On Sep 18, 2011, at 10:05 AM, Tito Ciuro wrote: > Hello, > > When my app launches, I'd like it to listen to port 80 or 443. To do that, I > believe I need to use Security Framework Authorization API to obtain extended > rights. A potential solution is to split the app's executable int two parts: > > 1) one executable, the main one that first gets launched, obtains extended > rights. > 2) the app itself, which is the embedded web server. > > When the user double clicks the app, it would execute (1) with: > > SFAuthorization *authorization = [SFAuthorization authorization]; > BOOL result = [authorization obtainWithRights:NULL > > flags:kAuthorizationFlagExtendRights > environment:NULL > authorizedRights:NULL > error:&error];
You need to obtain the system.privilege.admin right if you want to launch a task with root privileges. You should also use the kAuthorizationFlagInteractionAllowed and kAuthorizationFlagPreAuthorize flags as well. > and then use NSTask to launch (2) via: > > + (NSString *)stringByLaunchingPath:(NSString *)processPath > withArguments:(NSArray *)arguments > authorization:(SFAuthorization *)authorization > error:(NSError **)error; > > Is this approach the way to go, or is there an easier/better/safer way do to > that? You must use AuthorizationExecuteWithPrivileges() to launch a task with privileges; you cannot do that with NSTask. Nick Zitzmann <http://www.chronosnet.com/> _______________________________________________ Cocoa-dev mailing list (Cocoa-dev@lists.apple.com) Please do not post admin requests or moderator comments to the list. Contact the moderators at cocoa-dev-admins(at)lists.apple.com Help/Unsubscribe/Update your Subscription: http://lists.apple.com/mailman/options/cocoa-dev/archive%40mail-archive.com This email sent to arch...@mail-archive.com
