MacOS – Delete file without permission

macos

I need to prevent a Mac user from deleting some files, so my idea is disable the user to sudo to the root user. I tested it in Terminal, it's OK there:

dst49700:salt ttest$ ls -al /etc/salt/111 
-rw-------  1 root  wheel  0 Apr 20 16:54 /etc/salt/111
dst49700:salt ttest$ rm /etc/salt/111 
override rw-------  root/wheel for /etc/salt/111? y
rm: /etc/salt/111: Permission denied

The staff group's user ttest can not delete this file.

But it's very strange: when I tested it in Finder, I dragged it to the Trash, I needed to enter a password and after that, the file had been moved to Trash.

Why can I move it to Trash without permission? Nobody can delete it, except root, can somebody help me or tell me a better idea to prevent a user from deleting a file?

Best Answer

You did need permission — Finder asked you for your password and you provided it. That gave Finder permission to use root access to delete the file, because the staff group are in sudoers.

Do It Yourself: Option 1

Open a Finder window in Column View. Choose Go To Folder from the Go menu. In the sheet that comes down, type /System/Library/CoreServices. You'll see two Finders there. Click on one of them (just one click!) and make sure it doesn't say "Classic Application" in the preview pane. If it doesn't, then that's the one you want. Hold Option and drag it to the desktop (because you want to duplicate it).

Now rename that app to RootFinder or something. Move it to your /Applications directory. That's all the setup; the only part you have to repeat is from here on in.

Open the terminal. Type:

    cd /Applications
    sudo open -a RootFinder.app

Enter your admin password at the prompt. Note that your desktop picture will change, and a new default Finder window will pop up. Your original Finder windows or other running apps won't be affected, however. Now, you cannot move files from one Finder to the other, but as long as you're using only the root finder (opening new windows will open them as root finder, obviously), you have full root access to the bowels of your system and you can browse directories and copy/move files much more easily.

To get back to where you were, open the Terminal again. Type ps auxc | grep Finder and then sudo kill [PID] and enter the PID of the Finder. The Finder will automatically relaunch in your original account, and your desktop picture will change back.

Source: Create a GUI Finder with root access

Third Party App: Option 2

Would you be interested in LaunchAsRoot?

From their website,

How to use

Drag the application (or a document) you wish to launch as root on top of the LaunchAsRoot application icon in the Finder. You will presented with an authentication dialog. Enter the name and password of an administrator to allow the application to be launched by LaunchAsRoot. LaunchAsRoot quits after launching the application.

How to use Service:

Control-click on the application (or a document) in the Finder and select "Launch As Root" from the Services contextual submenu. You will presented with an authentication dialog. Enter the name and password of an administrator to allow the application to be launched by LaunchAsRoot. LaunchAsRoot quits after launching the application.

MacOS – Emptying trash, with file-in-use: Is there any difference between ‘skip’ and ‘continue’

I couldn't find any documented proof but still, here is my answer.

When you first hit above shown error, it means you can

Skip i.e. don't try to trash mentioned file and continue trashing the rest
Stop i.e. stop trashing for now
Continue i.e. you have closed mentioned file (it's not in use anymore) and OSX can continue trashing it

If you just click continue or fail to close the open file, OSX skips them and hence the confusion.

Most of the in-use files I have seen are plists which needs to be unloaded before deleting

Extra info after some experiment:

Above said is mostly true in situations when trash contains plists or in general you trashed some app

For example:

If you create a text file → Open it → Trash it while the file is still open → Try empty Trash → No problem i.e. Trash empty without any error and file still open

But If you start some app (like MAMP in my experiment) → Launch it & start services → Trash the app → Try empty trash → You will get the above said error → Open activity monitor → Kill all related services & hit continue → Trash empty