I'm working on an app that needs to use dd (I do this with a shell script in the app bundle, that collects parameters from the app itself, makes some checks and then launches dd).
To make this operation I need to call dd with root, and I already looked at several solutions on StackOverflow. The simplest to implements seemed to me this one http://www.sveinbjorn.org/STPrivilegedTask
Problem is that my NSTask makes some complex read/write operations (not present in STPrivilegedTask) and does not need to be all privileged.
So I wrote a small helper tool in c that calls my script with correct parameters from my app. The solution I thought is to use the STPrivilegedTask to SUID once the fly my small helper tool, so I can launch it (and so my script and dd) with root, and soon after successful launch I set back the helper tool to non SUID (and I do the same if any error, on app exit, app start etc.. to be safer).
I implemented it and works quite well, maybe it's not perfect but I think that being all inside the bundle, and working with the helper tool in SUID just for the launch sounds safe enough.
Any thoughts?
Thanks!
You can use a sandbox for running the new Process in your NSTask
sandbox-exec -f <profile> <command>
sandbox-exec -f my_profile.sb "/bin/dd -if=/dev/disks01 of=/dev/target"
http://developer.apple.com/library/mac/#documentation/Darwin/Reference/ManPages/man1/sandbox-exec.1.html
You have some profile examples in here
/usr/share/sandbox/
You have to give enough access for dd to work, I haven't tried or checked what dd requires, I would start with something like this:
(version 1)
(deny default)
(debug deny)
(import "system.sb")
(allow file-read-data file-write-data file-ioctl (regex #"^/dev/.*$"))
(allow process-exec (literal "/usr/sbin/helper"))
Update:
Worth mention, you can use
sandbox-exec -p command
Related
I have designed a GUI that I want to run as soon as I turn on my Raspberry Pi. It is currently set up to automatically log in as user on startup, but if that makes the process more difficult I can change that. My Raspi runs on Raspbian 10 (buster), which has made things difficult since I can only find tutorials for Raspbian 8 or so.
I have tried modifying autostart folder, but it is not in the same location as it was in previous Raspbian versions and doesn't seem to be working the way it used to. Tutorials have said to create a .desktop file in /home/pi/.config/autostart but I don't have a .config folder, or at least it's hidden. For me, autostart is in /etc/xdg/autostart and when I try to create a new file here using nano in the terminal, I get the message [Directory '/etc/xdg/autostart' is not writable] and it doesn't save my file.
I have also tried calling my script in /etc/rc.local but it did nothing. Some have said it doesn't work for GUIs.
Here's what I type into terminal:
$ nano /etc/xdg/autostart/gui.desktop
and a new file pops up, but at the bottom I get the warning [Directory '/etc/xdg/autostart' is not writable]
How can I get my GUI script to run on startup with Raspbian 10 (buster)?
There are a number of issues here, first when you are looking at tutorials recognize that Linux distros are built in layers, for simplicity let's say your "layer stack" looks like this: kernel, systemd, x11, xdg, lxde. The kernel boots, then starts systemd, which then starts x11 (and a lot of other stuff), x11 starts xdg (and some other stuff, I think), lxde is started by either x11 or xdg I'm not sure which.
You want to add something to this process, you can do it at the kernel level (bad idea), at they systemd level (probably not right unless its a daemon), at the x11 level (still probably bad as you still don't have a user session yet), or at the xdg or lxde level.
xdg is probably the right place as it has all you need ( a gui, a user session) while being common (xdg will still work if you switch window managers, probably)
With that out of the way, why isn't your solution of modifying xdg working? It's because '/etc/xdg/autostart' is a system configuration directory. Any changes made to it will apply to all users. You may want this, but the system is trying to protect other users on your system and only allows root to make changes to everyone. If you want to do that use "sudo" (documented elsewhere on stack exchange and the internet). If you want to do it just for you use ~/.config/autostart, (https://wiki.archlinux.org/index.php/XDG_Autostart) you might need to create that directory with "mkdir ~/.config/" and then "emacs ~/.config/autostart"
Would it be better to have the python program run in a terminal window from startup? That way you would see what it is doing in case of errors.
If so, perhaps check this out https://stackoverflow.com/a/61730679/7575617
By the way, in the file manager, hit CTRL+H to toggle viewing hidden files and folders.
I'm writing a script for Illustrator CS6 in ExtendScript. At the end of my script, I want to spawn a task (a second script, in Ruby) using File.execute(). However, it's not working. And I'm at a loss as how to debug the problem -- how can I figure out why this isn't working?
Here's the end of my ExtendScript file:
// Do a bunch of other work, then:
var rubyFile = new File(scriptFolder + 'BuildHtmlWalkthrough.rb');
alert(rubyFile.exists);
var result = rubyFile.execute();
alert(result);
Both rubyFile.exists and result are always true, indicating that the script launched OK. But the script does not appear to run, at all. I've tried the following diagnostics:
The Ruby script does successfully run from the command line. The script's permissions are -rwxr-xr-x
I added a call to system("touch /blah/blah/blah") as the very first line of the Ruby script. The file does not get touched.
