While I heartily support the basic idea of limiting the power of installers, there are some installers that do need 'root' privileges since they install files in system locations. Obviously the change suggested by this hint would need to be reversed before such installers could run successfully.

But I am more worried about possible other effects that this change would have. The AuthorizationTrampoline utility may be used by other things besides installers. In particular I suspect that it might be used to implement the new "Finder Admin Authentication" feature in Panther.

What I do before running an installer is run a script that looks at the "bill of materials" (what will get installed and where) by using the 'lsbom' command.

This actually doesn't effect installers with a .pkg extention, only the 3rd party ones.

If you are installing as an Admin user, then there is no place on the system that you should write to that you cannot write to. The only place that this disables writing to is /System and some unix directories (like /usr). There is no reason for an installer to *EVER* install to these places. (if you're thinking /usr/local, then you can make the dir and 'chown :admin /usr/local' to make it happy) Admin users have write permissions to /Library which is the only place that an installer should put "system" files. :-)

JP

---
Pell