The Ultimate Business Machine - Archives
List of Categories : Database * Technology * Commentary * Singapore * Travel *
Thu 02 Feb 2006
About Authorisation Services and the Security Framework
Category : Technology/securityFramework.txt
Over the long Chinese New Year weekend just past, I've also built an experimental version of MailServe that uses Authorisation Services which, together with the Keychain, is part of Cocoa's Security Framework.
I was trying to avoid having to use sudo to change things at the system level but, instead, use a shell tool that has its uid set to root to do all the privileged operations. But a setuid root tool is a dangerous thing. And that's where Authorisation Services come in - to make sure that the user is authorised to perform each privileged operation, and to authenticate that the user is who he says he is. With the Cocoa API's, you get to do all these in an orderly way.
And there are few other benefits to doing things "the right way". If the user is using a Mac that allows him to authenticate using smart cards, finger print or retinal scanning, in place of passwords, my applications will still work without my having to do a thing.
But what I was trying to do now was to avoid holding on to the user's password, which I have to do as long as I have to pass it on to sudo.
I almost got there. It turns out that the postfix command needs to be performed by a superuser. But somehow a setuid root process, which should be considered as executing with the privileges of a superuser, is not considered privileged enough by the postfix command. I still need sudo to run the postfix command in the setuid process, and there's something I'm missing here. I'm so close to getting it done. The code's a lot neater, and I may be able to kill the occasional problems I have with people's passwords not working, once and for all, since I'm using the same authentication services that you use when you log in to your system or change network settings.