[R-SIG-Mac] problem installing packages from terminal

Simon Urbanek simon.urbanek at r-project.org
Sat Jun 4 22:42:18 CEST 2005 

On Jun 4, 2005, at 3:32 PM, Federico Calboli wrote:

>> You don't need to - in fact it's not recommended to enable the  
>> root  user on OS X and it's completely unnecessary, because you  
>> should be  using sudo with the same effect without potentially  
>> hazardous side-effects of enabling root.
>
> I am a Linux user at work (and I sysadmin for myself as well), and  
> the more Linux/Unix like in behaviour I can make OSX the better.  
> The fact that I have administrative privileges is something I find  
> pretty weird.

What do you mean? This may be just a terminology issue. On OS X  
"administrators" (i.e. users with administrative privileges - or as  
System Preferences call it "users that are allowed to administer this  
computer") are users that can sudo to get root privileges. They are  
also members of the "admin" group. Other than that, they are ordinary  
users, so if you login as one, you (and any program you run) can do  
as little harm as any other regular user. Only if you sudo (either on  
the command line or using Security framework) you get the effective  
permissions of a root. As with any system, you should think twice  
before giving someone admin access ;).

The advantage of this security concept (which you can use on any unix  
system) as opposed to actually logging in as root is that you run  
only very specific tasks with root privileges, thus reducing the  
possibility of damaging the system. This is why root is disabled by  
default on OS X - to make it more secure.
Another nice security aspect is that SF authentication changes only  
euid, therefore it is still possible to trace which user is actually  
using the root privileges.

BTW: A side note on the original topic: if you install a package  
manually as root, it will change its permissions inside the  
framework, so you won't be able to update it as admin user anymore -  
you'll always have to do it as root from that point on. Another  
reason to not do that ;).

Cheers,
Simon

More information about the R-SIG-Mac mailing list