Starting/Stoping Apache HTTPD outside System Preferences
The plist file for the included version of Apache HTTPD contains a key called SHAuthorizationRight which is set to system.preferences. Because of this key System Preferences can start/stop the service without being root. I cannot find any documentation on this key. Is there any way to do this with my own plist and application? Basically I want to role my own version of httpd and create a launchd plist and be able to start/stop the service from a menu driven application. It needs to be able to do this without escalating it's privileges or entering a password. If there isn't a way, what are my (secure) alternatives, without entering a password, if any? Anyone know? Thanks, Luke
On 29 Mar 2011, at 19:35, Luke Scott wrote:
Because of this key System Preferences can start/stop the service without being root.
You're starting from a false assumption here. System Preferences has a privileged helper tool that it talks to (via IPC) in order to do any privileged operations. That tool then protects those operations using Authorization Services. The Sharing panel lets you start and stop Web Sharing without a password because the admin credentials you supplied when you logged in satisfies the "system.preferences" authorisation right. If you log in as a non-admin user, that's not the case, and you must supply a password to acquire the right to start and stop Web Sharing. Similarly, if you click the lock icon at the bottom of System Preferences, we destroy your admin credential and thus you must supply it to make changes like this. The infrastructure for doing this is available to third party developers: o Authorization Services is a public API. You can use it to create custom authorisation rights and to acquire those rights. <http://developer.apple.com/library/mac/#documentation/Security/Conceptual/authorization_concepts/01introduction/introduction.html%23//apple_ref/doc/uid/TP30000995> <http://developer.apple.com/library/mac/#technotes/tn2095/_index.html%23//apple_ref/doc/uid/DTS10003110> <http://developer.apple.com/library/mac/#qa/qa2001/qa1277.html%23//apple_ref/doc/uid/DTS10002309> o The System Preferences helper tool is just a launchd daemon, so you can create your own. BetterAuthorizationSample shows how to do this, and provides a bunch of reusable infrastructure. <http://developer.apple.com/library/mac/#samplecode/BetterAuthorizationSample/Introduction/Intro.html%23//apple_ref/doc/uid/DTS10004207> o If you can rely on Mac OS X 10.6 or later, you can use the Service Management framework (specifically SMJobBless) to make installing your launchd daemon easier. o If you want to implement the lock icon, SFAuthorizationView makes that easy. <http://developer.apple.com/library/mac/#documentation/Security/Reference/SecurityInterfaceFramework/Classes/SFAuthorizationView_Class/Reference/Reference.html%23//apple_ref/doc/uid/TP40003980> S+E -- Quinn "The Eskimo!" <http://www.apple.com/developer/> Apple Developer Relations, Developer Technical Support, Core OS/Hardware
On 3/30/11 1:51 AM, "Quinn "The Eskimo!"" <eskimo1@apple.com> wrote:
On 29 Mar 2011, at 19:35, Luke Scott wrote:
Because of this key System Preferences can start/stop the service without being root.
You're starting from a false assumption here. System Preferences has a privileged helper tool that it talks to (via IPC) in order to do any privileged operations. That tool then protects those operations using Authorization Services. The Sharing panel lets you start and stop Web Sharing without a password because the admin credentials you supplied when you logged in satisfies the "system.preferences" authorisation right. If you log in as a non-admin user, that's not the case, and you must supply a password to acquire the right to start and stop Web Sharing. Similarly, if you click the lock icon at the bottom of System Preferences, we destroy your admin credential and thus you must supply it to make changes like this.
Thank you for all the information. This really helps out a lot and clears up a lot of confusion. Is the SHAuthorizationRight key part of launchd, or is it a OSX/System Preferences specific key that's just added to the plist? Are there any other useful code samples besides BetterAuthorizationSample? Perhaps one that implements the lock icon (3rd party or otherwise)? Now that I have a better understanding of how this works perhaps it'll be easier to find. Last question I have is what is the "best practice" for naming "rights" and/or the application bundle. Should it always start with com.apple? One of the documents mentioned doing something like com.apple.company.product.action. How is the bundle name of the application relate to "rights", if at all? Thank you, Luke
participants (2)
-
Luke Scott
-
Quinn "The Eskimo!"