|
|
Limited Administrator Account
|
|
|
|
Fresh-Faced Recruit
Join Date: Feb 2007
Status:
Offline
|
|
I've heard (and even read) about creating limited administrator accounts for Leopard clients. Where can I read more about it and details on setting up limited admin accounts?
Thanks!
|
|
|
|
|
|
|
|
|
Mac Elite
Join Date: Oct 1999
Location: San Jose, Ca
Status:
Offline
|
|
I don't have a direct source of documentation for you, but what you are looking for is means of modifying /etc/authorization. For things that are already setup in that file it is really easy to figure out, for the rest it is a bit more difficult.
|
|
|
|
|
|
|
|
|
Mac Elite
Join Date: Nov 2001
Status:
Offline
|
|
Originally Posted by jstrauss
I've heard (and even read) about creating limited administrator accounts for Leopard clients. Where can I read more about it and details on setting up limited admin accounts?
Thanks!
There's no account called "limited administrator." You can remove functionality from any account (or... add it) by editing the /etc/authorization file.
Search Apple's knowledge base or afp548 for some details on this. A Google search will turn up a fair bit.
Note it's not so hard for a smart person to circumvent this... by default all administrators can sudo so you'd have to edit /etc/sudoers to remove this ability. Also, if they have physical access to the machine they can always boot it in target disk mode and have full access to the disk.
Anyway... you can do this to an extent, but there's no quick equivalent to a Windows "power user." You must do some work, and there's quite a learning curve for /etc/authorization.
|
|
|
|
|
|
|
|
|
Fresh-Faced Recruit
Join Date: Jan 2008
Status:
Offline
|
|
Originally Posted by CatOne
Anyway... you can do this to an extent, but there's no quick equivalent to a Windows "power user." You must do some work, and there's quite a learning curve for /etc/authorization.
Coincidentally, I've been presenting on this very topic for the last few years in the MacWorld IT Conference. Check out the session description for more info.
As a general rule, it's easier to start with a standard user than an admin, and you have to be aware that a lot of admin privileges are very hard to limit (running Installer packages, for instance, allows the user to run any arbitrary script)-- but between /etc/authorization and /etc/sudoers there's a lot you can accomplish.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Forum Rules
|
|
|
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
|
HTML code is Off
|
|
|
|
|
|
|
|
|
|
|
|