• Open Menu Close Menu
  • Apple
  • Shopping Bag
  • Apple
  • Mac
  • iPad
  • iPhone
  • Watch
  • TV
  • Music
  • Support
  • Search apple.com
  • Shopping Bag

Lists

Open Menu Close Menu
  • Terms and Conditions
  • Lists hosted on this site
  • Email the Postmaster
  • Tips for posting to public mailing lists
Re: Admin vs Root Authorization
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Admin vs Root Authorization

  • Subject: Re: Admin vs Root Authorization
  • From: Peter Bierman <email@hidden>
  • Date: Wed, 30 Nov 2005 13:49:57 -0800
It's a policy distinction, not a technical one.

'Admin' and 'Root' authorization in the Installer enable the exact same behavior for the install. They differ only in that 'Admin' authorization does NOT ask users in the admin group for a password first.

Much like System Preferences does not force admin users to enter their password for otherwise protected operations.

Unfortunately, the installer itself can not determine if your package "should" ask for a password. 99% of the time, such packages probably should ask for a password and use "Root" authentication.

There's been plenty of confusion about this, even inside Apple, so the behavior of these flags is currently being reviewed and may change if we decide that "admin" authorization is an unnecessary risk.

The issue isn't capability, but notification. Asking users for their password in order to "alert" them to an unusual situation can lead to password fatigue, so in the case of the broadband tuner, someone decided that an extra "heads up" wasn't necessary.

-pmb


At 9:11 PM +0100 11/30/05, Stéphane Sudre wrote: 
Stupid question:

What is the theoretical limit when you need to stop asking for Admin Authorization and start asking for Root Authorization?

I'm asking this because the limit is not clearly defined I think (or I just don't get it).

If I take for instance the BroadBandTunerInstaller Metapackage that Apple just released, this pseudo-installer (interesting solution BTW) is requiring Admin Authorization to change the /private/etc/sysctl.conf file whose owner is root:wheel.

In this case, since this is a system owned file, I would tend to believe Root Authorization should be required. Yet only Admin authorization is requested.


_______________________________________________
Do not post admin requests to the list. They will be ignored.
Installer-dev mailing list      (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden


_______________________________________________
Do not post admin requests to the list. They will be ignored.
Installer-dev mailing list      (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden




  • Follow-Ups:

      

    • Re: Admin vs Root Authorization

      • From: Stéphane Sudre <email@hidden>
      • 





References: 


 >Admin vs Root Authorization (From: Stéphane Sudre <email@hidden>)






    

  • Prev by Date:
Admin vs Root Authorization

    • 

  • Next by Date:
Re: Admin vs Root Authorization

    • 

  • Previous by thread:
Admin vs Root Authorization

    • 

  • Next by thread:
Re: Admin vs Root Authorization

    • 

  • Index(es):

      

    • Date
      • 

    • Thread
      • 

    

    •