AppleScript to Open Application as Administrator

[W]

Sorry for a basic question here, but how can I get an AppleScript icon on my
desktop that would:

1) Put me in administrator context
2) Open up a specific application in that context

I am logged in as an ordinary user who is NOT in the sudoers list. If I
were logged in as administrator in a shell the command to open might be
something like:

open /Applications/MyAdminApp.app

Basically I am trying to get a set of administrator GUI tools at the ready
on my desktop.

--
W

[Király]

I use this AppleScript to run Console as root, while logged in to my
non-admin account:

do shell script
"/Applications/Utilities/Console.app/Contents/MacOS/Console > /dev/null
2>&1 &" with administrator privileges

Modify as necessary for other apps.

--
K.

Lang may your lum reek.

[W]

"Király" <m...@home.spamsucks.ca> wrote in message
news:jiej08$r0m$1...@dont-email.me...

Can you do this safely with an instance of Finder? I got the feeling in
reading articles online that invoking Finder in an Administrative user
context while logged in as an ordinary user might cause the entire desktop
to change.

--
W

[Jolly Roger]

In article <Y9OdnReoGYqJfNfS...@giganews.com>,

"W" <persis...@spamarrest.com> wrote:

> "Király" <m...@home.spamsucks.ca> wrote in message
> news:jiej08$r0m$1...@dont-email.me...
> > W <persis...@spamarrest.com> wrote:
> > > Sorry for a basic question here, but how can I get an AppleScript
> > > icon on my desktop that would:
> > >
> > > 1) Put me in administrator context
> > > 2) Open up a specific application in that context
> > >
> > > I am logged in as an ordinary user who is NOT in the sudoers
> > > list. If I were logged in as administrator in a shell the
> > > command to open might be something like:
> > >
> > > open /Applications/MyAdminApp.app
> > >
> > > Basically I am trying to get a set of administrator GUI tools at
> > > the ready on my desktop.
> >
> > I use this AppleScript to run Console as root, while logged in to my
> > non-admin account:
> >
> > do shell script
> > "/Applications/Utilities/Console.app/Contents/MacOS/Console > /dev/null
> > 2>&1 &" with administrator privileges
> >
> > Modify as necessary for other apps.
>
> Can you do this safely with an instance of Finder?

That is a horribly bad idea in terms of security escalation.

--
Send responses to the relevant news group rather than email to me.
E-mail sent to this address may be devoured by my very hungry SPAM
filter. Due to Google's refusal to prevent spammers from posting
messages through their servers, I often ignore posts from Google
Groups. Use a real news client if you want me to see your posts.

JR

[W]

"Jolly Roger" <jolly...@pobox.com> wrote in message
news:jollyroger-D3FFC...@news.individual.net...

> In article <Y9OdnReoGYqJfNfS...@giganews.com>,
> "W" <persis...@spamarrest.com> wrote:
>
> > "Király" <m...@home.spamsucks.ca> wrote in message
> > news:jiej08$r0m$1...@dont-email.me...
> > > W <persis...@spamarrest.com> wrote:
> > > > Sorry for a basic question here, but how can I get an AppleScript
> > > > icon on my desktop that would:
> > > >
> > > > 1) Put me in administrator context
> > > > 2) Open up a specific application in that context
> > > >
> > > > I am logged in as an ordinary user who is NOT in the sudoers
> > > > list. If I were logged in as administrator in a shell the
> > > > command to open might be something like:
> > > >
> > > > open /Applications/MyAdminApp.app
> > > >
> > > > Basically I am trying to get a set of administrator GUI tools at
> > > > the ready on my desktop.
> > >
> > > I use this AppleScript to run Console as root, while logged in to my
> > > non-admin account:
> > >
> > > do shell script
> > > "/Applications/Utilities/Console.app/Contents/MacOS/Console >
/dev/null
> > > 2>&1 &" with administrator privileges
> > >
> > > Modify as necessary for other apps.
> >
> > Can you do this safely with an instance of Finder?
>
> That is a horribly bad idea in terms of security escalation.

What is the right way to administer files with a GUI while logged in as an
ordinary user?

--
W

[Barry Margolin]

In article <qdmdnbIJA5EYgtbS...@giganews.com>,

You don't. You use Fast User Switching to switch to the administrator
account.

--
Barry Margolin, bar...@alum.mit.edu
Arlington, MA
*** PLEASE post questions in newsgroups, not directly to me ***

[Jolly Roger]

In article <barmar-21F285....@news.eternal-september.org>,

If you log into the computer as administrator, everything you do is done
as administrator.

