How do I do this on Mac?
I need the user to be able to install a specific file in a specific folder within the /System/… path.
I’m guessing there is an MBS plugin for this, but I can’t find it.
More, this is a default path where everything the user creates will go, so is it possible do something so that my app can always safe there without re-authenticating every time?
AuthenticateMBS class maybe?
This is not going to work on Catalina unless you’re instructing users to disable SIP. I don’t recall your specific use case, so I’m just offering the tip.
Pre-Catalina I had achieved this with AuthorizationMBS and a shell script that used cp.
This will not work.
Not a chance.
If you’re looking for somewhere to store shared user data, you can use SpecialFolder.SharedDocuments and create a child folder in there. That’s the “macOS way” to do it. This folder is /Users/Shared and you’ll be among friends like Adobe, Blizzard, and Parallels.
[quote=485337:@Chris Halford]How do I do this on Mac?
I need the user to be able to install a specific file in a specific folder within the /System/… path.
[/quote]
IF you can avoid this please do !!!
[quote=485337:@Chris Halford]
I’m guessing there is an MBS plugin for this, but I can’t find it.
More, this is a default path where everything the user creates will go, so is it possible do something so that my app can always safe there without re-authenticating every time?[/quote]
IN /System ?
Please dont
This is why Apple is, under Catalina, splitting the System volume off so basically you CANT do stuff like this
It’s a bad idea
Tim, Catalina sucks.
The problem is that my software is making ICC Profiles, which “should” go into /System/Library/ColorSync/Profiles.
Apparently they can also go into /Library/ColorSync/Profiles/
Before there used to be a ~/Library/ColorSync/Profiles folder where I’d install them. A lot of users complained because they should be installed where all users can get them (I installed them there anyway), but that folder doesn’t even seem to exist on a clean installation of Catalina. Bot sure if I should just create it myself.
I would definitely try this directory rather than the System one.
I’d put them in /LibraryColorSync/Profiles
That dir is still available to all users and doesnt require you to mess with /System which Apple seems to be pushing to be for the OS only and users completely locked out of it even if they are root (for security reasons)
Norman, it’s read only.
As is /System/Library/ColorSync/Profiles
To install system wide anything you need to authenticate
But you should still put it in the right place
From File System Basics
Apple publishes several guides that tell you the correct places to put things
File System Basics has a section “Domains Determine Placement of Files”
So Library/ColorSync/… should be ok if I authenticate?
It seems to be the right place
I’d read the docs at the link I referred to and see if this is discussed in more detail on Apples Developer site since that is the right authority to check
It might even be discussed on the apple developer forums
I dont know is if /Users/Shared might be an acceptable alternative as that is also common to all users
Apple doesnt seem to mention it very much and all conversations I quickly found suggest its useful for document sharing between all accounts on a machine but says nothing about things like color profiles or other “system” type settings etc
This might be mentioned in docs to do with colorsync though
No, don’t authenticate. Use an installer instead. There you already have the authentication. Or go to the user folder instead of the system folder.
Beatrix, the problem is my software creates these files routinely. In fact every time the user runs it. So my software would basically have to be an installer.
I think the the latter answer is correct: that to the distaste of some of my users, I need to install in the user’s own Library directory.
And the answer when your customers fuss is that they need to open a bug report with Apple about this since Apple has locked the system down and this is now what they require from developers. Welcome to iOS for Desktop 1.0.
Technically you could have a helper app, which is authenticated once via user and dialog.
In one app we use a helper console app, which is installed early and gets the setuid bit to run as root.
But I think currently Apple would prefer you use launch services to run the helper.
Your helper could then copy a profile from user folder to local library folder.
I’d give it a try anyway, just to have an answer.
On a Catalina setup that doesn’t have this ~/Library/ColorSync/Profiles folder, make one directly from within the Finder. Put your file in there and see whether the OS recognises the document (you may have to log out or restart to make it working).
This would take less than 5 minutes and give you a definite answer about whether this folder is a good choice (unless, of course, if your app is intended to always provide the profiles for all users).
And, if you ever try this, I’d be graceful from you to reply the result.
(I can hardly try this myself as I don’t deal much with CC profiles)
Apple’s security team are trying to keep this simple little trick secret, see why below!
If you can perform your command with sudo in the Terminal, you can do it through your application, but I don’t know how much longer you’ll be able to use this trick (it does currently work on Catalina).
You need to use a “NSAppleScript” class that executes a single line “Do shell script “””" with administrator privileges". Don’t use “Tell Application” as that will fail.
The user gets a system supplied dialog asking them to enter in their password, assigned to your application.
The “Correct” way to do this, is to create an XPC helper that performs the task. Then you execute that helper from your main application, after configuring it admin access. But it’s such a lot of work for something so simple.