我正在写一些需要经常以root权限运行命令的软件。用Mac应用程序获得swift的管理权限
现在,我通过询问用户密码一次,保存密码,然后提供密码NSAppleScript
作为参数以及with administrator privileges
。
这对用户来说显然是不安全的,因为有人可以访问他们的密码。
我一直在寻找更好的一周的一部分,并找不到解决方案。
SMJobBless似乎允许您安装具有更高权限的应用程序。
我跟着应用程序的例子,我从他们的SMJobBlessUtil脚本得到一个错误。
以下是错误:
SMJobBlessUtil.py: tool designated requirement (identifier "com.domain.AppName.SampleService" and anchor apple generic and certificate leaf[subject.CN] = "Mac Developer: firstName lastName (XXXXXXXXXX)" and certificate 1[field.1.2.840.113635.100.6.2.1] /* exists */) doesn't match entry in 'SMPrivilegedExecutables' (anchor apple generic and identifier "com.domain.AppName.SampleService" and (certificate leaf[field.1.2.840.113635.100.6.1.9] /* exists */ or certificate 1[field.1.2.840.113635.100.6.2.6] /* exists */ and certificate leaf[field.1.2.840.113635.100.6.1.13] /* exists */ and certificate leaf[subject.CN] = "Mac Developer: firstName lastName (XXXXXXXXXX)")
显然,什么是错的。这里是各自的Plist
服务信息的plist
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>CFBundleIdentifier</key>
<string>com.domain.AppName.SampleService</string>
<key>CFBundleInfoDictionaryVersion</key>
<string>6.0</string>
<key>CFBundleName</key>
<string>SampleService</string>
<key>CFBundleVersion</key>
<string>6</string>
<key>SMAuthorizedClients</key>
<array>
<string>anchor apple generic and identifier "com.domain.AppName" and (certificate leaf[field.1.2.840.113635.100.6.1.9] /* exists */ or certificate 1[field.1.2.840.113635.100.6.2.6] /* exists */ and certificate leaf[field.1.2.840.113635.100.6.1.13] /* exists */ and certificate leaf[subject.OU] = xxxxxxxxxx)</string>
</array>
</dict>
</plist>
应用信息的plist
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>CFBundleDevelopmentRegion</key>
<string>en</string>
<key>CFBundleDisplayName</key>
<dict/>
<key>CFBundleExecutable</key>
<string>$(EXECUTABLE_NAME)</string>
<key>CFBundleGetInfoString</key>
<dict/>
<key>CFBundleIdentifier</key>
<string>$(PRODUCT_BUNDLE_IDENTIFIER)</string>
<key>CFBundleInfoDictionaryVersion</key>
<string>6.0</string>
<key>CFBundleName</key>
<string>Away</string>
<key>CFBundlePackageType</key>
<string>APPL</string>
<key>CFBundleShortVersionString</key>
<string>1.0.99</string>
<key>CFBundleSignature</key>
<string>????</string>
<key>CFBundleVersion</key>
<string>9</string>
<key>LSApplicationCategoryType</key>
<string>public.app-category.utilities</string>
<key>LSMinimumSystemVersion</key>
<string>$(MACOSX_DEPLOYMENT_TARGET)</string>
<key>LSUIElement</key>
<true/>
<key>NSHumanReadableCopyright</key>
<string>Copyright © 2016 firstName lastName. All rights reserved.</string>
<key>NSMainStoryboardFile</key>
<string>Main</string>
<key>NSPrincipalClass</key>
<string>NSApplication</string>
<key>SMPrivilegedExecutables</key>
<dict>
<key>com.domain.AppName.SampleService</key>
<string>anchor apple generic and identifier "com.domain.AppName.SampleService" and (certificate leaf[field.1.2.840.113635.100.6.1.9] /* exists */ or certificate 1[field.1.2.840.113635.100.6.2.6] /* exists */ and certificate leaf[field.1.2.840.113635.100.6.1.13] /* exists */ and certificate leaf[subject.CN] = "Mac Developer: firstName lastName (XXXXXXXXXX)"</string>
</dict>
</dict>
</plist>
我看着at this stackoverflow post和其他许多人喜欢它。据我了解,我的plists设置正确。我究竟做错了什么?
我不打算保持赏金。在Reddit上发布的问题是它说的是字符串。我确实是随机遇到了这个排列。但你的回答是够好的。我建议您编辑您的问题,以合并来自原始问题的逐步更改。我被困在这个好几天了,我仍然不明白这个不完整的身份线是如何的,而苹果有一个更长的字符串 – Cripto
好吧,现在我不觉得这个傻瓜。再一次,奖励是没有必要的,但非常感谢......我已经更新了我的答案,试图解释你所问的关于整体的基本原理和具体情况;不要犹豫,如果没有涵盖它。 –