sudo from swift MacOS app

Question

Created Dec ’23

Replies 4

Boosts 0

Participants 2

Hi, I'm working in a MacOS Swift app that uses hdiutil and asr. Although I can send the sudo credentials and it can be read perfectly in the terminal, sometimes it appears that they are not enough to allow the program to run, throwing the following error: (asr) Failed to create source stream for replication Volume replication failed - Operation not permited

This seems to be a permisions issue, because the very same code run perfectly when it is started from the terminal (szh).

What would be the most practical way to overcome this issue?

Any help will be highly appreciated.

Boost

Answer 1

DTS Engineer OP

Apple

Dec ’23

There are multiple issues in play here. First, I recommend against using sudo for privilege escalation. See BSD Privilege Escalation on macOS.

However, that’s not the full story here. The specific error you’re seeing, Operation not permited, indicates an issue with either MAC or the App Sandbox. See On File System Permissions for more background on that.

Is your app sandboxed?

Share and Enjoy
—
Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@" + "apple.com"

0

Answer 2

Lautarob1 OP

Dec ’23

Thanks!

The app (under development, using Xcode) IS NOT sandboxed. So, it must be a permission issue. Now, I was able to run some commands that requires sudo (certain hdiutil for example), so I verified that the sudo passw was transmited correctly and some kind of permission were actually granted. The issue happened with asr, which even after being able to validate the admin password (which I passed in a command via process and pipe) it still produced the error.

You said "I recommend against using sudo". What would you recommend to to? Would it be using a helper tool (and if that case, could you please point me to a good tutorial on implementing and using a helper tool within a swiftUI app?

Further comments: (from the first link)

2 says- If you’re working interactively on the command line, use sudo.

That is nearly my case, I'm just trying to have the terminal command executed from my swift app and show/uses there some results.

3 says- If you’re building an ad hoc solution to distribute to a limited audience, and you need one-shot privileges, use either AuthorizationExecuteWithPrivileges or AppleScript.

That is also my case, only need to execute a couple of sudo commands just to grab some info produced by asr and hdiutil.

After knowing a little more about what I'm trying to do, would you recommend a helper or using the deprecated AuthorizationExecuteWithPrivileges would be fine? Or how can I get my sudo command being sent from my app thru Process() fully recognized as when I use it right in the terminal console?

Again, thanks a lot for your prompt reply and insightful information,

Best,

Lautaro

0

Answer 3

DTS Engineer OP

Apple

Jan ’24

Is this a product that you intend to ship to a wide range of users? Or something that you only plan to run locally? Or within your organisation?

Share and Enjoy
—
Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@" + "apple.com"

0

Answer 4

Lautarob1 OP

Jan ’24

hi Quinn, thanks for your replay!.. I was able to find a solution for my problem. Thanks any ways for asking! Happy new Year!

0