Hi,
Since the update from 10.8 to Mavericks it's no longer possible to change certain authorisation rights in the Auth.db. I use the following commands to do this:
security authorizationdb read system.preferences > /tmp/system.preferences.plist
/usr/libexec/PlistBuddy -c "Set :group powerusers" /tmp/system.preferences.plist
security authorizationdb write system.preferences < /tmp/system.preferences.plist
Powerusers is a group i created, which should have more rights than a standard user.
This works fine for most of the rights which you can find on http://www.dssw.co.uk/reference/authorization-rights/index.html
But unfortunately there are some rights that i can't change like authenticate-admin. The right looks like this:
{
'allow-root' : 'false',
'authenticate-user' : 'true',
'class' : 'user',
'comment' : 'Authenticate as an administrator.',
'group' : 'admin',
'session-owner' : 'false',
'shared' : 'true',
'timeout' : '0',
'tries' : '10000'
}
I used the following commands to change the group to powerusers:
security authorizationdb read authenticate-admin > /tmp/authAdm.plist
/usr/libexec/PlistBuddy -c "Set :group powerusers" /tmp/authAdm.plist
security authorizationdb write authenticate-admin < /tmp/authAdm.plist
The first two lines work fine but it won't write it back into the db, even if i don't change anything in the second line. There's just the error message NO (-60005).
Am I the only one with this problem or has anyone an idea how to fix it? I would be very glad if someone could hep me.
Best regards,
Joe
Since the update from 10.8 to Mavericks it's no longer possible to change certain authorisation rights in the Auth.db. I use the following commands to do this:
security authorizationdb read system.preferences > /tmp/system.preferences.plist
/usr/libexec/PlistBuddy -c "Set :group powerusers" /tmp/system.preferences.plist
security authorizationdb write system.preferences < /tmp/system.preferences.plist
Powerusers is a group i created, which should have more rights than a standard user.
This works fine for most of the rights which you can find on http://www.dssw.co.uk/reference/authorization-rights/index.html
But unfortunately there are some rights that i can't change like authenticate-admin. The right looks like this:
{
'allow-root' : 'false',
'authenticate-user' : 'true',
'class' : 'user',
'comment' : 'Authenticate as an administrator.',
'group' : 'admin',
'session-owner' : 'false',
'shared' : 'true',
'timeout' : '0',
'tries' : '10000'
}
I used the following commands to change the group to powerusers:
security authorizationdb read authenticate-admin > /tmp/authAdm.plist
/usr/libexec/PlistBuddy -c "Set :group powerusers" /tmp/authAdm.plist
security authorizationdb write authenticate-admin < /tmp/authAdm.plist
The first two lines work fine but it won't write it back into the db, even if i don't change anything in the second line. There's just the error message NO (-60005).
Am I the only one with this problem or has anyone an idea how to fix it? I would be very glad if someone could hep me.
Best regards,
Joe
