[X-Unix] App launched by my crontab runs as root if Login Window!

John Baltutis baltwo at san.rr.com
Mon Jun 6 12:51:13 PDT 2005


On 06/06/05, Eric F Crist <ecrist at secure-computing.net> wrote:
> ~flipper wrote:
>>
>> If a root account is enabled, and I log in as root, I can go anywhere
>> on the computer into 'my' 'root' 'home', into other accounts, etc).
>> But with no root enabled, there are 'walls'...sudo, or no sudo.
>>
> If I'm not mistaken, root disable, or not, you can still sudo su - and
> go wherever you want to.

You're mistaken. When you launch Terminal, it normally starts up in your
home directory. Now, if you enter this command:

$sudo cd /private/var/root

enter your admin password, you're not taken there.

If you enter:

sudo open /private/var/root/

then, the Terminal pops up a dialog box with this admonition:

"The folder "root" could not be opened because you do not have sufficient
access privileges."

The only way to execute those commands successfully is to enable the root
user via the NetInfo Manager.app.


More information about the X-Unix mailing list