Jan 252013
 

Mac OS X is built on top of a strong UNIX foundation. Thereby it also inherits its multiuser capabilities. User separation allows us to have different system accounts for different users, making the system more secure by restricting access to system functions for particular users.

However sometimes it is necessary to launch an application as System Administrator (root). As long as you have an administrator account, this can be done using one of the following approaches:

  • If you want to launch a single UNIX (command line) application the sudo command is the way to go. It allows you to run a single command as root. Furthermore it also allows you to spawn a new root shell using the -s switch. Thus you to run several commands as root without having to type sudo all the time.
  • It is also possible to enable the root account. After that you can use the Login Window to login as root. I would strongly recommend to not use this approach as it disables lots of security features.
  • Sometimes you may want an application to always launch as root (or another user). This can be done by setting the POSIX suid bit. If set, this application will run as the POSIX owner independently of who launched it. A good usage example is the passwd command.
  • Finally it is also possible to launch Mac OS applications as root. This can either be done by using the Terminal (by launching the binary located in “App Bundle.app/Contents/MacOS/” or by using my new tool MacSudoer.

MacSudoer

MacSudoer is a small droplet written in AppleScript that launches the dropped application as root. This can for example be used to allow OmniDiskSweeper to analyse the whole disk including all system folders.

To install MacSudoer just download the application and drag it to your Dock. Now you can drop any application onto the bomb icon to launch it as root.

For security reasons you have to enter your password before the dropped application is launched. Furthermore not all programs can or should be launched as root. A malfunction of such a privileged application can render your system unusable or delete your data. Therefore only launch trusted applications using MacSudoer.

Leave a Reply to Anonymous Cancel reply

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>

(required)

(required)