If you run a GUI program as root, everything that program does is done
as root. That can be very dangerous, considering you often don't have
access to the source code and therefore don't know exactly what the
program does behind the scenes.

You should always strive to limit your interactivity so that you only do
what is absolutely necessary with escalated privileges, and use normal
privileges for everything else.

With regard to administrative file operations, why not learn the command
line and do it that way, which is how administrators have always done it?

[Király]

W <persis...@spamarrest.com> wrote:
> Can you do this safely with an instance of Finder? I got the feeling in
> reading articles online that invoking Finder in an Administrative user
> context while logged in as an ordinary user might cause the entire desktop
> to change.

It will. Running Finder as root will have it display root's home folder,
Desktop, and everything else.

What are you trying to do with Finder? Most Finder operations that
require admin or root privileges can already be done from a non-admin
account, by authenticatig with an administrator's username and password
when prompted.

[PhillipJones]

Jolly Roger wrote:
> In article<barmar-21F285....@news.eternal-september.org>,
> Barry Margolin<bar...@alum.mit.edu> wrote:
>
>> In article<qdmdnbIJA5EYgtbS...@giganews.com>,
>> "W"<persis...@spamarrest.com> wrote:
>>
>>> "Jolly Roger"<jolly...@pobox.com> wrote in message
>>> news:jollyroger-D3FFC...@news.individual.net...
>>>> In article<Y9OdnReoGYqJfNfS...@giganews.com>,
>>>> "W"<persis...@spamarrest.com> wrote:
>>>>

>>>>> "Kir�ly"<m...@home.spamsucks.ca> wrote in message

>>>>> news:jiej08$r0m$1...@dont-email.me...
>>>>>> W<persis...@spamarrest.com> wrote:
>>>>>>> Sorry for a basic question here, but how can I get an
>>>>>>> AppleScript icon on my desktop that would:
>>>>>>>
>>>>>>> 1) Put me in administrator context
>>>>>>> 2) Open up a specific application in that context
>>>>>>>
>>>>>>> I am logged in as an ordinary user who is NOT in the
>>>>>>> sudoers list. If I were logged in as administrator in a
>>>>>>> shell the command to open might be something like:
>>>>>>>
>>>>>>> open /Applications/MyAdminApp.app
>>>>>>>
>>>>>>> Basically I am trying to get a set of administrator GUI
>>>>>>> tools at the ready on my desktop.
>>>>>>
>>>>>> I use this AppleScript to run Console as root, while logged
>>>>>> in to my non-admin account:
>>>>>>
>>>>>> do shell script
>>>>>> "/Applications/Utilities/Console.app/Contents/MacOS/Console>

>>>>>> /dev/null 2>&1&" with administrator privileges

>>>>>>
>>>>>> Modify as necessary for other apps.
>>>>>
>>>>> Can you do this safely with an instance of Finder?
>>>>
>>>> That is a horribly bad idea in terms of security escalation.
>>>
>>> What is the right way to administer files with a GUI while logged in as an
>>> ordinary user?
>>
>> You don't. You use Fast User Switching to switch to the administrator
>> account.
>
> If you log into the computer as administrator, everything you do is done
> as administrator.
>
> If you run a GUI program as root, everything that program does is done
> as root. That can be very dangerous, considering you often don't have
> access to the source code and therefore don't know exactly what the
> program does behind the scenes.
>
> You should always strive to limit your interactivity so that you only do
> what is absolutely necessary with escalated privileges, and use normal
> privileges for everything else.
>
> With regard to administrative file operations, why not learn the command
> line and do it that way, which is how administrators have always done it?
>

The use of SUDO can be extremely dangerous to point of making your Hard
drive a very expensive Door stop in the hands of someone that doesn't
know what they do.

I've been using Macs since the day of the SE/30. and I stay the heck
away from Terminal and Single User Mode as Much as possible. I do use
AppleJack in Singler user mode But I follow the directions of the
application.

I've seen both in Mac and on a regular PC (Windows or DOS) the result of
using sudo then typying the wrong command. It wasn't pretty either time.
If I wanted to learn UNIX or Linux I would have installed Ubinto on a
separate drive.

[W]

"Király" <m...@home.spamsucks.ca> wrote in message

news:jig853$kjf$1...@dont-email.me...

For example, there is a file foo under a Documents folder in an
administrative user's home folder structure. I am logged in as an ordinary
user, and I want to give myself readwrite access to that file.

