On 13/03/2007, at 2:31 AM, Tina Siegenthaler wrote:
First, thanks to everybody who tried to help me! Obviously, there
is indeed no simple solution in terms of "check that box", but I
guess I'll either stick with ARD (which I'm using anyway) and add a
second local admin or I'll try Nigel's solution, which sounds
interesting....
Thanks again, Tina
There is kind of a solution for "check that box", in that you can put
users into the admin group in Open Directory by checking "administer
this directory domain". Users will show up as "Admin" users in the
Accounts preference pane, and will get most of the rights of an admin
group.
Prior to 10.4, such users could also sudo and do other tasks that the
local admin group can do in the shell, but as of 10.4 you need to
explicitly add the user to the local NetInfo admin group, or do it
the way I've done it with a nested group.
I really like the nested group method. It allows me to add casual lab
admin staff such that they have appropriate rights over lab machines,
and I can easily update the group without having to touch my actual
images.
