Submit Hint Search The Forums LinksStatsPollsHeadlinesRSS
14,000 hints and counting!


Click here to return to the 'Allow non-Admin users to modify system preferences' hint
The following comments are owned by whoever posted them. This site is not responsible for what they say.
Allow non-Admin users to modify system preferences
Authored by: JohnnyMnemonic on Aug 01, '03 11:28:18AM

We faced a similar issue where I work; however, we wanted to raise users to Admins, and give them control over all System Preferences--except Software Update (so they don't go installing a "Hard Drive Update" and lose their data, for example; this way, we get a chance to read the boards and do our own testing first.)

We created two users on the box: the lan admin user, and the user's account (as admin). Then, we moved the bundle from /System/Library/PreferencePanes/SoftwareUpdate.prefPane to the lan-admin's users /Library/PreferencePanes. (That folder may need to be created first.)

We haven't extensively tested this yet, but the control panel is in in fact removed from the System Preferences, and replaced when logged in as the lanadmin user. The local user can't see the item, because even admin user's can't see into other's Library directory. Presumably, this would work for other panels as well; relevant to the original post, I would suppose you could remove all the panes except for date and time, and place them in the lan-admin /Library.

For completeness, we also chmodded /usr/sbin/softwareupdate to 0500 so it requires a sudo to run. (Which we disabled for all but lan-admin through the sudoers file.)

I'm interested in feedback on this strategy, as well as to see what others have done. I looked at /etc/auth also, but couldn't figure it out, esp to the individual Systempreference.Pane. Any one have better instructions on this file?

[ Reply to This | # ]