[X-Unix] App launched by my crontab runs as root if Login Window!

Brian Medley bpm-list-osx-unix at 4321.tv
Mon Jun 6 21:59:49 PDT 2005 

On Mon, Jun 06, 2005 at 07:33:40AM -0400, ~flipper wrote:

> > > So, with 'root' disabled. (a misnomer, since root is not enabled in
> >> the first place, having no password, no shell default, no console
> >> access, etc)...
> >>
> >> try using sudo to cd your way into /private/var/root
> >>
> >> let me know how you do.
> >
> >cd is a shell builtin.  sudo has no way to run this as any user.
> 
> What's up? Sarcasm detector wasn't working, eh? My point was that 
> with root disabled (in it's standard-shipped Unix default), the 
> presence of 'sudo' is NOT de facto evidence of a root account having 
> been enabled (at any time), as was alluded to in the OP. It's merely 
> an escalation to admin (or a sort of 'super' admin status), in that 
> there are still operations that sudo won't allow.

I have been described as dense, so perhaps that is why I didn't
detect your sarcasm.  I still don't see any sarcasm, even after
being told it is there.

That said, I do agree with you that the presence of sudo does
not, in any way, prove that root is (or has ever been) enabled.

However, I think using the "cd" command as an exmple of this is
in poor form.  The main reason for this is that there is no "cd"
command.

> If a root account is enabled, and I log in as root, I can go anywhere 
> on the computer into 'my' 'root' 'home', into other accounts, etc). 
> But with no root enabled, there are 'walls'...sudo, or no sudo.

That said, pls show me one thing that a regular user cannot do
with sudo.  I do not believe the the open command is an example
of this, because it has been shown that it does not respect the
user it was run at; it seems to be the user currently logged into
the console.

Another way to say that is "open" does not allow GUI programs to
be executed as an arbitrary user.  Even root cannot "open" a
Finder (or anything else) as a different user.

Given all that, if you really do want a root Finder, then I think
this will do it:

    $ sudo /System/Library/CoreServices/Finder.app/Contents/MacOS/Finder

-- 
~`^`'~=-._.-=~'`^`'~=-._.-=~'^'~=-., \|/  (___)  \|/ _,.-=~'`^`
                                      @~./'O o`\.~@
      "Knowledge is Power"           /__( \___/ )__\  *PPPFFBT!*
         -- Francis Bacon               `\__`U_/'
 _.-=~'``'~=-._.-=~'``'~=-._.-=~'`^`'~= <____|'  ^^`'~=-.,__,.-=
~'^`'~=-._.-=~'`^`'~=-._.-=~'^'~=-.,__,.-==--^'~=-.,__,.-=~'`^`

More information about the X-Unix mailing list