[X-Unix] App launched by my crontab runs as root if Login Window!

Tue Jun 7 16:24:11 PDT 2005

On 06 Jun, 2005, at 07:33, ~flipper wrote:

> Brian Medley wrote:
>
>
>>  > So, with 'root' disabled. (a misnomer, since root is not  
>> enabled in
>>
>>>  the first place, having no password, no shell default, no console
>>>  access, etc)...
>>>
>>>  try using sudo to cd your way into /private/var/root
>>>
>>>  let me know how you do.
>>
>> cd is a shell builtin.  sudo has no way to run this as any user.
>>
>
> What's up? Sarcasm detector wasn't working, eh? My point was that  
> with root disabled (in it's standard-shipped Unix default), the  
> presence of 'sudo' is NOT de facto evidence of a root account  
> having been enabled (at any time), as was alluded to in the OP.  
> It's merely an escalation to admin (or a sort of 'super' admin  
> status), in that there are still operations that sudo won't allow.

Correct, sudo is nothing more than a program (as is su), and its  
existence has nothing to do with the ability of someone to login to  
the root account.

> If a root account is enabled, and I log in as root, I can go  
> anywhere on the computer into 'my' 'root' 'home', into other  
> accounts, etc). But with no root enabled, there are 'walls'...sudo,  
> or no sudo.

Not really.

Both SU and SUDO give the user privs identical to being logged in as  
root. ... that's why they exist.

I've been a Unix SysAdmin for far too many years (more than you want  
to know) and have never had root logins enabled on any of the Unix  
boxes I run -- Tru64, Solaris, AIX, HPUX, System V, BSD, etc. It  
simply is not necessary.

Today, there is never a reason to enable a root login on any Unix  
box, not even during a system install ... unless you are running in  
single user mode, in which case it doesn't matter, as root is the  
only user.

T.T.F.N.
William H. Magill
# Beige G3 [Rev A motherboard - 300 MHz 768 Meg] OS X 10.2.8
# Flat-panel iMac (2.1) [800MHz - Super Drive - 768 Meg] OS X 10.3.8
# PWS433a [Alpha 21164 Rev 7.2 (EV56)- 64 Meg] Tru64 5.1a
# XP1000  [Alpha 21264-3 (EV6) - 256 meg] FreeBSD 5.3
# XP1000  [Alpha 21264-A (EV 6.7) - 384 meg] FreeBSD 5.3
magill at mcgillsociety.org
magill at acm.org
magill at mac.com
whmagill at gmail.com