5

I'm trying to remove a file form the ~/Library/PreferencePanes folder, and this cannot be done with normal privileges. Usually, if you need to delete any file from the ~/Library folder the system will ask for your username and password.

The current way I do this is with

[[NSFileManager defaultManager] removeItemAtPath:filePath error:&error]

but this keeps on returning an error ([error localizedDescription]):

theAppName.prefPane couldn’t be removed because you don’t have permission to access it.

What logic and code would I need to use in order to gain these elevated privileges needed for deleting files?

Thanks!

Andrei
  • 7,340
  • 19
  • 71
  • 116
  • Actually my answer is not the right one to use here. – Deepak Danduprolu Jun 07 '11 at 16:03
  • Hmm...seemed alright. I've been searching for the last couple of hours regarding this privileges thing, and I've seen similar answers to what you just said. Could there be an easier way to do this instead of using Authorization Services? – Andrei Jun 07 '11 at 16:07

2 Answers2

5

You should go through the Authorization Services Programming Guide. You will need to use AuthorizationExecuteWithPrivileges.

Community
  • 1
  • 1
Deepak Danduprolu
  • 44,306
  • 11
  • 98
  • 105
  • Any idea what that tool should be? Would that have to be an application that I create? – Andrei Jun 07 '11 at 15:57
  • There doesn't seem to be a way to use `NSFileManager` with elevated privileges. You might've to create a script and run that with elevated privileges using `AuthorizationExecuteWithPrivileges`. – Deepak Danduprolu Jun 07 '11 at 16:18
  • 3
    Yes, thank you. Following the "Here" link you posted above, I've managed to create my own code that uses the 'rm' tool to delete a file, while having elevated privileges. I posted the code here: http://stackoverflow.com/questions/3588779/obtaining-admin-privileges-to-delete-files-using-rm-from-a-cocoa-app/6269915#6269915 – Andrei Jun 07 '11 at 18:32
  • This solution is currently deprecated. Instead we should use the SMJobBless [link](http://www.stevestreeting.com/tag/smjobbless) which uses the ServiceManagement.framework. – falkon21 Dec 17 '15 at 16:40
1

The only method I could find and which worked for me was to create a command line tool in Xcode. Install the tool as a Launchd Job using SMJOBBLESS and then use XPC connection to talk to it. Follow the below EvenBetterAuthorization sample to understand how all of the above works.

https://developer.apple.com/library/mac/samplecode/EvenBetterAuthorizationSample/Listings/Read_Me_About_EvenBetterAuthorizationSample_txt.html#//apple_ref/doc/uid/DTS40013768-Read_Me_About_EvenBetterAuthorizationSample_txt-DontLinkElementID_17

Vinod Madigeri
  • 79
  • 4