On Jun 13, 2010, at 10:24 AM, Pierre Fournier wrote: > Hi,I want to log something in a file at /private/var/log, using NSFileHandle.
Do you really want to do that? Have you considered ~/Library/Logs? Or using the Apple System Log facility <http://developer.apple.com/mac/library/documentation/Darwin/Reference/ManPages/man3/asl.3.html> and <http://boredzo.org/blog/archives/2008-01-19/next-week-apple-system-logger>? > With the app launched as root, everything runs ok using [NSFileHandle > fileHandleForWritingToURL:url error:&err]. I get a valid handle and can write > what I want to. > With the app launched as non-root user, I create an Authorization using > AuthorizationCreate(), with following flags:m_AuthFlags = > kAuthorizationFlagDefaults | kAuthorizationFlagInteractionAllowed | > kAuthorizationFlagExtendRights; > and further use it using AuthorizationCopyRights(m_AuthRef, &m_AuthRights, > NULL, m_AuthFlags, NULL)), which returns errAuthorizationSuccess.However, the > call of [NSFileHandle fileHandleForWritingToURL:url error:&err] throws the > Cocoa Error 13 (Permission Denied).It seems that although having set > kAuthorizationFlagExtendRights, I am still not allowed to open and write this > file located at /private/var/log.Am I doing something wrong here, to cause > such permission denial?Thx. You are misunderstanding how permissions and authorization works. The Unix permissions model is that no process can ever acquire privileges that it didn't start life with. It can only reduce its privileges. Authorization Services is a means to start a new process that starts life with higher privileges. (Well, actually, it's for a much broader purpose than that, but that's one use to which it can be put.) You want to examine BetterAuthorizationSample <http://developer.apple.com/mac/library/samplecode/BetterAuthorizationSample/>. Actually, you probably just want to look up the authopen command <http://developer.apple.com/mac/library/documentation/Darwin/Reference/ManPages/man1/authopen.1.html> which is pretty much ideally suited to your needs. Cheers, Ken _______________________________________________ Cocoa-dev mailing list (Cocoa-dev@lists.apple.com) Please do not post admin requests or moderator comments to the list. Contact the moderators at cocoa-dev-admins(at)lists.apple.com Help/Unsubscribe/Update your Subscription: http://lists.apple.com/mailman/options/cocoa-dev/archive%40mail-archive.com This email sent to arch...@mail-archive.com
