site_archiver@lists.apple.com Delivered-To: darwin-kernel@lists.apple.com Thread-index: AccIEeHaIHrK0HQFEduvUQAWy6NyrA== Thread-topic: Administrator password (Getting list of admins) User-agent: Microsoft-Entourage/11.2.5.060620 on 06/11/14 11:19, Michael Smith at drivers@mu.org wrote:

No. Mac OS X supports many different directory services.

You cannot reliably assume that you can enumerate the membership of a group, and you should not try.

Your question was "how do I tell if someone is an admin user".

That's already a bad question, because what you really mean is "how can I tell if someone can perform some set of actions, which I am assuming can only be performed by an admin user". Without knowing what those actions are, all I can suggest is that you really should be verifying their ability to perform them; how you might go about that (if at all) is an exercise for the reader.

I see. I'm going to re-think this whole approach.

However, if you insist on using membership in the 'admin' group as your litmus, you should verify it like this:

1) call getgrnam() and obtain the GID for the group 2) call mbr_gid_to_uuid() from <membership.h> to obtain the UUID for the group 3) call mbr_uid_to_uuid() to obtain the UUID for the user 4) call mbr_check_membership() to ascertain whether the user is a member of the group

Amazing. It seems there is no end to the functions in libc. Thanks again, Michael. Jerry Krinock _______________________________________________ Do not post admin requests to the list. They will be ignored. Darwin-kernel mailing list (Darwin-kernel@lists.apple.com) Help/Unsubscribe/Update your Subscription: http://lists.apple.com/mailman/options/darwin-kernel/site_archiver%40lists.a... This email sent to site_archiver@lists.apple.com