I am working on a security agent plugin on Mac OS X and would like to allow the user to do a switch user (in the same way of the button "switch user" that is displayed when you lock your account).
After some research, I found this thread with the following solution from the command line:
/System/Library/CoreServices/Menu\ Extras/User.menu/Contents/Resources/CGSession -suspend
Launching this command line works well when the user is logged in. However, in the context of a Security Agent plugin: "The Security Agent runs with restricted permissions so that the user must be physically present, using the graphical user interface, in order to be authenticated. The graphical user interface elements can’t be used through a command-line interface such as the Terminal application or a secure shell (ssh) remote session"
So the command line call fails to execute. Is there any other solution to simulate a switch user, like sending an apple event? I didn't find any other solution.
Thanks in advance for any idea.
Best regards
Try making a LaunchAgent that runs for each user. In your Security Agent plugin, connect to the agent for the current console user (eg using BSD sockets), and tell it to run the CGSession command.
Related
Is it possbible to use node with admin or sudo privileges within electron?
I found sudo-prompt, but from my understanding, this could only be used to execute a shell command and not to use node functions (code from within the main.js-file for example).
Is this possible? If so, could you give me any advice on that?
Any help would be really appreciated, maybe I am just looking for the wrong things.
Thanks in advance!
Yes you can, take a look at electron-sudo module: https://github.com/automation-stack/electron-sudo
Run a subprocess with administrative privileges, prompting the user
with a graphical OS dialog if necessary. Useful for background
subprocesse which run native Electron apps that need sudo.
Windows, uses elevate utility with native User Account Control (UAC) prompt (no PowerShell required)
OS X, uses bundled applet (inspired by Joran Dirk Greef)
Linux, uses system pkexec or gksudo (system or bundled).
It is not recommended to run the entire Electron app as admin administrator. As this gives the entire app blanket access to change anything on the users machine. If someone were to inject code, or if you had a bug you could do lots of bad things to a computer.
It's better to run a single function and always prompt the user to login as admin before the function is run.
You can see this approach in a popular Electron app: https://github.com/microsoft/vscode
In the package.json file they have two useful dependencies:
https://www.npmjs.com/package/native-is-elevated
https://www.npmjs.com/package/#vscode/sudo-prompt
They check to see if permissions are elevated using native-is-elevated, and if not, prompt for an admin password using sudo-prompt.
You can read the source code for the process here: https://github.com/microsoft/vscode/blob/8845f89c1e4183b54126cd629cd45c8f0f7549f2/src/vs/platform/native/electron-main/nativeHostMainService.ts#L491
I have created an example Electron app using this approach here:
https://github.com/kmturley/electron-runas-admin
When I write reboot, computer says;
login:
password:
and I wrote these. Then the Welcome message comes to me. Login screen does not open. Like this:
Welcome to freeBSD!
Release notes, Errate htps://ww......
Security etc....
Documents installed with the system are in the
/usr/local/share/doc/freebsd/directory, or can be installed later
with: pkg install en-freebsd-doc. For other languages, replace ''en''
with a language code like de or fr.
Edit /etc/motd to change this login announcement.
I don't know if I understand correctly, but... do you mean that only console is available and there's nothing with UI on screen?
If so, you have to install/launch desktop environment first:
https://www.freebsd.org/doc/handbook/x11-wm.html
Based on your description, and contrary to the title of your question, you have successfully logged-in.
Login screen does not open.
In all likelihood, you are referring to Graphical User Interface (GUI) not appearing... Well, why would it? FreeBSD does not have GUI as part of the OS itself -- you'd have to install that separately...
When you installed FreeBSD you were asked for a root password and for adding more users, check the post-installation guide, therefore you need to use either the user you added or the root password.
In case you are using a custom image something like fabrik.red the username and password may differ.
In case you need to reset the root password check this video: https://www.youtube.com/watch?v=Xzk_U9E9jQU
I'm logged in with the Perforce viewer client on my MacBook Pro, and I keep getting this popup that says:
You don't have permission to execute the "P4 change -o" command
This happens ever 5 minutes or so. How do I turn this off?
The P4V client program will run certain commands as needed. It is possible that your workspace specification could have something mapped in it that you do not have sufficient permissions to run this command on. You can see what permissions are required for certain commands in the Server Administrator's Guide: http://www.perforce.com/perforce/doc.current/manuals/p4sag/chapter.protections.html#DB5-35217 (the change command requires "open" access level).
You may wish to check with your server administrator to check what you do have access to and look at the client workspace mapping to see if there might be something mapped there that your user does not have sufficient permission to access.
I have a windows application with user Interface that do some stuff...
Now my client wants that, when he pushes the power button MyApplication run before he forced to input the username and password!
comment: the system is multi user on windows XP or Seven.
Is it possible anyway?
I found the way to do this was to create a scheduled task with a trigger for "on startup". This starts the application before windows logon. This is particularly useful in a server type environment if you need to have something run that is not a service.
It is simple. The process is.
Run gpedit.msc
Go to computer Configuration -> Windows Setting -> Scripts(Startup/shutdown)
Go to Startup properties then you will get the new windows.
Now add the program that you want to run before login.
The right way to do this is to implement a Windows service.
I've used this article here as I run a Minecraft server which I need to have the console interactive so I can manage the server and running it as a service is not a good solution in such a case: https://www.tenforums.com/tutorials/138685-turn-off-automatically-restart-apps-after-sign-windows-10-a.html
What I did was edit the registry:
Go to HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
Create a new DWORD value (if this DWORD doesn't exist already) and
call it RestartApps with the value of 1
This now starts apps that usually startup before you log in and starts the programs in shell:startup
You can not run an exe without first loading the operating system. You can, however, run the exe without logging in first. Just add copy and paste the shortcut for the exe into C:\Documents and Settings\Administrator[or other user name]\Start Menu\Programs\Startup. Then check msconfig to make sure your exe is checked to run on startup.
Folks,
I've got a strange issue at the moment with a visual studio 2010 built MSI...
When I run the msi, it performs a few tasks, then executes a tool we built - this tool then carries out some more advanced work we couldn't do within a custom task.
The issue here, is then when the msi starts my custom built tool, it doesn't execute it with the same credentials as I start the MSI with (i.e. my administrative login).
Is there a parameter I can pass to an MSI to enforece this? Or perhaps I can pass the credentials to the process when I start it?
My process is started using Process process = Process.Start(procInfo) nothing fancy. I've also noted the ability to pass in a parameterised username/password/domain, but this will vary depending on the user who is installing - can this be extracted from the installer somehow?
Any help (or questions) welcomed.
Dave
EDIT: for clarity... I'm running the MSI under my domain account, and I want my custom process to run under that 'context'. At present, it starts (regardless of whether I start as administrator or not) under the SYSTEM account (rather than mydomain\me). I'm using Windows Server DataCenter edition if that helps...
I should also add, I think this is a policy issue, but I've no idea what to check/where to check...
By default Windows Installer runs custom actions as the current user. If the MSI is elevated, custom actions will run as the elevated user.
Please note that if you are running the MSI as an Administrator, it doesn't mean your custom actions will have full Administrator privileges. On Vista or higher any user can gain Administrator privileges through elevation.
So if your custom actions need Administrator privileges, make sure they use the msidbCustomActionTypeNoImpersonate flag so they run under the local system account.
If this is not the problem and you just need access to the current user data, can you please give me more details?