On 13/3/2006, at 6:01, Charilaos Skiadas wrote:
On Mar 12, 2006, at 10:51 PM, Gavin Kistner wrote:
FWIW, sometimes when I edit root-owned files, I have to authenticate twice in a row before the file saves. But then it saves just fine.
That happens to me too. The first time I save a root-owned file it authenticates twice, but in any subsequent saves of the file it authenticates only once.
The reason is that TM uses a bundled helper tool to do the actual saving.
This tool has setuid and is owned by root, meaning that everything it does, is done as root. To operate, this tool needs a com.macromates.textmate.openfile.readwrite.* right.
So normally when you save a file, and a password is requested, TextMate does not ask for the right to execute a program as root, instead it asks to obtain the right which is named above (for which things like who should be able to obtain it, for how long the right should be granted w/o password before asking for a new (timeout) etc. can be adjusted in the /etc/authorization file (for this right specifically, or for rights matching a pattern)).
However, since I cannot ship TextMate with the helper tool owned by roor and with the setuid bit set, I need to have TextMate setup the helper tool correct, and this can only be done as root.
So the first password requester asks for the right to execute code as root (basically sudo), and the second password requester then asks for the lesser right of simply operating the helper tool (enforced by the helper tool itself).
After having setup the helper tool correctly, there should no longer be asked permission to run code as root, and only one password requester should appear (but when/if you upgrade TM, the state of the helper tool is reset, and afterwards you will again get two password requesters).
I don’t know how easy this was to follow, but put shortly: it should ask for password twice, because it wants to do two different things, for which the rights are different.