How can a console application use sudo under OS X if it needs root privileges?
I am wondering if it is possible for a command line application to request root access, such as trying to invoke itself with
I am looking for a solution that allows me to write applications that require privileges
It shouldn't always ask for root access, only when needed.
source to share
- it could
, but only if it was already called by root and therefore has a real UID of 0 and the effective UID of someone else.
- it could try the
or it could
run itself under UID 0, but only if
configured to allow it (which usually requires the user to send authentication, as would an authorization check).
- it can try to start a fresh copy of itself through
, but this again requires the user to submit authn.
- it could be set with a job
that it can interact with in the context of the system
. Communicating with this job would
trigger to invoke it, and apparently it is configured to run as root. This now requires the work to be already deployed, either through the installer (in this case the user authenticated) or through the API Management
API (again, the user will need authentication to approve this).
- it can use another poorly written job
to execute that job with UID 0. As noted, this is due to a poor job record
So, whenever possible, using a number of options, but all reliable ones require that the user is authenticated and that the tool has already been deployed so that it can run in the root context. I've actually written a whole book on this stuff ... see in particular chapter 6 of Professional Cocoa Application Security .
Note that all parameters except
(which I do not recommend you use) were actually included
to create a separate process, be it the calling process or
. This means that you actually have two separate executables: one that the user interacts with and one that performs privileged tasks. This is a better design than using all the features in one application, which is why I recommend this approach.