tags:

views:

286

answers:

1
Q: 

Opening/Writing files as administrator/root using C++ (UAC/gksudo/etc.)

The application I'm working on requires the ability to edit certain protected files across Linux, OSX, and Windows [Vista]. Generally, when an application needs to do something with elevated privileges, a password request dialog appears asking the user to verify they want to allow the application to perform those operations as an administrator.

I believe in general, Windows Vista utilizes Manifest files, OSX has the Authorization library (https://developer.apple.com/mac/library/documentation/Security/Reference/authorization%5Fref/Reference/reference.html), and Linux has a variety of sudo frontends.

Is there a generally acceptable cross-platform way of handling this? I don't want my application to have to be run as the root user, but I do want it to be able to open a protected file for read/write operations, then resume back to normal user mode.

A: 

For Windows Vista, you basically need a dedicated process to do administrative actions. As you mention, the admin-enabled process will need a manifest to specify the requested execution level (see this MSDN article for details).

If you look closely at any Windows application that starts non-elevated and supports "elevating" itself, you'll see that it actually opens a whole new process once administrative privileges are needed (e.g. go to Task Manager when UAC is enabled, click "Show processes from all users" and note how it reopens with admin privileges).

So for Windows, the architecture you probably need would require two processes: a standard process to do most of the work, and an admin process to call into to do the admin operations. The two processes would need to communicate via some secure means (perhaps a secure named pipe) so that admin work could be done on behalf of the standard process.

This approach may be generalizable across other platforms, and perhaps could be abstracted in some sort of class/interface so that platform-specific details would not need to leak through.

bobbymcr  2009-09-10 04:33:58
Thank you for this information.
Michael  2009-09-10 06:46:34

related questions

VB.net 1.1 TCPIP Printer Port creation with CreateProcessWithLogon API
ORA-01031: insufficient privileges creating JMS connection to Oracle topic
How do I start an out of process COM server as another (more privileged) user
Oracle Trigger Permissions
Running setup project (built in .NET) with admin privileges
ServiceController Required Privileges
Calling CreateProcessAsUser from C#
How to elevate privileges only when required?
Detect if running with administrator privileges under Windows XP
Why do profilers need administrative privs (on Windows)
How can I tell if my process is running As Administrator?
Read user rights using VBscript
Can I place the .NET framework on a machine without needing admin privileges?
On Windows XP: How to create an User that has no read access to any directory besides one certain directory?
Providing MySQL users with just the minimum privileges
Best way to know if a user has administrative privileges from a VBScript
In MySQL 5.x, is it possible to give permissions based on conditions (not using views)?
Mark an Active Directory Object as "Read-Only"?
User Privileges
Does full trust mean the same as Run As Administrator
What database privileges does a Wordpress Blog really need?
How does a program ask for administrator privileges?
How does a program ask for administrator privileges?
PostgreSQL 8.3 privileges not updated - wrong usage?
Sharepoint: executing stsadm from a timer job + SHAREPOINT\System rights