I'm writing an app that needs to overwrite a read-only file. Specifically the /etc/hosts file. To do that I need to ask for permission from the user to get root access and thereby permission to overwrite the hosts file.
I have searched all over the internet, but I have not been able to understand how to do this. I realize that a method called AuthorizationExecuteWithPrivileges() used to be used for this, but that it is deprecated in OSX 10.7. Then I came across something called SMJobBless, but I really didn't understand the concept of that?
So can you explain how to solve my problem the right way?
Regards, Rasmus
http://atnan.com/blog/2012/02/29/modern-privileged-helper-tools-using-smjobbless-plus-xpc/
SMJobBless + XPC is a os x 10.7+ solution for what you require.
The provided link contains source code showing examples too.
Related
I am writing an application that when is running should modify SystemConfiguration to set system wide proxy.
I know it is possible to do that using "Authorization Services" framework provided by Apple, however I see that it keeps asking for a user password to allow changes.
On the other hand I have 3rd party application (not the one I am writing) that does the same, but does not require user password. The application is not even written in Objective-C, but written in FreePascal (FPC) instead. Unfortunately I have no source code for this application to see how it does this trick.
I know I should be able to achieve the same (system config changes without sudo password) by either having Privileged Helper Tool supplied with the application (and perhaps install it on first run) or by going even nastier and loading a kext.
However I see that this application does neither of above. It only performs system calls and no password asked! I am completely puzzled how did they achieve that and would like to find a way to do the same.
So the question is - how to achieve complete "no password asked" for changing System Configuration on Mac OS X with an application?
PS: Application I have at hand runs as user, not root. And there is no modifications to sudoers neither.
This is silly, but after 2 days straight of searching for a solution I found that there is no special code nor any tricks required.
This is easily done via setting setuid bit to binary that requires escalated privilege and calling setuid(0) in the code before doing operations that require privilege (not sure if second part is necessary).
Relevant links:
Apple documentation
Related question on SO
PS: This works basically on any Unix-like system (BSD, Linux Solaris etc) with one details - this does not work on scripts (the ones that require hash-bang #! in order to execute interpreter) with exception of Solaris, where it seems to work just fine.
I am having a mac app in which I am deleting some data from user's Home directory.
My app is rejected saying the below reason.
The app only finds files in the ~/Downloads folder. It would be appropriate to have the user grant access to the Home folder.
So I used NSOpenPanel for asking the access from the user but I have no idea about how to give access to user's hidden folders.
EDIT
I have successfully enabled sandboxing for my app but now on allow button, what should I do?
Please guide me on this...
Any help will be highly appreciated.
Thanks in advance...
I spent some time researching this and I can say that if you want an easy solution for being able to access files outside your app's sandbox, it's just not going to be possible.
And even if you were willing to work on a tougher, more technical solution, it is still likely to not be possible.
You should look at this section in the Apple's App Sandbox Design Guide entitled "Accessing User Data", specifically this bit:
If your app requires access to the user’s home directory in order to
function, let Apple know about your needs using the Apple bug
reporting system. In addition, be sure to follow the guidance
regarding entitlements provided on the iTunes Connect website.
The next paragraph says the same thing about other app's preferences. Since you're trying to manipulate -- or delete -- other app's files, you're going to have to ask Apple for permission and/or guidance to do this.
If this were my problem, the only workaround I might possibly attempt would be to come up with might involve Security-Scoped Bookmarks and Persistent Resource Access, but as you can see from the linked documentation, it's not trivial to setup.
Summed up: if you want your app to remain sandboxed, you may need to rethink what you are trying to accomplish.
More information can be found in this related question.
I open up my httpd.conf file in TextWrangler and make some changes. When I restart my servers, I can see the new code vanish.
I've Google'd for help, and this is apparently a common problem. One solution that worked for some people is to copy the httpd.conf file to another file, modify it, then drag it back into its original folder. But that doesn't work for me.
Some suggested changing the permissions under Get Info. However, it says I already have Read & Write privileges. I then changed it so that EVERYBODY has Read & Write privileges.
I've also found suggestions for some sort of "sudo" operation with Terminal, but it sounds complex - and a little dangerous. I don't want to mess things up.
I found a similar discussion # How to change Apache httpd.conf file on Mac OS X? but it sounds pretty technical. Is there a user friendly way to modify a httpd.conf file on a Mac?
I'm using Max OS X Lion, by the way.
I was wondering if it is possible to make a new file inside the existing application? Now i am using:
[filemgr createFileAtPath: #"newFile.txt" contents: data attributes: nil];
But I think I have to change the path to something else. Anyone knows?
This is not a good idea. If the app is installed at /Application/ then only admin users launch the app will be able to write that file. (Never assume users are admins!)
The application might also be on read-only media.
If might also interfere with digitally signed applications though I'm not sure. Changing a file within the bundle means the app has changed, which is essentially what digital signatures want to avoid. (Don't mess with application bundles)
Instead, you should save a file on ~/Library/Application Support/<yourApplicationName>/.
Read File System Programming Guide.
I want to create a desktop application for OS X that does 3 things:
Creates a directory on the users computer with a custom icon
Downloads files to that directory from my server
Monitors changes in that directory and subdirecties so that it may send commands to my server
I understand how to download a file into a directory and communicate with my server. Where I lack knowledge is really the steps to get started so that the app is essentially this "smart sync folder."
Can anyone recommend tutorials, sample code, or just some general direction of how to get started on an app like this? Think really stripped down version of DropBox
Well, since you already know how to handle the web stuff, next step would be to get notifications when your folder changes.
Here's a good discussion of some good approaches (somewhat dated)
or
Download this demo to get started