site_archiver@lists.apple.com Delivered-To: darwin-kernel@lists.apple.com User-agent: Microsoft-Entourage/11.1.0.040913
1) Something like "id | grep admin".
1. Maybe this information is stored in the Open Directory information on this user account.
2. Otherwise, you can find the group of the user and the additional group and look for the gid for the admin group.
The Carbon way:
err = AuthorizationCreate(&user_rights, kAuthorizationEmptyEnvironment, user_flags, &user_authorizationRef);
See Authorization Services docs for more details ..
I'll check out these suggestions. Thanks for your ideas. I was really wondering if it is sufficient to check if a user is root or in the admin group. I'm trying to set things up in a manner that is more convenient for a user who is allowed to administer the computer. Sort of like how the OS used to require you to authorize constantly to do just about anything, then things were made easier for users who are designated administrators, so they only have to authenticate to perform tasks that actually alter the system. I noticed the OS adds users with the "Allow user to administer this computer" checkbox set to the sudoers file. I was just looking for a means that would ensure whatever I do is in sync with whether or not a user has that checkbox set for his or her account. Eric _______________________________________________ Do not post admin requests to the list. They will be ignored. Darwin-kernel mailing list (Darwin-kernel@lists.apple.com) Help/Unsubscribe/Update your Subscription: http://lists.apple.com/mailman/options/darwin-kernel/site_archiver%40lists.a... This email sent to site_archiver@lists.apple.com