Hello, i'm using AuthorizationExecuteWithPrivileges to run a shell script with elevated privileges. After some time i am required to reauthorize again in order for this to work. Is there a way to set a custom (veeery long) timeout on the authorization so that i would only get a password dialog for my application once and would be able to execute the script without any prompts until i close the application?
A:
The expiration of authorization is there for a purpose, to increase security. So I don't think that it's good to try to subvert it.
That said, one way is to first convert your script to a small, well-audited C-program and to use the authorization obtained in the standard way to add the setuid bit to the binary. (Again, as a security feature, most UNIXes forbid setuid bit for shell scripts, because they are too dangerous.)
Then you don't even have to authenticate even when you close the app once and relaunch it again.
Yuji
2010-06-23 16:17:51