I thought maybe the ExtendScript process was terminating before the Ruby script could run, so I added a long for loop after rubyFile.execute(). Spinning for > 30 seconds did not help.
What can I do to debug, or solve, this problem?
I'm on MacOS X v10.9.1. And for reference, this is the documentation for File.execute():
File.execute (): Boolean
Core JavaScript Classes
Executes or opens
this file using the appropriate application, as if it had been
double-clicked in a file browser. You can use this method to run
scripts, launch applications, and so on. Returns true immediately if
the application launch was successful.
It's probably doing the "opens this file using the appropriate application" instead of executing, and returns true because the file successfully opens (or is already open in its associated app). If I have a python script and do
f= new File("~/Documents/misc_scripts/getpixelrgb.py");
f.execute();
, it opens it in my script editor, even if the file's execute flags are set.
I'm on OSX, btw
In After Effects, there is system.callSystem() to execute command line commands, but I'm afraid that is absent in Illustrator (I'm assuming you're doing this for Illustrator because of the tag). Are you on OSX or Windows? There are ways around this, by making an executable .app (OSX) or .exe (Win) and calling that with execute(). If I were doing this, I'm on OSX and I'd make an AppleScript app that does 'do shell script' to make the ruby system call. On Windows, it's different. One solution you might like if you're on windows: ocra, which is ruby-specific (http://ocra.rubyforge.org/). It may be possible to run a .bat file on Windows that calls the ruby script, but I'm not sure.
[edit!]
Terribly sorry for the extraneous Windows info (for someone else, I guess). Just saw your note about being on OSX. So you might want to use the AppleScript solution.
[edit again]
So, if my ruby script ("test.rb") is:
#!/usr/bin/env ruby
print "Hello"
and my AppleScript is:
do shell script "cd /testing_folder/; ruby test.rb"
Then I get "Hello" returned in AppleScript, but ExtendScript will just return true.
I am writing a menu bar application, I need to run a method every day at a certian time. I would like it to run even if the user is not logged in. I know I need to create a helper tool registering it with launchd. Is there a good tutorial on this? I'm not new to programing but I am new to using helper tools and launched. I have been doing some reading and came across SMJob, and I know I can use it to create helper tools just not how to use it. I just need some direction with this.
Take a look at Daemons and Services Programming Guide
The solution is to create some command line utility, make launchd plist file in the /Library/LaunchDaemons directory (note that it must be owned by root:wheel and have 0644 mode) and load job via command sudo launchctl load -w /Library/LaunchDaemons/your.plist (flag -w forces your job to launch at every boot). For the running your job periodically set StartInterval or StartCalendarInterval key in your plist (see "Creating Launch Daemons and Agents" -> "Creating a launchd Property List File" -> "Running a Job Periodically" in the guide for the example")
I'm writing app like System Activity in Mac. I used modified darwin.h and darwin.c from this topic.
But it seems that it shows correct info only for certain fields (and some time ago it showed all correct info but only for current process - this app), for everything else it shows correct only pid, process name, group/owner. Everything else like cpu/mem/disk usage is nulled. I think it may be something with sandbox or security. Tried to move application to /Applications and setting root/wheel 755 but it's not work, still zeroed values.
Here's my output : click
Code changed in darwin.c : click, written after a lot of commented printf lines
Also there is a free apps approved in AppStore like SystemInfo (com.lymbilesoft.systeminfoliteforiphone) that shows detailed info about disk and processes, so how do it work? Tried nm-ing it's binary but did not find something useful.
Can someone please help me with it?
I'm not sure if this is the only problem, but it certainly is possible that your app needs to run as root for this to work correctly.
However, simply installing the app in /Applications, doing chown root.wheel, and chmod 755 will not cause it to run as root. It will still run as user mobile.
In order to get the app to run as root, see this answer
I've used this technique successfully, and if you have a jailbroken phone, you can navigate to /Applications/Cydia.app and see that this launch script is how Cydia does this, too.
I use ps aux from the Terminal/Command Line. That gives me all the stuff I need, regarding your concerns.
On windows and such I used to use a trick to find out of a file is currently in use (written specifically).
I use to open the file for writing and if it failed most likey another process is busy accessing it.
Sadly these trick (using C OPEN with exclusive lock for writing) doesn't work on my Mac. While my curl in a terminal is still writing my -fileBusy() check fails.
fcnt call on the fd with F_GETLK doesn't reveal any locking as well.
Is there any chance for me to detect if a file is in use by another process?
Ps> listening for fsevents can't be done because my app launches after the is created by the other app / process.
Apple confirmed via email that the solution described in the link below is a valid one and not considered a private API.
More information:
http://lists.apple.com/archives/cocoa-dev/2010/May/msg01455.html
You could try running the following shell command using NSTask:
lsof -Fc path/to/thefile
That will give you the process ID and name of any process(es) that have thefile open.