Run Cocoa Application as Root user

Discussion in 'Mac Programming' started by ruhi, Jul 29, 2009.

  1. macrumors member

    Joined:
    Jun 17, 2009
    #1
    I want my cocoa application to run with its owner as root.

    How can i dot this?

    Thanks,
    Ruhi.
     
  2. macrumors G5

    gnasher729

    Joined:
    Nov 25, 2005
    #2
    If you want to run as root, you are risking extreme damage to the system of the user. So you better have a very, very good reason to do this. Please explain what you want to achieve by running as root user.
     
  3. thread starter macrumors member

    Joined:
    Jun 17, 2009
    #3
    Run Cocoa Application as Root user

    I want to enter a key value pair in Loginwindow.plist file in library/preferences to set my application at startup for all users.

    Therefore, i need to run it as root user.

    Please help !

    Thanks,
    Ruhi.
     
  4. macrumors 68040

    lee1210

    Joined:
    Jan 10, 2005
    Location:
    Dallas, TX
    #4
    You don't need to run as root to do this, you need to use Authorization Services and perform this one task with escalated permissions.

    -Lee
     
  5. thread starter macrumors member

    Joined:
    Jun 17, 2009
    #5
    Run Cocoa Application as Root user

    Hello,

    I am using authorization services .

    Done following steps:

    Code:
    AuthorizationRef myAuthorizationRef; 
    OSStatus myStatus; 
    myStatus = AuthorizationCreate (NULL, kAuthorizationEmptyEnvironment, kAuthorizationFlagDefaults,
    &myAuthorizationRef);
    
    //set up rights and request authorization
    AuthorizationItem myItems[1]; 
    myItems[0].name = "com.mycompany.myapp"; 
    myItems[0].valueLength = 0;
    myItems[0].value = NULL;
    myItems[0].flags = 0;
    AuthorizationRights myRights; 
    myRights.count = sizeof (myItems) / sizeof (myItems[0]); 
    myRights.items = myItems;
    AuthorizationFlags myFlags; 
    myFlags = kAuthorizationFlagDefaults | kAuthorizationFlagInteractionAllowed | 
    kAuthorizationFlagExtendRights;
    myStatus = AuthorizationCreate (&myRights, kAuthorizationEmptyEnvironment, 
    myFlags, &myAuthorizationRef);
    
    //// [B]What else to do now so as to run this .app as root user.[/B]
    
    }
    Please help!!

    I have studied a lot but not getting what is desired.

    Thanks,
    Ruhi.
     
  6. macrumors G5

    gnasher729

    Joined:
    Nov 25, 2005
    #6
    You are getting what is desired by Apple and all Macintosh users, just not what _you_ desire. But nobody cares.

    You seriously _don't_ want to run as a root user. If your application insists on running as root, running it on my computer at work would get me into very serious trouble with my boss, including a talk to Human Resources. Not that I would do it. If the grandchildren ran your application on the computer, it would get them into very serious trouble with me (like: Forever being banned from using my Mac).

    It is typical when people don't listen:

    A: I want to do X.
    B: You really really don't want to do X. What are you trying to do?
    A: I want to do X because I want to do Y.
    C: Don't do X. In order to do Y, do these things...
    A: I tried these things, but they don't let me do X.

    At that point everyone pulls out their hair. Just do as Lee told you to change Loginwindow.plist.
     
  7. thread starter macrumors member

    Joined:
    Jun 17, 2009
    #7
    Run Cocoa Application as Root user

    ok i got your point. sorry.

    But i dnt get escalated privileges anywhere. So i thought it might be same as root.

    The code tht i have posted is of help or i just wasted my time writing it.

    Please give some direction where to start for escalated privileges.

    Thanks,
    Ruhi
     
  8. Moderator emeritus

    robbieduncan

    Joined:
    Jul 24, 2002
    Location:
    London
    #8
    The only times I've ever used authorisation services I've always used a second executable (a command-line tool) embedded in the app to do the operation I wanted to execute with enhanced privileges. From memory this is what the documentation tells you to do and provides maximal security.
     
  9. thread starter macrumors member

    Joined:
    Jun 17, 2009
    #9
    run Cocoa Application as Root user

    what is to be written in command line utility? Do i need to code same as above or something is missing.

    Will it also make my application trusted?

    Thanks,
    Ruhi
     
  10. Moderator emeritus

    robbieduncan

    Joined:
    Jul 24, 2002
    Location:
    London
    #10
    Read the documentation. You turn the results of the above into a serialised binary object and pass that to the helper tool (which as per the documentation can use the setuid bit to run as root).

    Why are you not checking the return value (myStatus). It's possible that the user is not being authorised...
     
  11. thread starter macrumors member

    Joined:
    Jun 17, 2009
    #11
    Run Cocoa Application as Root user

    Hello,

    Thanks but the link is not working.

    I am now totally confused. how to turn into binary.

    everything getting messy.

    Just to make my application trusted involves so much complicity?

    can u explain me step by step? what i need to do.

    Thanks,
    Ruhi.
     
  12. Moderator emeritus

    robbieduncan

    Joined:
    Jul 24, 2002
    Location:
    London
    #12
  13. macrumors G5

    gnasher729

    Joined:
    Nov 25, 2005
    #13
    Let me put it like this: If you can't manage to go to developer.apple.com, and type in "authorization" into a search box, then I am sure that I don't want to run an application written by you as root, and I don't want an application written by you to be run every time my Macintosh is started.

    You are trying to get into areas where any minor mistake can be a major security risk for people using your applications. If Apple's documentation is confusing you, then sorry, but you shouldn't be doing this. This is like someone asking advice how to install a gas fire at their home, or how to use a chain saw, or how to repair a microwave oven: If you have to ask for advice, then DON'T DO IT.
     
  14. thread starter macrumors member

    Joined:
    Jun 17, 2009
    #14
    Run Cocoa Application as Root user

    Thanks for your rude reply.

    But i already told you i have read all about it. Doesn't it mean that i have read all these documentation.

    Well Thanks for your support.

    Its better to try and try by myself then wasting time to post queries expecting help.

    Thanks,
    Ruhi.
     

Share This Page