Help

Help with authorizationdb

amfarrell
New Contributor

Posted on ‎09-08-2016 03:02 PM

We have students that need to create disk images from SD cards, but to do so requires admin privileges. In the past I have edited the authorization file and the authorization.plist (I know, I know), but this option isn't available any longer.
This is the right:

<dict>
    <key>allow-root</key>
    <false/>
    <key>authenticate-user</key>
    <true/>
    <key>class</key>
    <string>user</string>
    <key>comment</key>
    <string>See authopen(1) for information on the use of this right.</string>
    <key>created</key>
    <real>495051235.78586203</real>
    <key>group</key>
    <string>admin</string>
    <key>modified</key>
    <real>495051235.78586203</real>
    <key>session-owner</key>
    <false/>
    <key>shared</key>
    <false/>
    <key>timeout</key>
    <integer>300</integer>
    <key>tries</key>
    <integer>10000</integer>
    <key>version</key>
    <integer>0</integer>
</dict>

I am able to read out to a plist file and edit, but when I try to write back I receive:

admin’s-MacBook-Pro:~ admin$ sudo security authorizationdb write sys.openfile. <  /tmp/sys.openfile.plist
NO (-60005)

Has anyone run into this or something similar?

0 Kudos
1 REPLY 1

Anonymous
Not applicable

Posted on ‎09-12-2016 07:18 AM

I can't offer much help but hopeful this will point you in the correct direction. Looking at the man page for authopen, it looks like you need to specify the type of operation. For this I believe you would be using the the right sys.openfile.readwritecreate. You should probably set it to be more restricted though, reference authopen to see how this can be accomplished.

0 Kudos