NSTask a shell script with root access without asking for password

Question

I have a script that I am running from within a Cocoa application via NSTask. The script is using rsync to backup everything in the /Users folder to a server. The problem that I am running into is that when you run the program as user "a" the script doesn't have permission to do anything with the files that belong to user "b" so rsync only backs up the files that belong to the current user.

rsync: opendir "/Volumes/Macintosh HD/Users/userB/Applications" failed: Permission denied (13)

What I need to do is run the script as root so that it can backup all of the files regardless of the owner. The problem here is that users that don't have access to an administrator's account will be using this application so the script needs to run as root without asking for a password but at the same time it needs to be secure.

I have found a couple of suggestions saying to use chown and chmod to make it run as root, but apparently that doesn't work on scripts for security reasons.

Answer 1

You should look into "Privileged Helper Tools" which are tools that, once installed can run with administrator privileges upon summoning with a LaunchD mach service. They must be installed as a LaunchDaemon and the first person to use it must use a password. At this time it's not possible/smart to give allow NSTask to run with administrator privileges.

There is a blog post detailing this process here: http://atnan.com/blog/2012/02/29/modern-privileged-helper-tools-using-smjobbless-plus-xpc with the associated source code here: https://github.com/atnan/SMJobBlessXPC