Is User priviledged (admin or not)

Tomas_J · October 22, 2013, 8:32am

How can I detect if a user has admin/root rights in win, mac and linux?

Tim_Parnell · December 23, 2016, 7:28pm

Bumpity bump bump bump.

I found a lot of “here’s how you do something with admin privileges” and the MBS plugin that will tell you if a Windows user is admin or not, but still nothing on determining if the user (or more specifically the app) is running with admin permissions.

Wayne_Golding · December 23, 2016, 8:46pm

On Windows I simply try to perform an action that won’t succeed if the app is not running with admin privileges e.g. create a file in the specialfolder.sharedapplicationdata folder. If the action is successful then the app has admin privileges.

It should be possible to do this on all platforms with different tests.

Christian_Schmitz · December 23, 2016, 11:41pm

As there are privileges on several levels you may just try what you want and see if it fails.

Tim_Parnell · December 24, 2016, 12:49am

I would have thought that attempting to do adminy stuff without admin permissions would raise some kind of “this app is being naughty” kind of dialog. Thanks for the suggestions, guys.

Michel_Bujardet · December 24, 2016, 12:39pm

Under Windows, whoami /Priv gives permissions informations about the current user
http://www.thewindowsclub.com/whoami-windows

Arnaud_N · January 8, 2020, 10:24am

This question still lacks a solution for Mac
Currently, I check whether the current user is in admin group using the MBS plugin and the shell:
dim d As new DarwinUserMBS
dim s,t() As String
dim sh As Shell

d.LoadUserByID(d.CurrentUserID)
if d.Ready then
sh=new Shell
sh.Execute "groups “+d.Name
s=sh.Result
t=s.Split(” ")
return t.IndexOf(“admin”)>-1
end if

However, as often with the shell used in high-level programming, I’m not confident it works always (what if the shell returns another delimiter than space in a given Mac OS version? For instance Or if d.Name contains character(s) that the shell doesn’t recognise naturally). Dealing with strings for performing commands is very weak, I think.

So, this example seems to work but a better solution would be great. I searched briefly using Google and no ideal result was found.

Tim_Jones · January 8, 2020, 6:01pm

There’s no way to specifically determine “if” a user may run privileged operations, but you could scan the output of the “groups” command for “admin”.

theShell.Mode = 0 theShell.Execute "groups | grep ""admin""" If theShell.ErrorCode = 0 Then // the user is in the admin group // do the privileged thing Else // standard user End If

Arnaud_N · January 8, 2020, 8:13pm

That’s a shame and I don’t even understand why Security reason? In what circumstance would just knowing if the user could run privileged operations be a security flaw, considering there are more complex alternative to figure that out?

[quote=470645:@Tim Jones]but you could scan the output of the “groups” command for “admin”.

theShell.Mode = 0 theShell.Execute "groups | grep ""admin""" If theShell.ErrorCode = 0 Then // the user is in the admin group // do the privileged thing Else // standard user End If[/quote]
Good catch. My code above was way too much complex (your command removes the use of instantiating a DarwinUser for the user himself since it gets the information from that user anyway).
Thank you.