Is it possible to require password for every administrative operation?

Discussion in 'macOS' started by Ilomoga, Jun 18, 2008.

  1. Ilomoga macrumors member

    Joined:
    Oct 29, 2007
    #1
    Hi!

    I think most of you know the checkbox in System Preferences which automatically locks every operation you want to do which require you to be an administrator (so you have to press on the lock to unlock this option with entering your password).

    Is it possible to require you to enter the password for anything that requires administrator permissions (like copying applications to the Applications folder) WITHOUT using an extra account which doesn't have administrative privileges (just like in System Preferences ....)

    Thanks in advance,
    Ilomoga
     
  2. robbieduncan Moderator emeritus

    robbieduncan

    Joined:
    Jul 24, 2002
    Location:
    London
    #2
    Nope, as copy to /Applications is just another file system operation.

    Note that if you create a new account that is an administrator you can then make your current user account a non-administrator. Whenever you want to copy something to /Applications (or similar) you can simply use the admin username/password. You don't need to log in to the other account...
     
  3. Ilomoga thread starter macrumors member

    Joined:
    Oct 29, 2007
    #3
    That's the workaround I use now - it works but is not the best one in my opinion (I'd prefer that my account is pre-selected on the login windows which it's not if there are two accounts, and you have to enter the administrator name and password and not only the password to change to administrator mode).

    I know it's a file system operation but in Linux it's still possible to be a normal user which needs to enter his password for anything administrative to do (with sudo, which seems to be the same idea of the lock in System Preferences - and in the Terminal.app it also works with sudo).
     
  4. robbieduncan Moderator emeritus

    robbieduncan

    Joined:
    Jul 24, 2002
    Location:
    London
    #4
    And that's what we're doing here: a normal user on Linux is not an Administrator.

    Edit it add: you could try hiding the administrator account.
     
  5. Blubbert macrumors 6502

    Joined:
    Nov 1, 2006
    #5
    What you could do is change the permissions for the folder. I know that if you make a folder read only for your account, even if you are an administrator, OS X will ask you for a password when you try to put something into that folder. Granted, i dont know what kind of effect something like that would have on the Application folder, but if you have a backup, why not try it?
     
  6. Ilomoga thread starter macrumors member

    Joined:
    Oct 29, 2007
    #6
    @robbieduncan:
    Yeah, but he can gain administrative privileges by entering his password (with sudo, of course only if this is in use like in Ubuntu), but it works for everything and not just System Preferences and you don't need a second account for that.

    But thanks for the link to the hiding of users - I'll check that out.

    @Blubbert:
    That's a good idea, maybe I'll try it when I've got a free drive for a full time machine backup :)
     
  7. Mechcozmo macrumors 603

    Mechcozmo

    Joined:
    Jul 17, 2004
    #7
    Remember...

    system>root>admin>normal>restricted

    You can't be system. You really shouldn't run as root.
    If you run as a normal user, then you can enter the password of an administrator who has root powers (the etc/sudoers file) to do things that require said powers.
     
  8. Ilomoga thread starter macrumors member

    Joined:
    Oct 29, 2007
    #8
    That's exactly my point: I don't want to work with admin/root permissions, but I would prefer if it works (if you use an admin account) like in System Preferences where you can set a check box which locks every system setting until you enter your password.

    Now I'm using a second user as administrator (and my normal account hasn't administrator privileges), but this requires me to not only enter the password but also the username of the administrator - and it seems not to be able to automatically activate my account on startup so I only have to enter the password (and don't have to click on my user name before)

    I know that this sounds stupid to be "annoyed" by such peanuts - but I'm not annoyed I just would prefer it otherwise :D
     

Share This Page