launch applications as a specified user

3

3co

Registered
I want to launch an application from the terminal as another user without lefting the session. I try "login", "su" , "sudo" before the "open" command but each time I get this error message :

kCGErrorIllegalArgument : initCGDisplayState: cannot map display interlocks.
kCGErrorIllegalArgument : CGSNewConnection cannot get connection port
INIT_Processeses(), could not establish the default connection to the WindowServer.Abort trap

What's going on ?
thanks
 
You're running into something called security :)

Picture this: You're playing on your computer, a software update window opens up on your desktop. You say "yes, I want to install". You put in your password, the application suddenly quits. You then open up software update yourself, and do it over again? Did software update crash? No, what really poped up was an application someone wrote that looked like software update, and it just got your password. Now, someone who had ssh'd into your computer (or, maybe lap computer at school, etc.) has your password, and you don't even know it, because you just thought software update crashed.

Or...

Picture this: someone tries to run the app as above, but is not allowed to display it to the desktop because they are not logged in to the desktop, they have to be logged in as you to do so.

Which do you want? :)

Brian
 
You know, i didn't plane to hack myself. :)

I am a poor (french) physicist who just wants to run a software (matlab ::evil:: ) wich needs to be launch from a session with NO admistrator privilege from it's current session wich has the administrator privilege.

If I understand your point, there is no solution, exept an upgrading to MacOs10.3 where the session manager allows a quick change between the different session :(

thanks
by the way, is it possible with 1O.3 to use virtual desktop, as in all Linux distribution ?
 
There is no virtual desktop built into 10.3. Virtual desktops are handled by the window manager, not linux itself, you're just used to having window managers that support them, there are window managers on linux that do not support them. You can purchase a virtual desktop package for OS X called Virtual Desktops from CodeTek (http://www.codetek.com). It works in 10.2 and 10.3 (Not sure if 10.1 support is still there, but it used to exist), it's around $30 US.

Brian
 
Salut 3co. I am slightly familiar with matlab; why do you need to launch it from a session without admin privileges?

As long as you disbale password caching in the keychain manager you'll be prompted for an administrator login every time (presumably, a student) tries to edit any system settings, even if they're logged IN as an administrator.

Or are you worried about the shell?

PS You're launching matlab from the terminal, is this an application with an X11 interface? If so there's a workaround.

What is your situation? Are you in a lab with many people using it? Are you the only user? If so, why are you worried about admin privs.

(Envoyez moi un message privé si vous voulez, nous pourrons l'en disucter...)
 
When i get my ibook I just open a session with the administrator rights and used it as the current session :-( . But mathlab works only with a limited rights, so i open another session to use it.
My problem was :I couldn't acces my whole data because one half was from the administrator session and the other half from the "normal rights" session.
The solution was simply to move all my data to the normal session, with the chown -R command and respect the "never use the root/administrator account for current operation"
Well, finaly it was just a bad habits of MacOs9 user ! (I'am affraid there is plenty).
Maybe there should some kind of "how to administrate" MacOSX, written for people who do not know nothing about The UNIX way of computer ?

Thank you guys for help ;-)
 
3co, the rule you know is slightly different: "never use root for normal operation", you can use an administrator account as much as you want, just make sure you don't cache the admin paraphrase (in the keychain option), ever.

Glad you fixed it, and that's a totally valid solution (along what I was going to suggest actually).
 
You must log in or register to reply here.
Back
Top