On Mon, Jun 06, 2005 at 12:51:13PM -0700, John Baltutis wrote: > >> If a root account is enabled, and I log in as root, I can go anywhere > >> on the computer into 'my' 'root' 'home', into other accounts, etc). > >> But with no root enabled, there are 'walls'...sudo, or no sudo. > >> > > If I'm not mistaken, root disable, or not, you can still sudo su - and > > go wherever you want to. > > You're mistaken. When you launch Terminal, it normally starts up in your > home directory. Now, if you enter this command: > > $sudo cd /private/var/root Will you please explain to me how: a) sudo can run a shell builtin b) the fork'ed/exec'ed process can change the working directory of the parent process What I'm saying is that there is _no_ "cd" command. The unix process design dictates that it must be a shell builtin. > enter your admin password, you're not taken there. > > If you enter: > > sudo open /private/var/root/ > > then, the Terminal pops up a dialog box with this admonition: > > "The folder "root" could not be opened because you do not have sufficient > access privileges." > > The only way to execute those commands successfully is to enable the root > user via the NetInfo Manager.app. Yes, what you say above is true, less one thing: the _Finder_ is what is being brought up, not Terminal. Given what another poster in this same thread said, the "open" command will launch the program using the logged in console user, not the user that it is run at. Therefore, the Finder will try to open /private/var/root as the console user (which is most likely not root). However, if you do want to open up /private/var/root using the Finder, I believe this should do it: $ sudo /System/Library/CoreServices/Finder.app/Contents/MacOS/Finder \ /private/var/root -- ~`^`'~=-._.-=~'`^`'~=-._.-=~'^'~=-., \|/ (___) \|/ _,.-=~'`^` @~./'O o`\.~@ "Knowledge is Power" /__( \___/ )__\ *PPPFFBT!* -- Francis Bacon `\__`U_/' _.-=~'``'~=-._.-=~'``'~=-._.-=~'`^`'~= <____|' ^^`'~=-.,__,.-= ~'^`'~=-._.-=~'`^`'~=-._.-=~'^'~=-.,__,.-==--^'~=-.,__,.-=~'`^`