How to install an App that asks for admin rights without giving it admin rights?

How to install an App that asks for admin rights without giving it admin rights? I want to install some software downloaded from the web, but it is asking for admin rights to my Mac OS X 10.6 laptop. I don't want to give it admin rights as I don't trust it (may have viruses or who knows.)

Is there a way to install it in a local sandbox without giving it admin rights? I don't want to use a Mac VMWare image. I just want to create a local directory in my home directory and install the App there so I can easily rm it and at least limit whatever damage it could do to non-admin locked things.

MikeN

Posted 2010-09-14T01:33:10.083

Reputation: 1 024

What software is it? If it's a .pkg installer, you can use the Suspicious Package QuickLook plugin to see what it will install.

– fideli – 2010-09-14T01:45:09.637

I often use command line tools to dig into .pkg installers to peek at what scripts they want to run, what files they want to install, and sometimes to “manually” install the files. I use lsbom, pax, and an editor/pager for the scripts. Suspicious Package looks, too. :-) You might find the Pacifist tool handy if you want to “manually” install without using pax on the command line.

– Chris Johnsen – 2010-09-14T04:21:17.153

Answers

This may be what you want: Create a Sandbox for apps using folder actions

MaQleod

Posted 2010-09-14T01:33:10.083

Reputation: 12 560

There is a comment on the linked post (currently at the bottom) that explains why this is a bad idea: 1) chmod before chown (either a race or may reset the suid/sgid bits), 2) seteuid(2) can be used to revert to the euid of the user that ran a suid binary. The linked article does not provide an effective “sandbox”. – Chris Johnsen – 2010-09-14T19:10:16.500

True, but there are limited sandboxing options on a Mac, this was a possible solution, I never said it was THE solution. Here is an alternative, which isn't exactly sandboxing, but provides some protection as well, and is more stable, but it costs money for the sandboxing-like feature: http://www.shirt-pocket.com/SuperDuper/SuperDuperDescription.html

– MaQleod – 2010-09-14T21:44:13.600

Hold on. Snow Leopard has excellent sandboxing. Really nice tools in fact. Their documentation is dried cat poo, but the tools are nice.

man -k sandbox

will give you the manpages you need.

Keep in mind that if you download something executable, it should be quarantined by default

ls -l@Oe will show you all the ACL's etc , and quarantine should be in there. Nothing will run out of a quarantine , Apple says, so you can dive in via Terminal and see exactly what is being installed and how.

OT: I hate the brusqueness of the install dialog, how it just says "This installer from the internet need your admin password, chop,chop!" I should be have the option to examine the installer from the authentication dialog...

chiggsy

Posted 2010-09-14T01:33:10.083

Reputation: 472