Running terminal commands with the user privilege?

Discussion in 'Mac Programming' started by msharp, Feb 15, 2007.

  1. msharp macrumors regular


    Jul 10, 2004
    Hi there

    I'm currently developing a software by PHP with Apache 1.3 that bundled with Mac OS X.

    Now I need to launch a graphic program(for example, Photoshop) to open some type of file(in this case, a .psd file)

    I tried to run terminal commands like this:
    open -b com.adobe.Photoshop [FilePath]
    It worked for me, but it won't work when it's run by PHP(System opens the psd file using Preview).

    I guess it's the privilege problem, it seems that the "www" user can not open a file by specifying a bundleIdentifier while a normal user can.

    So I'm here asking is there anything I can do about this?

  2. rickb macrumors newbie

    Dec 5, 2006
    How did you find the terminal executable for photoshop, I'm looking for the same thing but for other programs?

  3. jeremy.king macrumors 603


    Jul 23, 2002
    Fuquay Varina, NC
    You could enabling suexec and try running the scipts as a different user.
  4. jhande macrumors 6502

    Sep 20, 2006
    Suexec (a wrapper for setuid, google it) can do what you want. However, be wevy, wevy careful. What you are doing is escalating apaches privileges for this particular script.

    If you choose to go this route, then at least be certain that the script that is called is severely restricted. I don't know how Photoshop handles commandline arguments, but if it globs all of them as a sequence, and allows stuff like "photoshop /file/I/want rm -rf /", and 'rm -rf /' is executed, then you've just hosed all the parts you have access to.

    Whatever route you choose, make sure that you validate whatever is going to be sent to the system.

Share This Page