Submit Hint Search The Forums LinksStatsPollsHeadlinesRSS
14,000 hints and counting!


Click here to return to the 'Create 'managed' admin users' hint
The following comments are owned by whoever posted them. This site is not responsible for what they say.
Create 'managed' admin users
Authored by: JohnnyMnemonic on Mar 27, '04 01:10:06AM

The problem with this is illustrated by an example: we moved the System Preference for "Software Update"; we didn't want our users installing an update that we haven't had the chance to test first. Problem is, they could just use the terminal to "softwareupdate". Removing sudo permissions in /etc/sudoers only changed sudo on the command line; users could still unclick locks in the GUI (for example, to change permissions on directories, and reaccess the hidden preference pane).

Finally, we found that changing permissions on System installed items were "fixed" the next time "Fix Permissions" was run by Disk Utility, which, IIRC, doesn't even require admin rights to do.

The best solution is to modify /etc/authorization, as Joel says, but I've found the documentation for it cryptic at best.

The real solution is to set up Network Authentication + WorkGroup Manager, but that requires the care and feeding of a server.



[ Reply to This | # ]