Kurt Lang wrote:
Yes, that was an assumption on my part that the person already knew the admin password. Should have said so to avoid confusion.
Well, if the person already knows the admin password, then he
is an administrator. He can then promote his own account to admin and take over the whole machine.
Hmm. I don't see how that would work. Once you enter the admin password, you'd be able to do anything OnyX had in its feature set.
Exactly. I, as an admin user, but who uses a non-admin account for everyday use, could launch OnyX in my non-admin account, enter the admin password, and then use it. Completely secure. A non-admin user who doesn't know the admin user would still be prevented from using OnyX at all. That allows for the same level of security as exists right now, and is how all other system utilities, even ones provided by Apple, work.
We'll have to agree to disagree there. It's a good safety net for the less computer savvy. Like keeping your kids away from such utilities.
All I'm asking for is for OnyX to ask for admin credentials when being launched from a non-admin account. Then, if the non-admin user can't enter the admin password, then the program would simply quit. If an administrator is there to authenticate, then the administrator can launch and use it to maintain and/or repair the non-admin account. That is 100% completely as secure as the situation now.
But the current situation is that it will simply refuse to open at all under a non-admin account, meaning that not even an administrator can use it to repair or maintain a non-admin account. That isn't any additional layer of security. It's quite the contrary; it's preventing an administrator from administering the computer.
Right now the only workaround to get OnyX to do any maintenance on a non-admin account is to temporarily promote that account to admin. I would argue that that is a heck of a lot less secure than simply allowing an administrator to launch the app from the non-admin account without having to promote the whole account to admin.
All admin utilities provided by Apple - Software Update, all the secure System Preferences, Disk Utility, Workgroup Manager, even sudo on the command line, all allow themselves to be run from any non admin account, by an administrator who can enter the admin password. All of this conforms to Apple's security guidelines. OnyX is broken if it doesn't follow those guidelines.
The OnyX developer seems to assume that everyone runs all the time in an admin account, and it will only clear browser caches in admin accounts. The fact that Apple warns against even browsing the web while logged in to an admin account shows that the OnyX developer has a thing or two to learn about security configuration.