Re: Detecting if Admin user
Re: Detecting if Admin user
- Subject: Re: Detecting if Admin user
- From: Quinn <email@hidden>
- Date: Fri, 4 Aug 2006 08:45:32 -0700
At 18:35 +0100 3/8/06, Mark Thomas wrote:
Does anybody know how you can tell if a user is admin user or a normal
user, is there a way to tell or does it make any sense not to allow non
admin users to do basic administration tasks if they know what the admin
password is ?
Admin users are all in group admin. On 10.4 and later, you can check
for that using the mbr_check_membership routine from <membership.h>.
Specifically:
mbr_uid_to_uuid(uid) -> uuid
getgrnam("admin") -> gid
mbr_gid_to_uuid(gid) -> guid
mbr_check_membership(uuid, guid) -> result
Prior to 10.4, you have to check the membership yourself, using
getgroups to get the list of groups.
getgroups -> groupList
getgrnam("admin") -> gid
groupList contains gid -> result
* * *
Rather than testing for this stuff yourself, however, you should
really use the Security framework to request authorisation to do a
particular task. This allows the system administrator to override
your default policy decision as to who should be allowed to do what.
This concept is covered in great detail in Technot 2095
"Authorization for Everyone", and the accompanying sample code.
<http://developer.apple.com/technotes/tn2002/tn2095.html>
S+E
--
Quinn "The Eskimo!" <http://www.apple.com/developer/>
Apple Developer Relations, Developer Technical Support, Core OS/Hardware
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Macnetworkprog mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden