On Jan 3, 2011, at 1:22 PM, eveningnick eveningnick wrote: >> Unless I'm forgetting something basic, you should be able to connect to your >> daemon's socket from a non-root process if you first change the permissions >> on the socket (using chmod, as if it were a file). The man page for the >> unix-domain protocol family alludes to this briefly: >> >>> All addresses are absolute- or relative-pathnames of other UNIX-domain >>> sockets. Normal >filesystem access-control mechanisms are also applied >>> when referencing pathnames; e.g., the >destination of a connect(2) or >>> sendto(2) must be writable. > > I dont want everyone to be able to write to that socket, the point is > to let only System Preferences (for example, by displaying > "Autorization dialog box" - like "User Accounts" preference pane, for > example. > I am wondering if that is possible to achieve using Authorization Server and > how
You can use the "authopen" command to open the socket and pass the descriptor back to you. It will prompt for admin authentication for you, if necessary. However, I suspect that making your daemon an on-demand launchd daemon will give you better tools. Be sure to read this, if you haven't: http://developer.apple.com/library/mac/#technotes/tn2005/tn2083.html Regards, Ken _______________________________________________ Cocoa-dev mailing list (Cocoa-dev@lists.apple.com) Please do not post admin requests or moderator comments to the list. Contact the moderators at cocoa-dev-admins(at)lists.apple.com Help/Unsubscribe/Update your Subscription: http://lists.apple.com/mailman/options/cocoa-dev/archive%40mail-archive.com This email sent to arch...@mail-archive.com
