On Wed, Feb 25, 2004 at 11:06:58AM -0500, Alex wrote: > On Wednesday, Feb 25, 2004, at 10:27 Canada/Eastern, Kevin Stevens > wrote: > > >[...] the non-admin user needs to be > >a member of the "admin" group in order to be able to sudo. [...] > > So, if I understand you correctly, a non-admin user can't run sudo at > all, not even as another user. Right? By default I believe that's correct; however, with some editing that can be changed os that a non-admin user can run sudo. The reason is because of /etc/sudoers. This file defines who has the ability to run sudo, that is to say, who has the priviledge of executing the code stored in /usr/bin/sudo. You see, sudo always executes as the logged in user, but it has the capability of executing other code as different users. The -u command to sudo specifies that any programs sudo runs will run as that user, not that sudo will be executed as that user. Does that makes sense? Admins in OS X have the ability to run sudo because they are members of group admin and the following line is in /etc/sudoers: %admin ALL=(ALL) ALL The % sign specifies a particular group and the ALL=(ALL) ALL is sudo nomenclature for specifiying access rights. If you want to give access to sudo to a user w/o making them an admin, then you may do so with either of the following two lines: user ALL=(ALL) ALL user ALL=NOPASSWD:ALL The first gives a specific user the same priviledges as admins, and the second has the priviledges w/o requiring an initial password (very handy for shell scripts). The recommeneded way to edit /etc/sudoers is with /usr/sbin/visudo. I believe it honors the EDITOR env var, so most any editor can be used to edit this file. -- ~'`^`'~=-.,__,.-=~'`^`'~=-.,__,.-=~'`^`'~=-., \|/ (___) \|/ _,.-=~'`^` @~./'O o`\.~@ "Knowledge is Power" /__( \___/ )__\ *PPPFFBT!* -- Francis Bacon `\__`U_/' _,.-=~'`^`'~=-.,__,.-=~'`^`'~=-.,__,.-=~'`^`'~= <____|' ^^`'~=-.,__,.-= ~`'^`'~=-.,__,.-=~'`^`'~=-.,__,.-=~'`^`'~=-.,__,.-==--^'~=-.,__,.-=~'`^`