Submit Hint Search The Forums LinksStatsPollsHeadlinesRSS
14,000 hints and counting!

Click here to return to the 'not quite a daemon' hint
The following comments are owned by whoever posted them. This site is not responsible for what they say.
not quite a daemon
Authored by: KWillets on Jul 29, '04 02:12:49PM

OK, I looked at rc.sleep and it implements some systemwide functionality. The SleepWatcher process in this case runs as root and polls /Users/* and /var/root for .sleep and .wakeup files, and executes each while su'ed to the directory name (!) where the file is found, eg /Users/bob/.sleep is run as "bob", whether that user exists or not.

The su step alleviates at least my concern over running arbitrary .sleep files as root. I would recommend a bit more attention to how user directories are found - for instance Oracle, etc. accounts often have non-/Users home directories. /Users/Shared also seems to pose a problem as well, although it will probably just error out unless a username of "Shared" exists.

Unfortunately I have not yet figured out how or where user information is hidden on OS X, so I can't say how to improve this.

[ Reply to This | # ]