sudo from swift MacOS app

Hi, I'm working in a MacOS Swift app that uses hdiutil and asr. Although I can send the sudo credentials and it can be read perfectly in the terminal, sometimes it appears that they are not enough to allow the program to run, throwing the following error: (asr) Failed to create source stream for replication Volume replication failed - Operation not permited

This seems to be a permisions issue, because the very same code run perfectly when it is started from the terminal (szh).

What would be the most practical way to overcome this issue?

Any help will be highly appreciated.

Up vote post of Lautarob1 Down vote post of Lautarob1
505 views
Posted by
Lautarob1
Reply
Add a Comment

Replies

There are multiple issues in play here. First, I recommend against using sudo for privilege escalation. See BSD Privilege Escalation on macOS.

However, that’s not the full story here. The specific error you’re seeing, Operation not permited, indicates an issue with either MAC or the App Sandbox. See On File System Permissions for more background on that.

Is your app sandboxed?

Share and Enjoy

Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@" + "apple.com"

Posted by
eskimo
Up vote reply of eskimo Down vote reply of eskimo
Add a Comment

Thanks!

The app (under development, using Xcode) IS NOT sandboxed. So, it must be a permission issue. Now, I was able to run some commands that requires sudo (certain hdiutil for example), so I verified that the sudo passw was transmited correctly and some kind of permission were actually granted. The issue happened with asr, which even after being able to validate the admin password (which I passed in a command via process and pipe) it still produced the error.

You said "I recommend against using sudo". What would you recommend to to? Would it be using a helper tool (and if that case, could you please point me to a good tutorial on implementing and using a helper tool within a swiftUI app?

Further comments: (from the first link)

2 says- If you’re working interactively on the command line, use sudo.

That is nearly my case, I'm just trying to have the terminal command executed from my swift app and show/uses there some results.

3 says- If you’re building an ad hoc solution to distribute to a limited audience, and you need one-shot privileges, use either AuthorizationExecuteWithPrivileges or AppleScript.

That is also my case, only need to execute a couple of sudo commands just to grab some info produced by asr and hdiutil.

After knowing a little more about what I'm trying to do, would you recommend a helper or using the deprecated AuthorizationExecuteWithPrivileges would be fine? Or how can I get my sudo command being sent from my app thru Process() fully recognized as when I use it right in the terminal console?

Again, thanks a lot for your prompt reply and insightful information,

Best,

Lautaro

Posted by
Lautarob1
Up vote reply of Lautarob1 Down vote reply of Lautarob1

  • Sorry, as to # 3 above, AuthorizationExecuteWithPrivileges would not be acceptable, as it seems to require an admin password for each task that requires privileges. What I need is to grab the password only once, and then use it as needed, depending on the options choose by the user ( it will be used 3 - 4 times, probably less, this is a very simple app).

    Lautarob1
Add a Comment

Is this a product that you intend to ship to a wide range of users? Or something that you only plan to run locally? Or within your organisation?

Share and Enjoy

Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@" + "apple.com"

Posted by
eskimo
Up vote reply of eskimo Down vote reply of eskimo
Add a Comment

hi Quinn, thanks for your replay!.. I was able to find a solution for my problem. Thanks any ways for asking! Happy new Year!

Posted by
Lautarob1
Up vote reply of Lautarob1 Down vote reply of Lautarob1
Add a Comment