteWithPrivileges. That leads to asking the user for an admin account and password. If he does that, the app runs as root and can perform its file access tasks as needed.
The problem with this solution is that it's fairly unsafe and bad style (the entire UI runs under the root user, for instance, which is clearly not desired). Furthermore, AuthorizationExecuteWithPrivileges is now deprecated.
How do I improve this? It's it clear to me that I need to write a helper tool for performing the file operations.
I do not want to use an installer, nor do I want to permanently give the helper tool root permissions in any other way. Instead, I want to require the admin to authenticate the operation every time, just like the Finder requires a user to re-login with an admin account whenever protected files are deleted or modified.
That means that the helper should get root permissions only temporarily. If AuthorizationExecuteWithPrivileges wasn't deprecated, I'd simply invoke the helper tool through that function, and I'd have my solution.
This means that SMJobBless is probably not the right way to go for me. Neither is launchd, it seems. What else is there?
Further question: What kind of inter-process communication should I use? Basically, I need to invoke the helper, passing some file refs (paths or URLs), and wait for it to return the results (including error msgs). I've found various ways for IPC, and I am more confused than ever now. Many reference launchd processes, which probably doesn't apply to me, so what should I look into?
