Skip to content

Embed URL

HTTPS clone URL

Subversion checkout URL

You can clone with
or
.
Download ZIP
#!/bin/sh
#############################################################################
# #
# /etc/authorization modification example #
# Version 1.0, 2013-05-21 #
# Samuel Keeley #
# #
# modifies /etc/authorization to allow all users to shut down, restart, #
# and some to change timezone, manage print queues run softwareupdate. #
# #
# #
#############################################################################
#* PLIST BUDDY
PB="/usr/libexec/PlistBuddy"
logger "editing /etc/authorization"
##backup original
sudo /bin/cp -f /etc/authorization{,.original}
##set the rights
## allow everyone access to system preferences itself
sudo $PB -c "set rights:system.preferences:group powerusers" "/etc/authorization"
##restart, changing from "evaluate-mechanisms" to "user"
sudo $PB -c "add rights:system.restart:class string user" "/etc/authorization"
sudo $PB -c "set rights:system.restart:class user" "/etc/authorization"
sudo $PB -c "add rights:system.restart:allow-root bool true" "/etc/authorization"
sudo $PB -c "set rights:system.restart:allow-root true" "/etc/authorization"
sudo $PB -c "add rights:system.restart:group string everyone" "/etc/authorization"
sudo $PB -c "set rights:system.restart:group everyone" "/etc/authorization"
sudo $PB -c "add rights:system.restart:shared bool false" "/etc/authorization"
sudo $PB -c "set rights:system.restart:shared false" "/etc/authorization"
sudo $PB -c "delete rights:system.restart:mechanisms" "/etc/authorization"
##shutdown, changing from "evaluate-mechanisms" to "user"
sudo $PB -c "add rights:system.shutdown:class string user" "/etc/authorization"
sudo $PB -c "set rights:system.shutdown:class user" "/etc/authorization"
sudo $PB -c "add rights:system.shutdown:allow-root bool true" "/etc/authorization"
sudo $PB -c "set rights:system.shutdown:allow-root true" "/etc/authorization"
sudo $PB -c "add rights:system.shutdown:group string everyone" "/etc/authorization"
sudo $PB -c "set rights:system.shutdown:group everyone" "/etc/authorization"
sudo $PB -c "add rights:system.shutdown:shared bool false" "/etc/authorization"
sudo $PB -c "set rights:system.shutdown:shared false" "/etc/authorization"
sudo $PB -c "delete rights:system.shutdown:mechanisms" "/etc/authorization"
##timezone, need to add on 10.5 and later, everyone
sudo $PB -c "add rights:system.preferences.dateandtime.changetimezone dict" "/etc/authorization"
sudo $PB -c "add rights:system.preferences.dateandtime.changetimezone:class string allow" "/etc/authorization"
sudo $PB -c "set rights:system.preferences.dateandtime.changetimezone:class allow" "/etc/authorization"
sudo $PB -c "add rights:system.preferences.dateandtime.changetimezone:comment string Timezones" "/etc/authorization"
sudo $PB -c "set rights:system.preferences.dateandtime.changetimezone:comment Timezones" "/etc/authorization"
sudo $PB -c "add rights:system.preferences.dateandtime.changetimezone:shared bool true" "/etc/authorization"
sudo $PB -c "set rights:system.preferences.dateandtime.changetimezone:shared true" "/etc/authorization"
## print operator, everyone
sudo $PB -c "set rights:system.print.operator:group everyone" "/etc/authorization"
## printer prefpane, powerusers. requires additional right
sudo $PB -c "set rights:system.preferences.printing:group powerusers" "/etc/authorization"
## add group 'powerusers' to 'lpadmin' group
sudo dseditgroup -o edit -a powerusers -t group lpadmin
## software update, everyone, requires additional right
sudo $PB -c "set rights:system.preferences.softwareupdate:group everyone" "/etc/authorization"
sudo $PB -c 'Set :rights:system.install.apple-software:rule allow' "/etc/authorization"
sudo $PB -c 'set rights:com.apple.SoftwareUpdate.scan:rule allow' "/etc/authorization"
## network preferences, powerusers, requires additional right
sudo $PB -c "set rights:system.preferences.network:group powerusers" "/etc/authorization"
sudo $PB -c 'set rights:system.services.systemconfiguration.network:rule allow' "/etc/authorization"
## energy saver, powerusers
sudo $PB -c "set rights:system.preferences.energysaver:group powerusers" "/etc/authorization"
## time machine, powerusers
sudo $PB -c "set rights:system.preferences.timemachine:group powerusers" "/etc/authorization"
#+ Permissions
sudo chown root:wheel "/etc/authorization"
sudo chmod 644 "/etc/authorization"
exit 0
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Something went wrong with that request. Please try again.