mac上的应用提权
一个mac上的app需要在/Applications/My.app/Contents/MacOS路径下创建一个配置文件,在开启root权限的账户下运行时ok,但是在没有开启root权限的账户下运行时,创建文件会失败,报"Permission Denied"
花时间了解了一下mac上的应用提权,由于安全的原因,提权方式一直在调整,目前苹果推荐的方式是使用Security Manager,并提供了一个例子:SMJobBless
以下引用自stackoverflow http://stackoverflow.com/questions/18404884/c-show-osx-permission-dialog
"
Originally, Apple provided a function 'AuthorizationExecuteWithPrivileges' that allowed an application to launch another with root privileges. This has since been deprecated for security reasons.
The dialog here is a bit misleading. Apple provides authorization services that launches the dialog under various different situations, but usually from an application having called the function AuthorizationCopyRights, after having setup rules in an authorization database (the file at /etc/authorization) and having created the Authorization reference with AuthorizationCreate.
Security on OSX is split between a security daemon, a security agent and applications. An application can restrict features using this system, or request authorisation for the user to enter credentials so it can launch a privileged application, which is what you need to do.
It's important to note that the dialog has not been presented by the application, but by the Security Agent, which is solely responsible for the security GUI. The daemon actually processes the authorization.
Apple's method for elevation is to have all applications run with Standard User rights and should a privileged task be required, then this must be factored out into a separate application which is registered to run with launchd and given the elevated privileges. The example Apple provides isSMJobBless.
While the calling code of the example is written in Objective-C, the important functions are just C functions in the SMJobBlessAppController.m file, most notably AuthorizationCreate to create an authorisation reference and the code in the Objective-C function blessHelperWithLabel:error: at the bottom of the file.
Begin with this help document on SMJobBless, which details the process.
Finally, if you're using Qt, you'll need to include Apple's Security framework for the required function calls. To do that, just add the following to your .pro file: -
QMAKE_LFLAGS += -F /System/Library/Frameworks/Security.framework/
LIBS += -framework Security"
附:
1.Enable and using the "root" user in mac os x
https://support.apple.com/en-us/HT204012
最新文章
- phpwind ecshop 用户整合
- node.js链接mysql
- visual studio 局域网远程调试web项目
- mybatis There is no getter for property named 'xx' in 'class java.lang.String
- jquery validation 简单验证手机号码
- visual studio 2012更换皮肤、功能添加
- git ignore 的使用
- Bitmap、BitmapDrawable、BitmapFactory、Matrix类之间的关系
- sqlserver安全加固
- PHP数组函数试题
- Spring Security 入门(1-4-2)Spring Security - 认证过程之AuthenticationProvider的扩展补充说明
- Git 处理tag和branch的命令
- android:layout_gravity和gravity的区别
- Nodejs 中将html转换成pdf文件
- IDEA下搭建Shiro-web环境,总是报BasicDataSource,classnotfound;问题解决
- java用毫秒数做日期计算的一个踩坑记录
- 页面中php传值后循环列表js获取点击的id
- 前端项目模块化的实践2:使用 Webpack 打包基础设施代码
- mininet invalid literal for int() with base 10: 'cpu.cfs_period_us:'
- NGINX+TOMCAT实现反向代理