That would be about the only feasible way to implement this, that I can see. But in that case, each user that you might want to switch to/from would have to have every other user(s) information that you might want to switch to/from stored in their Keychain. This could turn into a real maintenance nightmare pretty quickly with 3 or more users, and you'd be dealing with the dialog to update each Keychain after most system and security updates.

At that point you might just as well use no passwords at all.

Sorry for reopening an old thread, but I couldn't resist on commenting on this nonsensical statement.

Of cause, presenting some information in a window requires more effort from a programmer than a simple printf("whatever");
But commandline-apps are more complicated to use than gui-apps, that's especially true for most of those old unix tools with their switches and options and arguments and the constant danger of typos - the biggest security hole in every computing environment is always sitting in front of the console.
While commandline tools are really first class for automating repeating tasks with scripts, they suck in every day use, when I have to read the man-page once again to find the right switch, when a good gui had taken me fractions of the time to find the right radio-button.

And if you're going to find a severe security hole in the software, it will most likely not be in any gui-app, but in those background service tasks, that are started from the system and are running in root-context.

Now imagine a non-GUI version of netinfo-manager (you probably wouldn't want us to use it either...)

hayne's statement makes perfect sense.

Remember the last couple of bad security problems (Safari-Help.app for example). Apple starts to get the hang of rolling out patches for bugs which get fixed in *.BSD, yet they manage to be a lot sloppier with their own, not-open-source stuff.

There are right now pretty bad, published problems with OS X unfixed for months.

While it is easy to write sloppy code for both CLI and GUI and stupid users are definitely a big danger to any computer, limiting priviledges also on GUI-programs still is a good idea.

Tu verras en viellissant, mon jeune ami, tu verras...

Amen. I think of the commandline as an unfinished project, and while it's nice to have it available, I often wonder if it isn't a giant step backwards. It being available certainly doesn't encourage people to write software with a better user interface.

You mean like /usr/bin/niutil & /usr/bin/nicl?

I think one becomes accustomed to what they use. I use both GUI and command line every day and feel quite conformable in both. I don't think either one has more or less security holes due to their nature of being GUIfied or not, nor does radio buttons and args/switchs have a whole lot of baring on 'security'. Remember that many of the utilities that you use are simply GUIfied front-ends for existing CLI binaries.

I believe the thrust of hayne's argument is that you really don't need root enabled. 99.999999% of the things you need to do as root can be done using sudo or your admin account. Why add an extra layer of potential exploit by enabling root? How often do you log in as root? Would you immediately know if root's password was compromised? Why risk it unless you need it?

Personally, I need it for various reasons. But 75% of Mac users out there do not. At least 50% of those never venture into the CLI and don't need it. 14% of Mac sysadmins know that. :)

It takes me a lot longer to connect to a remote Mac with Timbuktu, kick the user off, log in as myself, run Software Update, press buttons, enter passwords, click more buttons and wait...

Then it does for me to passwordless ssh into the same box, sudo run a shell script I wrote to do that same, enter my password, and be done with it.

The same goes for supporting a Mac OS X box versus an OS 9 box. I have SO many more tools at my fingertips for troubleshooting/fixing a Mac OS X box then I ever did on an OS 9 box.

And I, for one, welcome our new CLI Overlords. I'd like to remind them that as a trusted forum personality I could be helpful in rounding up other GUI-users to toil in their underground sugar caves.

There will always be things that one is good at and the other isn't. My worry is that many of the things that should be done in a gui won't be, simply because it's possible to do it from the cli, although not easily, efficiently, or even securely.

I wouldn't worry too much about that.. I'm pretty sure most developers for Mac OS X write GUI apps. I cannot think of a single (non-apple) group that is writing (NOT porting existing binaries!) stuff strictly for the CLI. Doesn't mean they don't exist however..

A lot of the recent discussion has been merely presenting the argument that GUI apps are easier to use than CLI apps and thus the user will be less likely to make a mistake.
I'm not arguing with that.

But the whole thread is about logging in as root, not merely using one special utility with root privileges.
When you log in as root, you will have the whole windowing environment running as root. And all apps that you run will be running as root. E.g. you want to look at some instructions for the procedure you are doing, so you open up a web browser and go to some web page - all of which is done with root privileges. That means that any exploit in one of those apps will automatically have root privileges and thus have full control of your machine.

I see nothing wrong with judicious use of trusted GUI apps with root privileges. But you should start these up one at a time with something like "Pseudo" - or preferably, these utilities should ask you to authenticate so they can obtain root privileges as required. The idea is to minimize the time that you are without a safety net.

And I note that when people talk about security issues, they aren't talking about users making mistakes and destroying their system. When you make a mistake like that you usually notice it. There is a fate worse than (system) death - it is having your system taken over by a mal-doer and you not even being aware of it.

I realize I'm a bit off topic, but here I go anyway:

What I'm worried about is subtler than developers writing GUI software or not. It's that there are functions that depend on the CLI simply because nobody has written a GUI and nobody is likely to.

Even if some one does, it may be only to give a function a GUI appearance, and that would likely mean forgetting about ease of use. Just look at the best apps for the PC. Most were originally written for the Mac. And many of the worst on the Mac are direct ports from the PC. My scanner software: Canoscan for example, is a GUI, but poorly done, and a PC port.

The long term effect will be to water down one of the Macs best attributes. I'd hate to wake up one day to hear people saying that Macs are fine as long as they're "properly configured" like some other systems. We all know that's just code for "they're trouble."

Have there been any updates to this idea that any of you know of? My wife and I just started sharing my new G5, and we're already getting kind of sick of typing in our passwords whenever we use FUS. We're both admins (though I'm primarily in charge of all maintenance, etc), but like FUS so we each have our own desktops, bookmarks, mail, etc. There's no 'little kids' running around to download malicious things, so in that sense security is of no concern.

Ideally OS X would still authenticate on application installs, etc... just not FUS.