如何使用BetterAuthorizationSample？ - 可可 [英] How to use BetterAuthorizationSample? - Cocoa

问题描述

我想使用BetterAuthorizationSample而不是去为了获得root权限的setuid使用的所谓的恶意的方式。

I am trying to use BetterAuthorizationSample rather then go the so called "malicious" way of using setuid in order to get root privileges.

目前我使用AuthorizationCreate（）;与BLAuthentication不得不改变一些文件的root访问权限，但我的事实，我必须在每一个时间不断输入密码的应用程序启动有点恼火。

Currently I am using AuthorizationCreate(); with BLAuthentication to have root access to changing some files, but I am somewhat irritated by the fact that I have to constantly enter my password in every time the app launches.

所以，我整个苹果的一个HelperTool的方法来了，我只是无法弄清楚。

So I came across Apple's method of a HelperTool, and I just can't figure it out.

我一直与可可现在几个月，但是这只是我够不着的地方，但我仍然需要它。我将如何实现这个工具做简单的根权限的任务？

I've been working with Cocoa for a couple months now, but this is just out of my reach, yet I still need it. How would I implement this tool to do simple root-privileged tasks?

有没有更简单使用HelperTool的概念，让自己的用户只需输入自己的密码一次，它会授予根特权永远的方式？

Is there a simpler way to use the concept of a HelperTool, so that my users can just enter their password once and it would grant root-privileges forever?

推荐答案

现代的方式做Mac OS X上使用的辅助工具是将它作为您的应用程序的一部分，的使用 ServiceManagement 框架来部署它。您的用户输入密码一次，部署工具时。它安装它作为一个的launchd 工作;从此你使用<一个href=\"http://developer.apple.com/library/mac/#documentation/Darwin/Reference/ManPages/man5/launchd.plist.5.html%23//apple_ref/doc/man/5/launchd.plist\"相对=nofollow>所有的launchd点播机制启动助手，让它为你做的工作。

The "modern" way to do a helper tool on Mac OS X is to ship it as part of your app, and use the ServiceManagement framework to deploy it. Your users enter their password once, when deploying the tool. That installs it as a launchd job; from then on you use any launchd on-demand mechanism to launch the helper and get it to do work for you.

注意，博客文章链接以上建议您保护与<一个辅助的后续调用href=\"https://developer.apple.com/library/mac/#documentation/security/conceptual/authorization_concepts/01introduction/introduction.html\"相对=nofollow>授权服务升级，以避免具有任意权限升级，任何人都可以使用。这看起来是不是有点影响的用户只需输入自己的密码，一旦效益，虽然可以使用<一个href=\"https://developer.apple.com/library/mac/#documentation/security/conceptual/authorization_concepts/01introduction/introduction.html\"相对=nofollow> AuthorizationRightSet（） 在策略数据库中创建您的应用程序的授权令牌，所以实际上你可以定义用户是否需要present在首次部署的密码。

Notice that the blog post linked above recommends that you protect subsequent invocations of the helper with an Authorization Services escalation, to avoid having an arbitrary privilege escalation that anyone can use. This seems like it somewhat impacts the "users can just enter their password once" benefit, although you can use AuthorizationRightSet() to create your app's authorization token in the policy database, so you can actually define whether users need to present passwords on first deployment.

这是该职位的样本code是 GitHub上，并使用<$ C $演示C> ServiceManagement 部署辅助工具，授权服务来控制访问它。

The sample code from that post is on GitHub, and demonstrates using ServiceManagement to deploy the helper tool and Authorization Services to control access to it.

这篇关于如何使用BetterAuthorizationSample？ - 可可的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！