[X-Unix] App launched by my crontab runs as root if Login Window!

Eric F Crist ecrist at secure-computing.net
Mon Jun 6 13:48:23 PDT 2005

On Jun 6, 2005, at 2:51 PM, John Baltutis wrote:

> On 06/06/05, Eric F Crist <ecrist at secure-computing.net> wrote:
>> ~flipper wrote:
>>> If a root account is enabled, and I log in as root, I can go  
>>> anywhere
>>> on the computer into 'my' 'root' 'home', into other accounts, etc).
>>> But with no root enabled, there are 'walls'...sudo, or no sudo.
>> If I'm not mistaken, root disable, or not, you can still sudo su -  
>> and
>> go wherever you want to.
> You're mistaken. When you launch Terminal, it normally starts up in  
> your
> home directory. Now, if you enter this command:
> $sudo cd /private/var/root
> enter your admin password, you're not taken there.
> If you enter:
> sudo open /private/var/root/
> then, the Terminal pops up a dialog box with this admonition:
> "The folder "root" could not be opened because you do not have  
> sufficient
> access privileges."
> The only way to execute those commands successfully is to enable  
> the root
> user via the NetInfo Manager.app.

I'm not mistaken.  If you're on a mac with root not 'enabled', and  
you open Terminal.app,  Type the following command:

# sudo su -

You're going to be asked for the administrator's password.  Not the  
root password.  Now you're root.

Now you can cd /private/var/root.

I know this, because I just did it.

I think you're mistaken in reading su - as cd -.


Eric F Crist                  "I am so smart, S.M.R.T!"
Secure Computing Networks              -Homer J Simpson

More information about the X-Unix mailing list