 |
 |
Cocoa and BSD Permissions
|
|
|
|
|
Dedicated MacNNer
Join Date: Nov 2002
Status:
Offline
|
|
I'm writing a Cocoa web server with two components (both Cocoa); a GUI front-end and a daemon, which will communicate via distributed objects (because pipes are so passé).
I'm intending for it to be started with the GUI app, and then have the daemon start as root, bind to port 80, and then drop privileges (it only needs to be root for bind() so there's no reason for it to continue to be superuser). I can't work my way around Apple's authorization system, nor do I think it's necessary seeing as BSD provides setuid() and such; is it possible to use such BSD functions in a Cocoa app and achieve the desired result or am I forced to do it Apple's way?
|
|
I offer strictly b2b web-based server-side enterprise solutions for growing e-business trusted content providers ;]
|
| |
|
|
|
|
|
|
|
Addicted to MacNN
Join Date: Mar 2000
Location: London, UK
Status:
Offline
|
|
The real question is why would anybody want to use your server instead of Apache?
|
|
|
| |
|
|
|
|
|
|
|
Dedicated MacNNer
Join Date: Nov 2002
Status:
Offline
|
|
Originally posted by Angus_D:
The real question is why would anybody want to use your server instead of Apache?
The real question is, why should the only motivation for developing something be that it replaces the leading product?
I just wanna learn, dude.
|
|
I offer strictly b2b web-based server-side enterprise solutions for growing e-business trusted content providers ;]
|
| |
|
|
|
|
|
|
|
Addicted to MacNN
Join Date: Mar 2000
Location: London, UK
Status:
Offline
|
|
Originally posted by trusted_content:
I just wanna learn, dude.
As you already know, you'll have to be root to bind to port 80. There are several ways to run as root. I'd suggest that your server binary is not setuid root, but that you use Apple's Authorization API to have a small tool which you use for starting/stopping it, which is setuid root, as shown in AuthSample and MoreAuthSample. All Apple's authorization APIs do is provide a way of safely handling tasks which need to execute with root privileges, and a specific API (AuthorizationExecuteWithPrivileges) for installers to execute tasks with root privileges as a one-off occurrance (you can also use this API to repair setuid tools included within application bundles).
|
|
|
| |
|
|
|
|
|
|
|
Dedicated MacNNer
Join Date: Nov 2002
Status:
Offline
|
|
Thanks! Just after you posted that, I did a little googling and found a juicy little class called BLAuthentication that provides a nice Obj-C wrapper for the authorization and launching of the helper task and it uses the frameworks you described. Looks like I'm sorted. 
|
|
I offer strictly b2b web-based server-side enterprise solutions for growing e-business trusted content providers ;]
|
| |
|
|
|
|
|
|
|
Addicted to MacNN
Join Date: Mar 2000
Location: London, UK
Status:
Offline
|
|
Originally posted by trusted_content:
Thanks! Just after you posted that, I did a little googling and found a juicy little class called BLAuthentication that provides a nice Obj-C wrapper for the authorization and launching of the helper task and it uses the frameworks you described. Looks like I'm sorted.
BLAuthentication violates Apple's guidelines. You should really read their documentation.
|
|
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
 
|
|
|
Forum Rules
|
|
|
|
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
|
HTML code is Off
|
|
|
|
|
|
|
|
|
|
|
|
|
Top
