site_archiver@lists.apple.com Delivered-To: installer-dev@lists.apple.com It's a policy distinction, not a technical one. -pmb Stupid question: _______________________________________________ Do not post admin requests to the list. They will be ignored. Installer-dev mailing list (Installer-dev@lists.apple.com) Help/Unsubscribe/Update your Subscription: http://lists.apple.com/mailman/options/installer-dev/bierman%40apple.com _______________________________________________ Do not post admin requests to the list. They will be ignored. Installer-dev mailing list (Installer-dev@lists.apple.com) Help/Unsubscribe/Update your Subscription: http://lists.apple.com/mailman/options/installer-dev/site_archiver%40lists.a... 'Admin' and 'Root' authorization in the Installer enable the exact same behavior for the install. They differ only in that 'Admin' authorization does NOT ask users in the admin group for a password first. Much like System Preferences does not force admin users to enter their password for otherwise protected operations. Unfortunately, the installer itself can not determine if your package "should" ask for a password. 99% of the time, such packages probably should ask for a password and use "Root" authentication. There's been plenty of confusion about this, even inside Apple, so the behavior of these flags is currently being reviewed and may change if we decide that "admin" authorization is an unnecessary risk. The issue isn't capability, but notification. Asking users for their password in order to "alert" them to an unusual situation can lead to password fatigue, so in the case of the broadband tuner, someone decided that an extra "heads up" wasn't necessary. At 9:11 PM +0100 11/30/05, Stéphane Sudre wrote: What is the theoretical limit when you need to stop asking for Admin Authorization and start asking for Root Authorization? I'm asking this because the limit is not clearly defined I think (or I just don't get it). If I take for instance the BroadBandTunerInstaller Metapackage that Apple just released, this pseudo-installer (interesting solution BTW) is requiring Admin Authorization to change the /private/etc/sysctl.conf file whose owner is root:wheel. In this case, since this is a system owned file, I would tend to believe Root Authorization should be required. Yet only Admin authorization is requested. This email sent to bierman@apple.com This email sent to site_archiver@lists.apple.com