header

Torsten Curdt’s weblog

« Selecting the OSX SDK
Wrapping pre-formatted text »

Elevating permissions on OSX

When a file change requires root permissons you can use ‘/usr/libexec/authopen’ which elevates permissions and reads or writes that file for you. But what about executing programs with elevated permissions? On the command line you can of course use ’sudo’ …but what if you don’t want to drag the user to the command line? I thought an ‘authexec’ was missing. So after a little research I’ve modified an example from the Apple documentation that explains how to use


 AuthorizationCreate(..)
 AuthorizationCopyRights(..)
 AuthorizationExecuteWithPrivileges(..)

to elevate permssions. ‘authexec yourapp’ will (just like sudo) ask you to confirm the authentication and then start your application with elevated permissions.

For convenience I’ve put the source and the universal binary online.

11. February 2006 | , ,

  • Trying with dmesg it works just fine for me. No idea what magic "Path Finder" does on startup.
  • This builds fine on Snow Leopard as x86_64. However, it doesn't actually work.

    For example (in Terminal.app):
    $ authexec /Applications/Path\ Finder.app/Contents/MacOS/Path\ Finder

    ... only gets me another Path Finder window, without administrative rights. Although, it does indeed ask me for my user name and password in the gui prompt.
  • I've updated the zip and at least for me it builds just fine on Leopard.
  • Pascal Harris
    I'm trying to understand authorization on Mac OS X and your example seems to be just the help that I need. Unfortunately, I can't get it to build - when I run the make file I get:

    gcc authexec.c -arch i386 -o authexec.i386 -framework Security -isysroot /Developer/SDKs/MacOSX10.4u.sdk
    gcc: installation problem, cannot exec `cc1': No such file or directory
    make: *** [authexec.i386] Error 1

    When I try to run gcc directly, I get:

    ld: can't map file: /Developer/SDKs/MacOSX10.4u.sdk ((os/kern) invalid argument)

    And when I build it in xcode and try to run it, it compiles file - but I get

    ZeroLink: unknown symbol '_AuthorizationCreate'
    Abort trap

    I'm perplexed - and I'd really value your suggestions!
blog comments powered by Disqus