[launchd-dev] noob question you all can answer
Shawn Erickson
shawnce at gmail.com
Thu Jul 10 07:35:56 PDT 2008
On Wed, Jul 9, 2008 at 6:43 PM, Don Montalvo <donmontalvo at mac.com> wrote:
> Shawn Erickson <shawnce at gmail.com> wrote:
>
>> You should never need to enable the root account on Mac OS X.
>
> At the sake of starting another UNIX holy war......why not?
Note I very clearly said "you should never need to enable" not "you
should never enable" however one could sensibly argue for the later.
Any user that is given administrative rights on the system (check box
in account preferences) has the ability to use sudo to execute
privileged commands using their own account password (unless the
default configuration for sudo is modified to not allow this). Also
any graphical tool that needs privileges should utilize authorization
services and launchd to fire up a utility, etc. that carry out the
privileged operation. In other words the user just needs to
authenticate they don't need to login in as root.
If you want non-admin users to have sudo ability you can modify the
sudoers file to allow specific users or secondary groups to use sudo
by providing the user name and password of an account that does have
administrative rights.
The root account on Mac OS X is generally meant to be an account for
use by the OS itself and not one that you would normally login as (aka
the system doesn't allow login as root by default).
-Shawn
More information about the launchd-dev
mailing list