diff --git a/checkin_notes b/checkin_notes
index 94a5fe540f..b36a177ba7 100755
--- a/checkin_notes
+++ b/checkin_notes
@@ -7931,3 +7931,18 @@ David 24 July 2006
poll_my_result.php (new)
languages/translations/
en.po
+
+Charlie 24 July 2006
+ - Mac sandbox: don't set or require user boinc_master to be a member of group
+ boinc_project (i.e., do not add group boinc_project to user boinc_master's
+ supplementary groups list.)
+
+ client/
+ check_security.C
+ clientgui/
+ mac/
+ SetupSecurity.cpp
+ doc/
+ sandbox.php
+ mac_installer/
+ Installer.cpp
diff --git a/client/check_security.C b/client/check_security.C
index 4889422873..984eb6f76b 100644
--- a/client/check_security.C
+++ b/client/check_security.C
@@ -172,14 +172,6 @@ char *bundlePath, char *dataPath
if (grp == NULL)
return -1011; // Group boinc_project does not exist
boinc_project_gid = grp->gr_gid;
-
- for (int i=0; ; i++) { // Step through all users in group boinc_project
- char *p = grp->gr_mem[i];
- if (p == NULL)
- return -1012; // User boinc_master is not a member of group boinc_project
- if (strcmp(p, boinc_master_user_name) == 0)
- break;
- }
#endif
#if (defined(__WXMAC__) || defined(_MAC_INSTALLER)) // If Mac BOINC Manager or installer
diff --git a/clientgui/mac/SetupSecurity.cpp b/clientgui/mac/SetupSecurity.cpp
index a7d854698b..0224065203 100644
--- a/clientgui/mac/SetupSecurity.cpp
+++ b/clientgui/mac/SetupSecurity.cpp
@@ -81,7 +81,6 @@ static char chownPath[] = "/usr/sbin/chown";
#define RIGHTS_COUNT 3 /* Count of the 3 above items */
int CreateBOINCUsersAndGroups() {
- char buf1[80];
OSStatus err = noErr;
err = CreateUserAndGroup(REAL_BOINC_MASTER_NAME, REAL_BOINC_MASTER_NAME);
@@ -91,13 +90,6 @@ int CreateBOINCUsersAndGroups() {
err = CreateUserAndGroup(REAL_BOINC_PROJECT_NAME, REAL_BOINC_PROJECT_NAME);
if (err != noErr)
return err;
-
- // Add user boinc_master to group boinc_project
- sprintf(buf1, "/groups/%s", boinc_project_group_name);
- // "dscl . -merge /groups/boinc_project users boinc_master"
- err = DoPrivilegedExec(dsclPath, ".", "-merge", buf1, "users", boinc_master_user_name);
- if (err != noErr)
- return err;
err = ResynchSystem();
if (err != noErr)
diff --git a/doc/sandbox.php b/doc/sandbox.php
index abc94663b7..bdcf38cf1d 100644
--- a/doc/sandbox.php
+++ b/doc/sandbox.php
@@ -76,7 +76,7 @@ These users and groups are created by the installation process.
User: boinc_master
- Primary group: boinc_master
-
- Supplementary groups: boinc_project
+
- Supplementary groups: none
User: boinc_project
diff --git a/mac_installer/Installer.cpp b/mac_installer/Installer.cpp
index 620873feeb..3f44961806 100755
--- a/mac_installer/Installer.cpp
+++ b/mac_installer/Installer.cpp
@@ -218,14 +218,6 @@ OSStatus IsLogoutNeeded(Boolean *result)
if (pw->pw_gid != boinc_project_gid)
return noErr; // User boinc_project does not have group boinc_project as its primary group
- for (i=0; ; i++) { // Step through all users in group boinc_project
- p = grp->gr_mem[i];
- if (p == NULL)
- return noErr; // User boinc_master is not a member of group boinc_project
- if (strcmp(p, boinc_master_user_name) == 0)
- break;
- }
-
// Step through all visible users. If user is a member of group admin, verify
// that user is also a member of both groups boinc_master and boinc_project.
// NOTE: getgrnam and getgrgid use one static memory area to return their results,