Write Permission from application?

vishal.chauhan · 11-07-2007, 11:10 PM

Hi All,

I m working on MAC 10.4.10 on my Intel MAC.
I have a program which can open to the disk in and read form disk in binary form.

fileDescriptor = open ("/dev/rdisk1", O_RDONLY );
but this function returns true only in case if I am login under root but if i login under some other account with admin permission it wiil not return true.

So if any body knows how I can access disk in admin user account then plz help me.

Thanks.

hayne · 11-08-2007, 12:00 AM

You need to read up on how to gain 'root' privileges for the small part of your app (preferably a small helper application) that will read the disk.
Start here: http://developer.apple.com/documenta...section_1.html

vishal.chauhan · 11-14-2007, 06:42 AM

Hi Hayne,

I m reading the Document(from your Link) but still no idea how to achieve the target that is how to give user permission so that it can read the disk.

If u provide a simple example then that would be very helpful.

Thanks.

vishal.chauhan · 11-20-2007, 11:29 PM

Hi All,

I m working on Mac 10.4.7 on my Intel Mac.
I want to read the binary data from disk which I ab able to do in the root login but since I want to do it in any admin ligin so I am using the function
AuthorizationExecuteWithPrivileges.

My problem is that i am able to give the application root privilege but then i have to run my application from some other application by giving the path in the above function. But i want to give my applicayion root privilege from within the application.

So if any body knows how I m able to do that then plz help me.

Thanks
Vishal

Mikey-San · 11-21-2007, 12:19 AM

I will restate, at the risk of sounding harsh, what I said in your last thread:

It doesn't sound like you're ready to go playing with AuthorizationExecuteWithPrivileges().

hayne · 11-21-2007, 12:40 AM

I merged the new thread with the older one since it is on the same topic.

vishal.chauhan · 11-21-2007, 05:03 AM

Actually I donot know for which file to get permission in order to read the disk using open function.

hayne · 11-21-2007, 07:46 PM

Developing an application that needs 'root' privileges to do something is a difficult undertaking (to do it correctly and securely). You need to set aside several days and read through all of Apple's documentation on this subject - I pointed to a starting point above. Apple provides a few sample projects that illustrate what needs to be done. You should examine these closely and then it should be clear what you need to do in your case.

Outline of what you need to do:
- create a small command-line (no GUI) utility that does the operation that you need 'root' access for
- use the Apple security API's to invoke this stand-alone utility when needed from your larger application

hayne · 11-30-2007, 12:37 AM

Apple has just released a new sample project that provides a relatively easy way to set up a helper tool to perform the privileged operation:
http://developer.apple.com/samplecod...ple/index.html

Mikey-San · 11-30-2007, 01:18 AM

So I just got done looking through that project and its readme, and all I'm left with is:

Holy crap.

hayne · 11-30-2007, 01:30 AM

Quote:

Originally Posted by Mikey-San


	So I just got done looking through that project and its readme

There are 3 READMEs - the most interesting is the long one that explains the rationale for why it was implemented the way it is.

Mikey-San · 11-30-2007, 02:29 AM

Yeah, typo. My fingers decided they didn't like my 's' key.

The design is interesting, and I feel as though I'm still digesting its implications. I'll end up rereading the documentation for the project again, no doubt. What's interesting is that for one-off actions, they still recommend AEWP. (I'm not saying this is a flawed recommendation, simply that I find it interesting.)

I do really like the fact that Apple sat down and created a very thorough--and thoroughly documented--standard authorization module and companion example for developers. This kind of thing doesn't happen in an afternoon.

hayne · 11-30-2007, 07:53 PM

Quote:

Originally Posted by Mikey-San


	What's interesting is that for one-off actions, they still recommend AEWP. (I'm not saying this is a flawed recommendation, simply that I find it interesting.)

I was surprised by that statement as well. But their example was about installing and uninstalling, so I think perhaps the "one off" was intended to refer to things that the app does only once in its lifetime - as opposed to things that it does once per launch. I was sufficiently confused by that statement to consider writing to the dts address to ask for clarification on this - I haven't done so yet, but I think I will.

11-07-2007, 11:10 PM	#1
vishal.chauhan Triple-A Player Join Date: Jan 2007 Posts: 65	Write Permission from application? Hi All, I m working on MAC 10.4.10 on my Intel MAC. I have a program which can open to the disk in and read form disk in binary form. fileDescriptor = open ("/dev/rdisk1", O_RDONLY ); but this function returns true only in case if I am login under root but if i login under some other account with admin permission it wiil not return true. So if any body knows how I can access disk in admin user account then plz help me. Thanks. Last edited by vishal.chauhan; 11-07-2007 at 11:24 PM.