I could use command line and su to the administrative user, and then modify
the permission on the file. But I prefer to use graphical tools for many
reasons. Let's call it an aesthetic, but I find the command line tedious,
error prone, and time consuming. So without condoning my preferences, the
question is what is the safest and most effective way to give me a graphical
tool - running in an administrative user security context - so that I can
change arbitrary data file permissions to give my ordinary user account
access to them?

I don't need the utility to run as root. It would be enough to run as an
administrator one level below root.

--
W

[Jolly Roger]

In article <jigl29$605$1...@news.albasani.net>,
PhillipJones <pjo...@kimbanet.com> wrote:

> Jolly Roger wrote:
> >
> > If you log into the computer as administrator, everything you do is done
> > as administrator.
> >
> > If you run a GUI program as root, everything that program does is done
> > as root. That can be very dangerous, considering you often don't have
> > access to the source code and therefore don't know exactly what the
> > program does behind the scenes.
> >
> > You should always strive to limit your interactivity so that you only do
> > what is absolutely necessary with escalated privileges, and use normal
> > privileges for everything else.
> >
> > With regard to administrative file operations, why not learn the command
> > line and do it that way, which is how administrators have always done it?
>
> The use of SUDO can be extremely dangerous to point of making your Hard
> drive a very expensive Door stop in the hands of someone that doesn't
> know what they do.

The same applies to logging in as root and running GUI programs as root.

> I've been using Macs since the day of the SE/30. and I stay the heck
> away from Terminal and Single User Mode as Much as possible. I do use
> AppleJack in Singler user mode But I follow the directions of the
> application.
>
> I've seen both in Mac and on a regular PC (Windows or DOS) the result of
> using sudo then typying the wrong command. It wasn't pretty either time.
> If I wanted to learn UNIX or Linux I would have installed Ubinto on a
> separate drive.

You're being silly.

[Király]

W <persis...@spamarrest.com> wrote:
> For example, there is a file foo under a Documents folder in an
> administrative user's home folder structure. I am logged in as an ordinary
> user, and I want to give myself readwrite access to that file.

You don't need any special tools to do that. Use Finder's Get Info to
change the permissions of the Documents folder and the contained file
within. You can do this from a non-admin account, simply by
authenticating with admin credentials when prompted.

[PhillipJones]

No not trying to be silly. I have actually seen what damages can be done
using the wrong command after using SUDO. I use to work on computers
including Mac's and PC's Using the wrong command in either can make a
Hard Drive an expensive doorstop.

I'm not saying "if" you know what your doing its not okay.

But unless they do know just don't throw it willy nilly. It can be
dangerously powerful

[Jolly Roger]

In article <jij6de$rp1$1...@news.albasani.net>,

The same concept applies to doing the wrong thing in the GUI as admin or
root. In fact I've seen people render a Mac unbootable by messing with
the wrong files while logged in as admin or root.

> I'm not saying "if" you know what your doing its not okay.
>
> But unless they do know just don't throw it willy nilly. It can be
> dangerously powerful

My point is the GUI is no more safe in this regard.

[John Varela]

On Tue, 28 Feb 2012 20:10:45 UTC, Jolly Roger <jolly...@pobox.com>
wrote:

Well, it doesn't matter because of course he has a current backup.

--
John Varela

[Phillip Jones]

Are you sure? did he say so?

Up until I bought this MacBook Pro with Time-Machine I didn't back up
files. I bought an external Drive with FireWire Connection and have it
update once an hour. I've had Macs since SE/70 and never backed up
anything except I duplicated all my data on my desktop and laptop.

So you can't say everyone backs up files.

--
Phillip M. Jones, C.E.T. "If it's Fixed, Don't Break it"
http://www.phillipmjones.net/ mailto:pjo...@kimbanet.com

[Kiraly]

On Feb 28, 12:10 pm, Jolly Roger <jollyro...@pobox.com> wrote:
> My point is the GUI is no more safe in this regard.

That's easily said by someone like you JR, who has been using the CLI
since before there was a GUI. Try deleting a stubborn folder:

With CLI: # rm -rf /Users/jollyroger/pics
Or with GUI: Log in as root, navigate to /Users/jollyroger, drag ./
pics to Trash, empty trash.

Or make a simple typo:
# rm -rf / Users/jollyroger/pics

Oops. Entire hard drive is erased. Bummer. Its quite difficult to
accidentally do that kind of damage with the GUI as root. Navigate to /
Users/jollyroger, drag ./pics to Trash, also drag everything else you
can see to Trash, empty trash. Not gonna happen.

See the difference now?

[John Varela]

Whoosh!

--
John Varela