Discussion:
Drag'n'Drop install
William Uther
2007-08-09 23:04:25 UTC
Permalink
What's wrong with a drag 'n' drop install? There is nothing external
to the app's bundle. Is there?
I think the issue is that part of the bundle needs to be setuid root
in order to to be able to launch tunnels that use ports below 1024,
and (guessing here) drag'n'drop isn't going to preserve setuid root.
(At least I _hope_ it doesn't.)
I've seen a bunch of apps that install as drag'n'drop. Then when you
first run them they check their own permissions. If they aren't
setuid, then they use the normal "get admin permissions" dialog to
get admin permissions and set their setuid bit. Then they restart
themselves.

The FinkCommander application is one example: http://
finkcommander.sourceforge.net/

The end result is a drag-n-drop install that still allows setuid use.

Cheers,

Will :-}
Aaron Jacobs
2007-08-09 23:41:20 UTC
Permalink
Post by William Uther
I've seen a bunch of apps that install as drag'n'drop. Then when you
first run them they check their own permissions. If they aren't
setuid, then they use the normal "get admin permissions" dialog to
get admin permissions and set their setuid bit. Then they restart
themselves.
I think this is the way to go, except it should only ask for admin
permission if you use a feature that requires the special
permissions. As someone who doesn't use such a feature, having to
use a .pkg file to install and/or having to authenticate would be
annoying to me.
Tim Cutts
2007-08-10 06:34:43 UTC
Permalink
Post by Aaron Jacobs
Post by William Uther
I've seen a bunch of apps that install as drag'n'drop. Then when you
first run them they check their own permissions. If they aren't
setuid, then they use the normal "get admin permissions" dialog to
get admin permissions and set their setuid bit. Then they restart
themselves.
I think this is the way to go, except it should only ask for admin
permission if you use a feature that requires the special
permissions. As someone who doesn't use such a feature, having to
use a .pkg file to install and/or having to authenticate would be
annoying to me.
I agree with this wholeheartedly. I recommend SSHKeychain to Mac
users at work, but the vast majority of them do not have
administrative access to their Macs (they're centrally administered)
and so we have to install SSHKeychain for them, if it's a .pkg. If
it were a normal app which just asked for admin access when it needed
it, that would be great, but I don't know how Mac OS X does it.
Presumably there's a framework which works a bit like 'sudo', but
graphically.

Tim
--
The Wellcome Trust Sanger Institute is operated by Genome Research
Limited, a charity registered in England with number 1021457 and a
company registered in England with number 2742969, whose registered
office is 215 Euston Road, London, NW1 2BE.
Loading...