Cocoa mail archive
Re: Running a process as another (non-root) user
FROM : glenn andreas
DATE : Tue Jan 29 15:56:05 2008
On Jan 29, 2008, at 2:09 AM, Adrian Ross wrote:
> Hello,
>
> I'd like to be able to launch a process running as a particular user
> - a different user from the one running the current process. The
> current process is not running as root. I have the user name and
> password.
>
> I've got as far as being able to create a valid AuthorizationRef
> from the user name and password; I'm asking for the right
> "system.login.tty" to check if they're valid. It'd be good to be
> able to use this to kick off the new process if possible.
>
> AuthorizationExecuteWithPrivileges doesn't do me much good as that
> runs a process as root - not what I want. I also don't want to have
> to authorise as root or admin to get the process launched.
>
> Any way to do this with just the user name and password of the
> target user? An NSTask with "su - c" doesn't seem very elegant.
Unix (and thus OS X) doesn't work that way - the only way you can do
something as another user is to become root (and once root, you can
become another user). Even if you were to do "su" that would also run
as root (and then switch to the user - /usr/bin/su is a set-uid root
binary).
So you'll need to make a helper tool that is the equivalent of su
(i.e., manipulates the uid to change it to the other user).
Glenn Andreas <email_removed>
<http://www.gandreas.com/> wicked fun!
quadrium | flame : flame fractals & strange attractors : build,
mutate, evolve, animate
DATE : Tue Jan 29 15:56:05 2008
On Jan 29, 2008, at 2:09 AM, Adrian Ross wrote:
> Hello,
>
> I'd like to be able to launch a process running as a particular user
> - a different user from the one running the current process. The
> current process is not running as root. I have the user name and
> password.
>
> I've got as far as being able to create a valid AuthorizationRef
> from the user name and password; I'm asking for the right
> "system.login.tty" to check if they're valid. It'd be good to be
> able to use this to kick off the new process if possible.
>
> AuthorizationExecuteWithPrivileges doesn't do me much good as that
> runs a process as root - not what I want. I also don't want to have
> to authorise as root or admin to get the process launched.
>
> Any way to do this with just the user name and password of the
> target user? An NSTask with "su - c" doesn't seem very elegant.
Unix (and thus OS X) doesn't work that way - the only way you can do
something as another user is to become root (and once root, you can
become another user). Even if you were to do "su" that would also run
as root (and then switch to the user - /usr/bin/su is a set-uid root
binary).
So you'll need to make a helper tool that is the equivalent of su
(i.e., manipulates the uid to change it to the other user).
Glenn Andreas <email_removed>
<http://www.gandreas.com/> wicked fun!
quadrium | flame : flame fractals & strange attractors : build,
mutate, evolve, animate
| Related mails | Author | Date |
|---|---|---|
| Running a process as another (non-root) user |
Adrian Ross | Jan 29, 09:09 |
| Re: Running a process as another (non-root) user |
glenn andreas | Jan 29, 15:56 |
