At 9:24 AM -0600 2007/11/05, Paul Schmehl wrote:

>I disagree. Here's why. When you try to install a program on OS X,
>you are prompted for *your* password. Nowhere does it warn you that
>this is an administrator level access. I think that's a mistake on
>Apple's part (and many other OSes as well) in that the average joe
>user won't understand the implications of typing in *his* password.
>
>Now, if Joe is especially sharp, he might question *why* he has to
>type in his password again when he's already logged in, but, unless
>he's been learning the OS, he's not going to make the connection
>that he's about to authorize privileged access to the file system.
>
>Unix, IMNSHO, handles this the right way. You try to run something
>that requires root access, it refuses to run it *and* tells you that
>you need to be root to do it. Unfortunately, some of the GUIs are
>now obscuring this knowledge by simply prompting for the password,
>but at least they tell you it's the *root* password and not yours.

I don't agree with this. Apple has been moving towards the
'sudo' model (enter your/an administrator password), as opposed to
the 'su' model (enter the unique 'root' password), and their GUI
authentication follows this design. It's useful to have multiple
users able to administer a machine, without ever *sharing* a single
'root' password.

On the other hand, I would like to see more clarity in the
authentication dialog(s) around what exactly is a) to be
done/authorized and b) what exactly the user is doing.

I suspect people have complained about how confusing that
authorization dialog is, though, and that's why Apple has simplified
it to the current degree.

Chris
--
Chris Pepper: <http://www.reppep.com/~pepper/>
<http://www.extrapepperoni.com/>
The Rockefeller University: <http://www.rockefeller.edu/>

[ reply ]