I am currently switching over from Linux to OS X, and in the process have found a few surprising differences between the two systems.
I am quite used to the concept of installing most applications into my user's home directory, as a general security practice. To my surprise, however, when installing an application that runs with JRE, I am immediately greeted with a message "java wants to make changes. type your password to do this". This prompt comes before even asking to which directory the files are to be installed (e.g. ~/Applications/). Needless to say, this is not something I am used to when installing similar Java-dependent applications in Linux.
My question: is this java prompt granting the whole process admin privileges? Is this prompt something that can be avoided by separating the root and user accounts completely, or is this just how Java works on OS X?
Best Answer
On OS X, the administrative password is required for any item that is installed outside of the local user. The reason being is that OS X has a differing file structure (and privilege arrangement) than Linux.
The root of OS X is installed to /System. This parent directory is untouched aside from system files (such as OS X updates).
Libraries, extensions, various plug-ins, and other miscellany used to power some applications are installed to /Library. Applications typically install their files to a folder names Application Support (however, this is not always the case). This parent folder houses files that can be modified by installers run by either the administrator or a user. Installed components affect the entire system (not just a particular user).
Lastly, Applications (which are in actuality folders with the .app suffix) are placed in /Applications. The Mac App Store (MAS) downloads to this directory and users can also drag and drop their applications here. The parent directory is owned by root (and so are applications installed via the MAS) but users do have write access.
The folders above (and their children) will require the administrative password to modify, copy, or delete.
With respect to MATLAB, the installer likely installs files to /Library (perhaps to Application Support), hence the administrative password requirement.
I can't speak for MATLAB specifically, but the option to view a packages file structure is available through the OS X's Installer. Simply launch the package (pkg) and then navigate to the menu. It is located under File > Show Files. Here you can see the contents of the VPN Update for Mavericks Server available on Apple's website.
The request for administrative credentials occurs before the actual need to write the files. It is simply the way a package is built on OS X. Think of it as simply a step in the install procedure rather than one that is bound to a specific event that occurs due to the need for it. During the construction of the installer, the developer would specify these requirements and once specified, it is OS X that delivers them in accordance with Apple's human interface guidelines.