From: Aron Roberts (aron@socrates.berkeley.edu)
Date: Fri Sep 19 2003 - 16:00:18 PDT
At 15:06 -0700 2003-09-19, Erik Klavon wrote [in a thread partly
comparing Mac OS X and Microsoft Windows XP security, archived at
http://ls.berkeley.edu/mail/micronet/2003/]:
>The last time I used Mac OS X configured sudo, I had to type in the
>admin account password after my first use. Subsequent uses of sudo
>didn't require a password for a preprogrammed length of time (five
>minutes IIRC) after which I had to enter the password again. So it
>isn't just an extra command, sudo requires that A) the account has
>tobe listed as one that can sudo B) the account password be typed by
>the user in the last five minutes and C) the command given is allowed
>by the sudo config.
Some minutiae regarding this topic:
In Mac OS X, by default, any admin user -- e.g. a user so
designated via the "Allow user to administer this computer" option in
the Apple menu, "System Preferences..." item, "Users" or "Accounts"
pane -- is allowed to *temporarily* receive root privileges for a
command executed in the shell by invoking the 'sudo' command.
By default, the root user in Mac OS X is disabled, so the 'sudo'
command is the typical way to perform actions that require root
privileges.
The place that admin users are specified as being allowed to run
'sudo' is in the /private/etc/sudoers file (see the "%admin" line
below):
# User privilege specification
root ALL=(ALL) ALL
%admin ALL=(ALL) ALL
This file is owned by root and under most circumstances should
never need to be edited. The visudo command
<http://www.courtesan.com/sudo/man/visudo.html> should always be used
to perform sanity checking of modifications to this file, (and can be
used with several editors, not just vi).
Uses of sudo (and according to Apple, other "privilege
escalations") appear to be logged to /var/log/system.log.
In Mac OS X, the timeout after which a authorized sudo user's
password must once again be entered does default to five minutes, as
Erik reports. This is a compile-time option for the sudo utility,
although it *may* be possible to be overridden by an entry in the
'sudoers' file. I haven't looked into this.
To run Mac OS X applications, rather than shell commands, with root
privileges, there is also a shareware drag-and-drop utility, Brian
Hill's Pseudo <http://personalpages.tds.net/~brian_hill/pseudo.html>,
which can "launch other applications in the OSX Desktop as the System
Administrator or 'root'."
Finally, Apple provides an API to allow Mac OS X applications to
obtain authorization to perform privileged actions, including actions
requiring root privileges. Dialogs asking for an admin user name and
password typically result from calls to that API, although a rogue
application could certainly try to spoof its appearance:
<http://developer.apple.com/documentation/Security/Reference/authorization_ref/index.html>
Aron Roberts
Workstation Software Support Group
P.S. The initial user created -- when Mac OS X is installed -- is
given administrative privileges by default. This admin user
designation can subsequently be removed from that user and/or enabled
for other users.
------------------------------------------------------------------------
The following was automatically added to this message by the list server:
For information about MAGNet, its meetings and events, and its
mailing list, including information on subscribing and unsubscribing,
see the MAGNet Web site at <http://magnet.berkeley.edu/>.
This archive was generated by hypermail 2.1.5 : Fri Sep 19 2003 - 16:03:34 PDT