Instantly share code, notes, and snippets.
-
Save keeleysam/fab1280165ba9c51d017 to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/sh | |
| ############################################################################# | |
| # # | |
| # /etc/authorization modification example # | |
| # Version 1.0, 2013-05-21 # | |
| # Samuel Keeley # | |
| # # | |
| # modifies /etc/authorization to allow all users to shut down, restart, # | |
| # and some to change timezone, manage print queues run softwareupdate. # | |
| # # | |
| # # | |
| ############################################################################# | |
| #* PLIST BUDDY | |
| PB="/usr/libexec/PlistBuddy" | |
| logger "editing /etc/authorization" | |
| ##backup original | |
| sudo /bin/cp -f /etc/authorization{,.original} | |
| ##set the rights | |
| ## allow everyone access to system preferences itself | |
| sudo $PB -c "set rights:system.preferences:group powerusers" "/etc/authorization" | |
| ##restart, changing from "evaluate-mechanisms" to "user" | |
| sudo $PB -c "add rights:system.restart:class string user" "/etc/authorization" | |
| sudo $PB -c "set rights:system.restart:class user" "/etc/authorization" | |
| sudo $PB -c "add rights:system.restart:allow-root bool true" "/etc/authorization" | |
| sudo $PB -c "set rights:system.restart:allow-root true" "/etc/authorization" | |
| sudo $PB -c "add rights:system.restart:group string everyone" "/etc/authorization" | |
| sudo $PB -c "set rights:system.restart:group everyone" "/etc/authorization" | |
| sudo $PB -c "add rights:system.restart:shared bool false" "/etc/authorization" | |
| sudo $PB -c "set rights:system.restart:shared false" "/etc/authorization" | |
| sudo $PB -c "delete rights:system.restart:mechanisms" "/etc/authorization" | |
| ##shutdown, changing from "evaluate-mechanisms" to "user" | |
| sudo $PB -c "add rights:system.shutdown:class string user" "/etc/authorization" | |
| sudo $PB -c "set rights:system.shutdown:class user" "/etc/authorization" | |
| sudo $PB -c "add rights:system.shutdown:allow-root bool true" "/etc/authorization" | |
| sudo $PB -c "set rights:system.shutdown:allow-root true" "/etc/authorization" | |
| sudo $PB -c "add rights:system.shutdown:group string everyone" "/etc/authorization" | |
| sudo $PB -c "set rights:system.shutdown:group everyone" "/etc/authorization" | |
| sudo $PB -c "add rights:system.shutdown:shared bool false" "/etc/authorization" | |
| sudo $PB -c "set rights:system.shutdown:shared false" "/etc/authorization" | |
| sudo $PB -c "delete rights:system.shutdown:mechanisms" "/etc/authorization" | |
| ##timezone, need to add on 10.5 and later, everyone | |
| sudo $PB -c "add rights:system.preferences.dateandtime.changetimezone dict" "/etc/authorization" | |
| sudo $PB -c "add rights:system.preferences.dateandtime.changetimezone:class string allow" "/etc/authorization" | |
| sudo $PB -c "set rights:system.preferences.dateandtime.changetimezone:class allow" "/etc/authorization" | |
| sudo $PB -c "add rights:system.preferences.dateandtime.changetimezone:comment string Timezones" "/etc/authorization" | |
| sudo $PB -c "set rights:system.preferences.dateandtime.changetimezone:comment Timezones" "/etc/authorization" | |
| sudo $PB -c "add rights:system.preferences.dateandtime.changetimezone:shared bool true" "/etc/authorization" | |
| sudo $PB -c "set rights:system.preferences.dateandtime.changetimezone:shared true" "/etc/authorization" | |
| ## print operator, everyone | |
| sudo $PB -c "set rights:system.print.operator:group everyone" "/etc/authorization" | |
| ## printer prefpane, powerusers. requires additional right | |
| sudo $PB -c "set rights:system.preferences.printing:group powerusers" "/etc/authorization" | |
| ## add group 'powerusers' to 'lpadmin' group | |
| sudo dseditgroup -o edit -a powerusers -t group lpadmin | |
| ## software update, everyone, requires additional right | |
| sudo $PB -c "set rights:system.preferences.softwareupdate:group everyone" "/etc/authorization" | |
| sudo $PB -c 'Set :rights:system.install.apple-software:rule allow' "/etc/authorization" | |
| sudo $PB -c 'set rights:com.apple.SoftwareUpdate.scan:rule allow' "/etc/authorization" | |
| ## network preferences, powerusers, requires additional right | |
| sudo $PB -c "set rights:system.preferences.network:group powerusers" "/etc/authorization" | |
| sudo $PB -c 'set rights:system.services.systemconfiguration.network:rule allow' "/etc/authorization" | |
| ## energy saver, powerusers | |
| sudo $PB -c "set rights:system.preferences.energysaver:group powerusers" "/etc/authorization" | |
| ## time machine, powerusers | |
| sudo $PB -c "set rights:system.preferences.timemachine:group powerusers" "/etc/authorization" | |
| #+ Permissions | |
| sudo chown root:wheel "/etc/authorization" | |
| sudo chmod 644 "/etc/authorization" | |
| exit 0 |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment