Is there any way to restrict the administrator privileges? If my
system has 2 or 3 administrator account. Can I make one admin as
master admin for other admins. Here I am not talking about root
password because any admin can “disable the root account”
In mac , when disabling the root account, it should ask for the root
password . But it takes any admin password .. Isnt this point worth
thinking??
What do you mean by "disabling the root account"?
The root user by default has no password (*not* an empty password) in
Mac OS X. It would therefore be a little difficult to require "the
root password" to do anything. :-)
Actually I want to restrict one of the admin for some operations .
How can one admin be at greater privilege level than other ??
Do you really want a hierarchy of administrators, or do you want to
divide up administrative responsibilities (and authority, and blame)
among a group of administrators?
The Authorization subsystem allows an administrator (with full
superuser privileges) to configure parts of the system according to
groups (man group(5)). You could, in theory, assign various
Authorization-gated activities to different administrators if each of
the administrators was in his/her own group.
That said, this partitioning would only apply to activities governed
by the Authorization subsystem. Otherwise you're back to the usual
possibilities--filesystem permissions and ACLs are all that come to
mind in my pre-coffee stupor....
/gh
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Apple-cdsa mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
http://lists.apple.com/mailman/options/apple-cdsa/email@hidden
