Re: Modifying sudoers

---

• From: haberg@xxxxxxxxxx (Hans Aberg)
• Date: Wed, 07 Dec 2005 17:36:02 GMT

---

In article <tph-B7916D.09245607122005@localhost>, Tom Harrington
<tph@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote:

> > Right now it seems that 'sudo' gives the same permissions as root. There
> > ought to be a stripped down admin permissions, which exlcudes hard core
> > root work, preventing system damage. But even then, I think one would not
> > want any user to do admin work.
>
> There is such a "stripped down" permission-- just set the account as an
> administrator in System Preferences. These accounts get an extra level
> of permission as a result of belonging to the right Unix "group", which
> allows write access to places like /Applications/ that non-admin users
> don't get. It doesn't give root-level permissions unless you also use
> "sudo" or "su".

I really mean the permissions as 'sudo' that Administrator accounts get,
because a person which does not know exactly what to do, can cause serious
damage to the systems installation. If one absolutely needs to be the full
root, then one should become root, but only those that really know what
they are doing, should do that. Somebody mentioned that this was a kind of
setup actually in use on UNIX multiuser systems, and it seems wise for
Mac's to copy that. This approach will also make it harder for any
eventual future malicious hacker software to take over the computer, as
program installations will not give full permissions to the installation
program: One way to take over a Mac is to post a corrupted installation
version of an otherwise legit application, and let the installer give away
root permissions when innocently typing the password with admin
permissions, as one always does.

--
Hans Aberg
.

---

• References:
  • Modifying sudoers
    • From: Peter James
  • Re: Modifying sudoers
    • From: Chu-En Ginsberg
  • Re: Modifying sudoers
    • From: Hans Aberg
  • Re: Modifying sudoers
    • From: Tom Harrington

• Prev by Date: Re: 802.11 cardbus adapter and WPA2 Enterprise
• Next by Date: Re: ibook won't auto-suspend anymore
• Previous by thread: Re: Modifying sudoers
• Next by thread: Re: Modifying sudoers
• Index(es):
  • Date
  • Thread

---

Relevant Pages Re: FPSE 2002, No security? ... I was just thinking that the permissions ... "JIMCO Software" wrote: ... >> Actualy JIMCO - I am the domain admin. ... >> on a prevuois installation. ... (microsoft.public.frontpage.extensions.windowsnt) Re: Service Pack 4 Upgrade - FTP is open ! ... > selecting Windows Service Pack 4, ... Admin permissions and can do untold damage to your system. ... (microsoft.public.win2000.windows_update) Re: [RFC] FUSE permission modell (Was: fuse review bits) ... >> root is denied all access. ... and the kernel checks the permission. ... The userspace can't enforce the permissions. ... (Linux-Kernel) Re: Exchange 2007 Exchange Server Setup Encountered an Error. ... Your question about permissions got me thinking. ... My user is an admin, ... Oringally I started the installation, ... local computer or the installation is corrupted. ... (microsoft.public.exchange.setup) Re: WinPE - what happens to filesystem in these scenarios ... Yes the root of the drive will have permissions on it after the ... installation, as part of the OS installation permissions will be set on the ... Yes you should be able to install Windows 2000 Server, Windows Server 2003 ... (microsoft.public.windows.server.setup)

---

• Security
• UNIX
• Linux
• Coding
• Usenet

• Archive
• About
• Privacy
• Search
• Imprint

newsgroups.derkeiler.com  > Archive  > Comp  > comp.sys.mac.system  > 2005-12