I also thought that only administrators can install applications in /Applications
.
However, I have learned that a standard user can overthrow this premise without administrator privilege even if I restrict by profile.
First, prepare a Brewfile
like this:
# Brewfile
mas 'xcode', id: 497799835
And execute the following command:
brew bundle
Then, we can install applications on App Store even the user without administrator privileges.
I hoped that I could not install the application if I restricted by the profile.
I have learned that a standard user can overthrow this premise without administrator privilege even if I restrict by profile.
OS version: 10.12.6
brew version: 1.2.6-38-g2aa5674
The mas
command is calling API with CommerceKit
and StoreFoundation
.
I think that a standard user can call some APIs of App Store.app with administrator privileges. Even if you restrict by profile, it will be meaningless.