Submit Hint Search The Forums LinksStatsPollsHeadlinesRSS
14,000 hints and counting!


Click here to return to the 'other effects?' hint
The following comments are owned by whoever posted them. This site is not responsible for what they say.
other effects?
Authored by: hayne on Nov 25, '03 12:41:58PM

While I heartily support the basic idea of limiting the power of installers, there are some installers that do need 'root' privileges since they install files in system locations. Obviously the change suggested by this hint would need to be reversed before such installers could run successfully.

But I am more worried about possible other effects that this change would have. The AuthorizationTrampoline utility may be used by other things besides installers. In particular I suspect that it might be used to implement the new "Finder Admin Authentication" feature in Panther.

What I do before running an installer is run a script that looks at the "bill of materials" (what will get installed and where) by using the 'lsbom' command.



[ Reply to This | # ]
other effects?
Authored by: GaelicWizard on Nov 25, '03 03:15:09PM

This actually doesn't effect installers with a .pkg extention, only the 3rd party ones.

If you are installing as an Admin user, then there is no place on the system that you should write to that you cannot write to. The only place that this disables writing to is /System and some unix directories (like /usr). There is no reason for an installer to *EVER* install to these places. (if you're thinking /usr/local, then you can make the dir and 'chown :admin /usr/local' to make it happy) Admin users have write permissions to /Library which is the only place that an installer should put "system" files. :-)

JP

---
Pell



[ Reply to This | # ]