On Sat, Nov 29, 2008 at 5:54 PM, Joe Turner <[EMAIL PROTECTED]> wrote: > So, I'm creating a copy/erase tool for an app, and I need to be able to > authorize the user so I can copy and delete files that need Admin > permissions. I have looked thoroughly through the Security.framework, but > could not find anything. I do not want to do a shell script, so I would > rather not use the authorized execute command. Is there a way to do this?
Nope. You *must* use a subtool of some kind. It's a fundamental of the UNIX security model that a process's privileges can only decrease, not increase. If your process can't touch the file now, nothing it does can suddenly allow it to. The only thing you can do is execute a subtask with elevated privileges. It doesn't have to be a shell script of course, but it has to be some separate process. > And if there is, what is the best way to only have the user type their > password once (using the Security framework), and never have to again the > next time the app launches? Check out Apple's BetterAuthorizationSample which, while being an impressively horrible piece of code (entirely due to the constraints it's working under, not to criticize the authors of this sample code in any way), it shows exactly how to do this sort of thing and you can pretty much plug it in to your own application. Mike _______________________________________________ Cocoa-dev mailing list (Cocoa-dev@lists.apple.com) Please do not post admin requests or moderator comments to the list. Contact the moderators at cocoa-dev-admins(at)lists.apple.com Help/Unsubscribe/Update your Subscription: http://lists.apple.com/mailman/options/cocoa-dev/archive%40mail-archive.com This email sent to [EMAIL PROTECTED]
