Installing a prerequisite library to a system directory


#1

I’m porting a plugin to OSX. Despite being new to OSX, I understand there are often a lot of security preliminaries which need to be taken into account as far as deployment is concerned.

However, what I’m not so sure about is how much this would interfere with a simple mechanism in Ruby which would ask the user for their password so a file could be copied to a sub folder within the system’s /Library directory.

The initial process would be as follows:

  1. User installs plugin to host application.

  2. User launches plugin.

  3. Let user know that they need to give their password to finish the installation. If the password is given, install necessary prerequisite to system directory.

  4. Run the plugin, all is good.

Is this possible? I know this might sound like a stupid question, but I’m not aware of any OSX-specific Ruby API to aid in the facilitation of something like this.

While I can execute something like system("echo <password> | sudo -S <command>"), is there an alternative for situations in which the user doesn’t have a password set? My understanding is that OSX won’t allow for the sudo command to be executed unless the user has a password.

I must be missing something, but this is indeed somewhat of a conundrum.


#2

The SketchUp API doesn’t support any of this. We have seen some extensions that do something like this, they either provide installers for the whole process - or they bundle an installer with the RBZ which is then executed upon installation (Where the user then need to give the installer permission to continue.)

Is the library really needed to be installed to system directory? You cannot set it up to work locally for your extension only?


#3

I’ll second TT’s question: why is it necessary for you to install something in the /Library folder? I’m not saying there couldn’t be a reason, but you haven’t articulated one. I note that although Macs, like Windows machines, are multi-user, the great majority are used by only a single person. In real multi-user situations it is generally possible for an admin to place files in a system folder or to tweak permissions.

You are incorrect about sudo: a user must have admin privilege to be able to run sudo at all, and it always requires an admin password even if you are logged onto an admin account. Further, it elevates the permissions to the root user level, which totally defeats security and is inadvisable in any situation where the user is not fully aware of all the commands that may be run.


#4

@hgschutte1, I also would like to know a use-case that would justify the additional threat to my mac’s security?
do you want your plugin to be available to all users or do your intentions differ?