Running terminal commands with the user privilege?

Discussion in 'Mac Programming' started by msharp, Feb 15, 2007.

  1. macrumors regular

    msharp

    Joined:
    Jul 10, 2004
    #1
    Hi there

    I'm currently developing a software by PHP with Apache 1.3 that bundled with Mac OS X.

    Now I need to launch a graphic program(for example, Photoshop) to open some type of file(in this case, a .psd file)

    I tried to run terminal commands like this:
    Code:
    open -b com.adobe.Photoshop [FilePath]
    It worked for me, but it won't work when it's run by PHP(System opens the psd file using Preview).

    I guess it's the privilege problem, it seems that the "www" user can not open a file by specifying a bundleIdentifier while a normal user can.

    So I'm here asking is there anything I can do about this?

    Thanks!~
     
  2. macrumors newbie

    Joined:
    Dec 5, 2006
    #2
    How did you find the terminal executable for photoshop, I'm looking for the same thing but for other programs?

    THanks
     
  3. macrumors 603

    jeremy.king

    Joined:
    Jul 23, 2002
    Location:
    Fuquay Varina, NC
    #3
    You could enabling suexec and try running the scipts as a different user.
     
  4. macrumors 6502

    Joined:
    Sep 20, 2006
    #4
    Suexec (a wrapper for setuid, google it) can do what you want. However, be wevy, wevy careful. What you are doing is escalating apaches privileges for this particular script.

    If you choose to go this route, then at least be certain that the script that is called is severely restricted. I don't know how Photoshop handles commandline arguments, but if it globs all of them as a sequence, and allows stuff like "photoshop /file/I/want rm -rf /", and 'rm -rf /' is executed, then you've just hosed all the parts you have access to.

    Whatever route you choose, make sure that you validate whatever is going to be sent to the system.
     

Share This Page