site_archiver@lists.apple.com Delivered-To: darwin-dev@lists.apple.com On Oct 27, 2008, at 2:49 PM, Stephen Hoffman wrote: - Jordan _______________________________________________ Do not post admin requests to the list. They will be ignored. Darwin-dev mailing list (Darwin-dev@lists.apple.com) Help/Unsubscribe/Update your Subscription: http://lists.apple.com/mailman/options/darwin-dev/site_archiver%40lists.appl... Not passing out root or sudo access is a common practice in various production and security-conscious environments. Within those environments (and I deal with folks that are severely allergic to passing out root access), setuid can be an invaluable palliative. I'm quite willing to move to another approach or environment or tool or interface here. But suggesting that they pass out root access as a solution for starting up certain command-line tools is just going to get me a heaping raft of static with these good folks. I think Damien might have been a little too sweeping in his generalizations; I don't think anyone is suggesting that the user should be, or needs to be, involved in all such privilege decisions, it's just one additional approach. For the cases you're talking about, having Launchd start the helper tool and confer privileges to it, rather than making that tool setuid, is the answer. This email sent to site_archiver@lists.apple.com