cool tip - launch an app as root via the command line (self service is calling)
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 10-07-2010 03:33 PM
so, by now, i'm sure many of you have looked at adobe's AUSST and
thought: "gosh, how nice. now i can host all of adobe's updates in
house like i do with my apple software updates on my apple server."
the problem, of course, is that once you ARE hosting an internal adobe
software update server, it still requires admin credentials for any
user to be able to get the updates. which sucks. our our stock user
account is non-admin, we come across this problem here a lot. so, i
wanted to post this tip as we stumbled across it yesterday and i
nearly jumped out of my pants. and that rarely happens these days
unless you're VERY attractive so... here goes.
basically, how you launch your application matters. in this case, when
launching via terminal... so, to follow along, log into any non-admin
account on your mac and then open terminal AND activity monitor. here
we go...
1) from terminal, SU to the root user.
2) then call a "typical" launch of, say, TextEdit, by typing this:
open -a TextEdit
3) That launches the app, but runs it as your non-admin account as
you'll see listed in activity monitor
4) But.... if you instead call the buried binary of the app by typing
this in terminal: /Applications/TextEdit.app/Contents/MacOS/TextEdit
5) That same app, in your non-admin account, now runs as root! check
activity monitor for yourself. (Not only that, but ctrl-c quits the
app....)
what does this mean? well... if you use Self Service, quite a lot,
actually... here's how we leveraged this nifty tip to allow all users,
admin or not, to use our internal adobe software update server.
the adobe application manager is the application that presents all
available adobe updates. that app is located at: /Library/Application
Support/Adobe/OOBE/PDApp/core/Adobe Application Manager.app but if
you launch that app as a non-admin, you can't install the software
since it asks for admin credentials, but...
we set up a policy (run from self service) and call the application
VIA THE COMMAND LINE to it’s full path:
/Library/Application Support/Adobe/OOBE/PDApp/core/Adobe
Application Manager.app/Contents/MacOS/PDApp
this ensures that it runs as root and, therefore, doesn’t ask for
admin credentials when running. clients simply click on the "install"
button and get everything they need.
kaBLAMO!
the great news: this tip works for many (but not all) other
applications. NB: as with any tip that involves invoking root
privileges, please use your best judgement.
david koff
mac systems admin
the j. paul getty trust
