On Jun 13, 2010, at 9:24 AM, Pierre Fournier wrote: > Hi,I want to log something in a file at /private/var/log, using > NSFileHandle.With the app launched as root, everything runs ok using > [NSFileHandle fileHandleForWritingToURL:url error:&err]. I get a valid handle > and can write what I want to. > With the app launched as non-root user, I create an Authorization using > AuthorizationCreate(), with following flags:m_AuthFlags = > kAuthorizationFlagDefaults | kAuthorizationFlagInteractionAllowed | > kAuthorizationFlagExtendRights; > and further use it using AuthorizationCopyRights(m_AuthRef, &m_AuthRights, > NULL, m_AuthFlags, NULL)), which returns errAuthorizationSuccess.However, the > call of [NSFileHandle fileHandleForWritingToURL:url error:&err] throws the > Cocoa Error 13 (Permission Denied).It seems that although having set > kAuthorizationFlagExtendRights, I am still not allowed to open and write this > file located at /private/var/log.Am I doing something wrong here, to cause > such permission denial?Thx.
AuthorizationCopyRights() does not elevate a task's privileges. If you need root privileges to do something, then you need to do it in a child task, because there is no way to elevate a running task's privileges, and GUI apps are not allowed to run with root privileges anymore. See the BetterAuthorizationSample sample code for details. Nick Zitzmann <http://www.chronosnet.com/> _______________________________________________ Cocoa-dev mailing list (Cocoa-dev@lists.apple.com) Please do not post admin requests or moderator comments to the list. Contact the moderators at cocoa-dev-admins(at)lists.apple.com Help/Unsubscribe/Update your Subscription: http://lists.apple.com/mailman/options/cocoa-dev/archive%40mail-archive.com This email sent to arch...@mail-archive.com
