• Open Menu Close Menu
  • Apple
  • Shopping Bag
  • Apple
  • Mac
  • iPad
  • iPhone
  • Watch
  • TV
  • Music
  • Support
  • Search apple.com
  • Shopping Bag

Lists

Open Menu Close Menu
  • Terms and Conditions
  • Lists hosted on this site
  • Email the Postmaster
  • Tips for posting to public mailing lists
Re: Root User
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Root User

  • Subject: Re: Root User
  • From: "koenig.yvan" <email@hidden>
  • Date: Fri, 28 Mar 2014 09:07:12 +0100

Le 28/03/2014 à 08:17, Ron Hunsinger <email@hidden> a écrit :


On Mar 27, 2014, at 2:03 PM, Luther Fuller <email@hidden> wrote:

My problem continues to evolve.
After an analysis of the way my script should be used, I have concluded that a Standard user should run the script only if he can supply an ADMIN username and password.

(My script, called "Cloaking Device", makes disk partitions invisible, so I can show on the desktop only those disks I need to see. It also allows a user to make the user's Library folder visible.)

As far as I can determine, there simply does not exist a dialog that allows entry of username and password and returns its exists on the computer. I have looked for a shell command that does this, but no luck.

Does anyone know of such a shell command ?

Asking for a username and password, and then checking them for validity in a separate step, is very definitely the WRONG WAY TO DO IT™. Your script should never see an actual password. Exposing a password in the clear like that would be a huge security violation.

What you can do is invoke 

do shell script ... with administrator privileges 

When you do that, the system will put up an authentication dialog, securely collect a username and password, and without telling you the password determine whether it is correct. If it is correct, the supplied script will be executed with root privileges. (Not admin privileges, despite the name. Actual root privileges. As such, the script need not and should not invoke sudo.)


Making the current user's Library folder visible does not require admin (nor root) privilege. The user owns their own Library folder, and does not need an admin's blessings to make it visible. Nor would it be proper for any user, even an admin, to futz around with another user's Library folder. (An admin could do that, but only by escalating to root privileges using sudo. That should be your clue that it's the wrong way to do it.)

To make your own Library folder visible:

tell application "System Events"
set the visible of library folder of user domain to true
end tell


Making disks invisible strikes me as awfully heavy-handed. Are you really sure you want to be doing this? Remember that your script is not the center of the user's universe. Making a disk invisible is permanent until explicitly undone. It will affect all users, not only on this machine but on any machine the disk is ever connected to. It will affect everything else your current user is doing. It will persist across logouts, restarts, and even shutdown.

It's the bad old paranoid behavior.
The fair users which will never try to enter the "hidden" areas will probably be annoyed by the side effects of the design choice but the unfair ones will be able to break the wall with no problem.

I'm a fair user but on my machines, thanks to a one liner, hidden files are visible 24 hours a day :

do shell script "defaults write com.apple.finder AppleShowAllFiles YES"

Yvan KOENIG (VALLAURIS, France) vendredi 28 mars 2014 09:07:00



 _______________________________________________
Do not post admin requests to the list. They will be ignored.
AppleScript-Users mailing list      (email@hidden)
Help/Unsubscribe/Update your Subscription:
Archives: http://lists.apple.com/archives/applescript-users

This email sent to email@hidden
References: 
 >Root User (From: Luther Fuller <email@hidden>)
 >Re: Root User (From: Luther Fuller <email@hidden>)
 >Re: Root User (From: Ron Hunsinger <email@hidden>)

  • Prev by Date: Re: do shell script
  • Next by Date: Re: Root User
  • Previous by thread: Re: Root User
  • Next by thread: Re: Root User
  • Index(es):
    • Date
    • Thread