• Open Menu Close Menu
  • Apple
  • Shopping Bag
  • Apple
  • Mac
  • iPad
  • iPhone
  • Watch
  • TV
  • Music
  • Support
  • Search apple.com
  • Shopping Bag
 

Lists

Open Menu Close Menu
  • Terms and Conditions
  • Lists hosted on this site
  • Email the Postmaster
  • Tips for posting to public mailing lists
Re: Detecting if Admin user
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Detecting if Admin user


  • Subject: Re: Detecting if Admin user
  • From: Quinn <email@hidden>
  • Date: Fri, 4 Aug 2006 08:45:32 -0700

At 18:35 +0100 3/8/06, Mark Thomas wrote:
  Does anybody know how you can tell if a user is admin user or a normal
user, is there a way to tell or does it make any sense not to allow non
admin users to do basic administration tasks if they know what the admin
password is ?

Admin users are all in group admin. On 10.4 and later, you can check for that using the mbr_check_membership routine from <membership.h>. Specifically:


mbr_uid_to_uuid(uid) -> uuid

getgrnam("admin") -> gid

mbr_gid_to_uuid(gid) -> guid

mbr_check_membership(uuid, guid) -> result

Prior to 10.4, you have to check the membership yourself, using getgroups to get the list of groups.

getgroups -> groupList

getgrnam("admin") -> gid

groupList contains gid -> result

                 *                   *                   *

Rather than testing for this stuff yourself, however, you should really use the Security framework to request authorisation to do a particular task. This allows the system administrator to override your default policy decision as to who should be allowed to do what. This concept is covered in great detail in Technot 2095 "Authorization for Everyone", and the accompanying sample code.

<http://developer.apple.com/technotes/tn2002/tn2095.html>

S+E
--
Quinn "The Eskimo!"                    <http://www.apple.com/developer/>
Apple Developer Relations, Developer Technical Support, Core OS/Hardware
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Macnetworkprog mailing list      (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden


References: 
 >Detecting if Admin user (From: Mark Thomas <email@hidden>)

  • Prev by Date: Detecting if Admin user
  • Next by Date: Re: ICDeletePref ??
  • Previous by thread: Detecting if Admin user
  • Next by thread: Re: Detecting if Admin user
  • Index(es):
    • Date
    • Thread