Re:Good points... (Score 1)

Your missing the point of the bug report. The authorization key for Finder Authentication isn't in /etc/authorization. Their own API is incomplete. If it was there, a sysadmin could change it to only allow wheel or some other group to gain root access through the Finder. You could add the key, but if Apple ever does fix this, it could screw things up down the road.

What I meant by not recognizing file permissions is if I set a folder to root:wheel so only root should have access, Apple's API, in it's current state, allows for admins to bypass my permissions. For that matter, Apple's current API allows admins access to /private/root and anything else that is root only.

If Apple's idea is to make any admin a root-equivalent by default, I have a hard time seeing them taken seriously in secure environments without giving sysadmins more control over the API. Sudo gives this control. Apple's API does not