If you need root access privileges in your process, you need to start your Lisp process as root initially. It is not generally possible to make a non-root process run as in retrospect.
Fortunately, Unix has a mechanism that allows a process to switch between root and non-root privileges at run time. That mechanism is called effective user id. A process that runs as root can switch to a non-root effective uid using the seteuid
system call, and it can also switch back to "being" root that way.
Certainly, if you start your Lisp process as root, that process has full control over the machine, and depending on what data and machine you're dealing with, you need to be considerate as to what possible security holes you open by that. Fortunately, buffer overflows are hard to produce in Lisp, so from that perspective, you're on the safer side :)
Access to the system call interface is not standardized in Common Lisp, but most implementations have a native interface to the system, and you can also use CFFI if you plan for your program to be portable across Linux/Unix based Lisps.
Here is a transcript of SBCL running as root demonstrating the use of seteuid:
CL-USER> (defun write-file-in-filesystem-root ()
(handler-case
(with-open-file (f "/only-root-may-write-to-root"
:direction :output
:if-exists :supersede)
(write "hello" :stream f))
(error (e) (format t "error: ~A~%" e))))
WRITE-FILE-IN-FILESYSTEM-ROOT
CL-USER> (sb-posix:seteuid 0)
0
CL-USER> (write-file-in-filesystem-root)
"hello"
CL-USER> (sb-posix:seteuid 1000)
0
CL-USER> (write-file-in-filesystem-root)
error: error opening #P"/only-root-may-write-to-root": Permission denied
NIL
CL-USER> (sb-posix:seteuid 0)
0
CL-USER> (write-file-in-filesystem-root)
"hello"
CL-USER> (delete-file "/only-root-may-write-to-root")
T
If all you need is access to protected files, if staying OSX specific is acceptable and if you want the user to authenticate using the standard authentication requester, you can use the authopen command which is specific to OSX.