PDA

View Full Version : Writing to root directories (e.g. /Library/Preferences) with an elevated helper.




Incarna
Jun 8, 2012, 09:52 PM
Does anyone have a good example of this?

From what I've read the old method was deprecated in OSX Lion, the way to go about it now is to use SMJobBless on an elevated helper but I don't see any good or easy examples that clearly illustrate how I would for example: move a file or write a file in (for example) /Library/Preferences.

Ideally I'd like to have a user only authorize once on first run and never again. Any ideas?



jared_kipe
Jun 8, 2012, 11:17 PM
I've still been able to use AuthorizationFlags, AuthorizationRef, AuthorizationCreate(), and AuthorizationExecuteWithPrivileges() on Lion though Xcode does note that AuthorizationExecuteWithPrivileges() is deprecated.

Incarna
Jun 9, 2012, 12:22 AM
I've still been able to use AuthorizationFlags, AuthorizationRef, AuthorizationCreate(), and AuthorizationExecuteWithPrivileges() on Lion though Xcode does note that AuthorizationExecuteWithPrivileges() is deprecated.

I'm worried it'll be removed when Mountain Lion comes out (which seems likely with the addition of gatekeeper). Your thoughts? Got any good examples? Would really appreciate it.

jared_kipe
Jun 9, 2012, 07:00 PM
So I had to write something that needed to modify /etc/hosts not too long ago. I started by looking up the api's and documentation from the normal developer.apple.com sources. The only code examples I could find were the ones using the deprecated calls, they still work. I obviously can't say they will work forever.

If/when they finally are completely deprecated you will need to test if symbols/functions exist and branch your code appropriately into the new API calls.

Catfish_Man
Jun 9, 2012, 08:56 PM
Does anyone have a good example of this?

From what I've read the old method was deprecated in OSX Lion, the way to go about it now is to use SMJobBless on an elevated helper but I don't see any good or easy examples that clearly illustrate how I would for example: move a file or write a file in (for example) /Library/Preferences.

Ideally I'd like to have a user only authorize once on first run and never again. Any ideas?

I realize it was just an example, but just to be sure... never write to /Library/Preferences. Just have your privileged helper app use the regular CFPreferences API and pass kCFPreferencesAnyUser.