[Ti] Permissions Repair

MB digital.discuss at gmail.com
Sat Mar 1 06:40:11 PST 2008


Tarik Bilgin said:

>Yes, by using sudo. I'm not sure why you asked that, or maybe I  
>didn't understand the question.

 I asked as you can't execute sudo unless you're an admin to begin with
or in the sudo privileged list. I advocate the use of a separate admin
account and find the nuisances to be minimal.

>When you invoke sudo, the system will first check if the user is a  
>valid sudoer (by default any member of the admin group in OS X, but  
>this can be changed) and then check the password entered, and only  
>then execute the command.
Well, here's solution:add the non admin user(s), i e your non admin
account or the users you would like to give the privileges, to the
sudo'ers list, which I assume is separate from admins.

However, I think the risk of your current users password being known -
it's used more often and perhaps more in others presence- is greater
than the occasional use of su. So if others look over your shoulders
when you use your admin users password at any other stage, which you
usually do quite often, then they can login even as your screen is
locked and execute sudo. This is less secure IMHO than having to execute
su with a SEPARATE password, used very seldom.

I'm going to add my own non-admin user to sudo users anyway, to avoid su
unless I really need it.

>This also means that sudo can only execute a single command, before  
>you are bounced back down to normal privilege.
Well, you can execute sudo-wrapped commands during 5 minutes since after
entering the password.

> I am repeating myself but I will say it again: Everyone is free to  
>administer their own system the way they see fit, but running a  
>single command like the diskutils in the original post is exactly  
>what sudo is designed for.

Yes, but unless the user is an admin or in the sudo'ers it's not
possible to use sudo, is it? Which was my point to begin with.



More information about the Titanium mailing list