On 3/30/11 1:51 AM, "Quinn "The Eskimo!"" <eskimo1@apple.com> wrote:
On 29 Mar 2011, at 19:35, Luke Scott wrote:
Because of this key System Preferences can start/stop the service without being root.
You're starting from a false assumption here. System Preferences has a privileged helper tool that it talks to (via IPC) in order to do any privileged operations. That tool then protects those operations using Authorization Services. The Sharing panel lets you start and stop Web Sharing without a password because the admin credentials you supplied when you logged in satisfies the "system.preferences" authorisation right. If you log in as a non-admin user, that's not the case, and you must supply a password to acquire the right to start and stop Web Sharing. Similarly, if you click the lock icon at the bottom of System Preferences, we destroy your admin credential and thus you must supply it to make changes like this.
Thank you for all the information. This really helps out a lot and clears up a lot of confusion. Is the SHAuthorizationRight key part of launchd, or is it a OSX/System Preferences specific key that's just added to the plist? Are there any other useful code samples besides BetterAuthorizationSample? Perhaps one that implements the lock icon (3rd party or otherwise)? Now that I have a better understanding of how this works perhaps it'll be easier to find. Last question I have is what is the "best practice" for naming "rights" and/or the application bundle. Should it always start with com.apple? One of the documents mentioned doing something like com.apple.company.product.action. How is the bundle name of the application relate to "rights", if at all? Thank you, Luke