Submit Hint Search The Forums LinksStatsPollsHeadlinesRSS
14,000 hints and counting!


Click here to return to the 'Create 'managed' admin users' hint
The following comments are owned by whoever posted them. This site is not responsible for what they say.
Create 'managed' admin users
Authored by: vondrix on Mar 26, '04 10:57:00AM

The problem is that all the people in the admin group, can use sudo to get execute commands as root. Most preference-panes just modify text-files in /etc. sudo pico /etc/hostconfig is basically the same as using the Sharing preference pane. Adding a new user can be done by using the nicl utility.

I think it would be better to change the permissions on the /Applications folder. Add a group "caninstall", change the group of Applications to "caninstall", and put all the people that should be able to install, in the caninstall group.

If you want to keep Applications owned by the admin group, you should disable Terminal access for those managed admins, and you should change the /etc/sudoers file to only list the real admins.



[ Reply to This | # ]
Create 'managed' admin users
Authored by: kirkmc on Mar 26, '04 01:10:05PM

I agree with Vondrix's comment. It makes no sense to limit someone to certain preference panes then give them admin access; they can do anything they want, such as, for example, change their own limitations in the Accounts preference pane.

So I tried it to see what would happen... I couldn't log in on _any_ other account than the one I made the change from. I had to kill the user from another machine. When I removed the user from the admin group, I was able to log in anew.

My advice - find another way.



[ Reply to This | # ]