11-08-2007, 12:00 AM	#2
hayne Site Admin Join Date: Jan 2002 Location: Montreal Posts: 32,473	You need to read up on how to gain 'root' privileges for the small part of your app (preferably a small helper application) that will read the disk. Start here: http://developer.apple.com/documenta...section_1.html __________________ hayne.net/macosx.html

11-20-2007, 11:29 PM	#4
vishal.chauhan Triple-A Player Join Date: Jan 2007 Posts: 65	AuthorizationExecuteWithPrivileges? Hi All, I m working on Mac 10.4.7 on my Intel Mac. I want to read the binary data from disk which I ab able to do in the root login but since I want to do it in any admin ligin so I am using the function AuthorizationExecuteWithPrivileges. My problem is that i am able to give the application root privilege but then i have to run my application from some other application by giving the path in the above function. But i want to give my applicayion root privilege from within the application. So if any body knows how I m able to do that then plz help me. Thanks Vishal

11-21-2007, 12:19 AM	#5
Mikey-San Hall of Famer Join Date: Jan 2002 Posts: 3,541	I will restate, at the risk of sounding harsh, what I said in your last thread: It doesn't sound like you're ready to go playing with AuthorizationExecuteWithPrivileges(). __________________ COMPUTER TYPE SOME SPECIFICATIONS I COPIED FROM THE BOX STUFF I INSTALLED ALL BY MYSELF "WITTY QUOTE" Last edited by Mikey-San; 11-21-2007 at 01:51 AM.

11-21-2007, 12:40 AM	#6
hayne Site Admin Join Date: Jan 2002 Location: Montreal Posts: 32,473	I merged the new thread with the older one since it is on the same topic. __________________ hayne.net/macosx.html

11-14-2007, 06:42 AM	#3
vishal.chauhan Triple-A Player Join Date: Jan 2007 Posts: 65	Hi Hayne, I m reading the Document(from your Link) but still no idea how to achieve the target that is how to give user permission so that it can read the disk. If u provide a simple example then that would be very helpful. Thanks.

11-21-2007, 05:03 AM	#7
vishal.chauhan Triple-A Player Join Date: Jan 2007 Posts: 65	Actually I donot know for which file to get permission in order to read the disk using open function.

11-21-2007, 07:46 PM	#8
hayne Site Admin Join Date: Jan 2002 Location: Montreal Posts: 32,473	Developing an application that needs 'root' privileges to do something is a difficult undertaking (to do it correctly and securely). You need to set aside several days and read through all of Apple's documentation on this subject - I pointed to a starting point above. Apple provides a few sample projects that illustrate what needs to be done. You should examine these closely and then it should be clear what you need to do in your case. Outline of what you need to do: - create a small command-line (no GUI) utility that does the operation that you need 'root' access for - use the Apple security API's to invoke this stand-alone utility when needed from your larger application __________________ hayne.net/macosx.html

11-30-2007, 12:37 AM	#9
hayne Site Admin Join Date: Jan 2002 Location: Montreal Posts: 32,473	Apple has just released a new sample project that provides a relatively easy way to set up a helper tool to perform the privileged operation: http://developer.apple.com/samplecod...ple/index.html __________________ hayne.net/macosx.html

11-30-2007, 01:18 AM	#10
Mikey-San Hall of Famer Join Date: Jan 2002 Posts: 3,541	So I just got done looking through that project and its readme, and all I'm left with is: Holy crap. __________________ COMPUTER TYPE SOME SPECIFICATIONS I COPIED FROM THE BOX STUFF I INSTALLED ALL BY MYSELF "WITTY QUOTE"

11-30-2007, 02:29 AM	#12
Mikey-San Hall of Famer Join Date: Jan 2002 Posts: 3,541	Yeah, typo. My fingers decided they didn't like my 's' key. The design is interesting, and I feel as though I'm still digesting its implications. I'll end up rereading the documentation for the project again, no doubt. What's interesting is that for one-off actions, they still recommend AEWP. (I'm not saying this is a flawed recommendation, simply that I find it interesting.) I do really like the fact that Apple sat down and created a very thorough--and thoroughly documented--standard authorization module and companion example for developers. This kind of thing doesn't happen in an afternoon. __________________ COMPUTER TYPE SOME SPECIFICATIONS I COPIED FROM THE BOX STUFF I INSTALLED ALL BY MYSELF "WITTY QUOTE"