Common writable folders

sims sims at ezpzapps.com
Thu Jan 18 15:28:39 EST 2007


At 12:10 PM -0800 1/18/07, Jim Ault wrote:
>On 1/18/07 11:41 AM, "J. Landman Gay" <jacque at hyperactivesw.com> wrote:
>>  Thanks. It's the space in "Application Support" that is causing the
>  > trouble.

Sorry to be late to this...but experimenting cooking experiments & 
new wine usually comes first.

You'll find more info on this at: 
http://developer.apple.com/technotes/tn2002/tn2065.html

HTH
sims
-----------

Q: How do I get administrator privileges for a command?
A: Use the administrator privileges, user name and password 
parameters like this:
do shell script "command" user name "me" password "mypassword" with 
administrator privileges
user name and password are optional; if you omit the user name, do 
shell script assumes it to be the current user; if you omit the 
password, it will ask for a password when it runs. Once a script is 
correctly authenticated, it will not ask for authentication again for 
five minutes. As of Mac OS X 10.4, this grace period does not extend 
to any other scripts or to the rest of the system; manually calling 
sudo -k is unnecessary.
For security reasons, you may not tell another application to do 
shell script with administrator privileges. Put the command outside 
of any tell block, or put it inside a tell me block.

Bear in mind that administrator privileges allow you to change any 
file anywhere in the system. You can render your system unbootable or 
even erase the entire disk with a few well-placed commands, so 
exercise caution. Better yet, don't use administrator privileges 
unless you absolutely have to. Unless you are doing system-level 
development, you should never need to change anything in /System - 
changing /Library should suffice.
Note: Using sudo(8) with with administrator privileges is generally 
unnecessary and creates security holes; simply remove the "sudo".

WARNING: In Mac OS X 10.4.0 and 10.4.1, with administrator privileges 
executes the command with only the effective user id set to root. 
This causes trouble for some commands that rely on the real user id - 
for example, Perl will turn on its "taint mode" security checks, and 
sudo(8) will hang. To work around the problem (assuming you cannot 
simply remove a use of sudo; see above), preface your command with a 
small Perl script to set the real user id, like this:
do shell script "/usr/bin/perl -Ue '$< = $>; system(@ARGV)' 
my_command" with administrator privileges

Mac OS X 10.4.2 sets both the real and effective user ids; the 
workaround described here will be unnecessary, but harmless.
WARNING: Prior to Mac OS X 10.4, with administrator privileges did 
not work correctly with multiple commands. You had to turn your 
multiple commands into a single invocation of sh, like this:
set normal_command to "command1; command2"
do shell script "sh -c " & quoted form of normal_command with 
administrator privileges

As of Mac OS X 10.4, you can use with administrator privileges with 
multiple commands as described in "how can I use more than one 
command" above; no workaround is necessary.



More information about the use-livecode mailing list