How do I give a CGI script permission to access Calendar?

permission webserver calendar

When I run my script from the command line I can use - am actually prompted to use - System Preferences to add ssh-keygen-wrapper to be authorised to access the Calendar.

But when I run the script as a CGI program it is not authorised to access the Calendar - it is running as nobody and fails - and I don't know how to give the CGI-invoked script required permission.

A related question is even whether I should as giving nobody access to Calendar ... but that's a separate issue.

[FYI]
macOS High Sierra Python CGI script using an AppleScript to read Calendar events


Solution 1:

The nobody user is non-interactive and doesn’t have calendars anyways. You will need to have some component (maybe another custom app/process) running as you to deliver the calendar info.

You really have two options, one of which is very bad.

Firstly, you could have your CGI scripts run as you. This isn’t hard but super dangerous and not recommended.

Secondly, you can build what is essentially a calendar proxy. This could be another program (running as you) which ever five minutes reads the calendar data and writes it out to a file which nobody, the account, can read. You already seem to be familiar and working just fine with calendars so this shouldn’t be an issue, it’s just another script that you schedule with cron.

Another thing, though I’m really not sure if it will work for nobody, is that you can run sudo su nobody and then launch it. Since OSX knows that the PTTY is attached to your user session it will show the prompt there for you to accept. While you still won’t be able to access your users calendars, this trick is useful if you have to use these sorts of permissions as root whom also doesn’t a graphical session.

Solution 2:

Of course @Sirens points out the obvious flaw in my approach. I had used the AppleScript as an easy way to access the Calendars available at the command line of the user I was logged in as but, of course, were not available to nobody.

I gratefully considered @Siren's answer and agreed with him that my approach was basically unsound and a workaround was either too dangerous or ungainly to consider pursuing further.

I hope this constitutes an answer - useful to anyone who also took this wrong turning - since it seems obvious to pursue a better informed tack using available Python libraries to build a CGI script where I (and nobody) can explicitly provide the Calendar with client credentials independently of the user or machine running the script.

I have used caldav as a proof of concept but found a few issues in doing so, so am now looking at Apple's CalDAVClientLibrary which looks to be a bit more comprehensive.

Related

What is this button on my MacBook Pro Touch Bar?
Recovering unsupported apps in iOS 11
App Store still shows download option for Mac OS High Sierra?
Photos media library on external hard drive
enable program for all users (root included) installed via Terminal from source (tarball)
Triangle on my pictures
Reinstalling windows 10 on bootcamp
How do I switch off/shutdown an iPhone with a broken power button?
Anker Charger 45W for Macbook Pro 15 inch 2017
How can I backup/restore an app (not just it's data) in iOS 10?
How to export only the selected part of my Numbers file to PDF?
Why does Apple iCloud photosharing use googleapis.com?