10.8.3 Energy Saver Prefs for Non-Admins

Cotton
New Contributor

I -- I want to do something simple, but no matter what way I write the following script, it doesn't seem to change anything;

#!/bin/bash

#Backup the original authorization file
/bin/cp /etc/authorization /etc/authorization.original.backup

# Unlock Energy Saver preference pane
/usr/libexec/PlistBuddy -c 'Set :rights:system.preferences.energysaver:group everyone' /etc/authorization

Or

#Copy the authorization file to a temporary location & make it a plist
/bin/cp -pr /etc/authorization /private/tmp/authorization.plist

#Allow Device region code to be set
/usr/libexec/PlistBuddy -c 'Set :rights:system.device.dvd.setregion.initial:group everyone' /private/tmp/authorization.plist

# Unlock the Energy saver preference pane
/usr/libexec/PlistBuddy -c 'Set :rights:system.preferences.energysaver:group everyone' /private/tmp/authorization.plist

# Move file back to original location
/bin/mv /private/tmp/authorization.plist /etc/authorization

The script completes without failure, but nothing has changed with the Energy Saver preferences.

I'm not even sure it's the script, because if I run that command via terminal, it doesn't seem to do anything either.

Is there another way of allowing non-administrators to change their sleep/wake times in Energy Saver in Mountain Lion?

1 ACCEPTED SOLUTION

gregneagle
Valued Contributor

See:
http://documentation2.macsysadmin.se/2012/video/Day2Session7.m4v

and/or:
http://documentation2.macsysadmin.se/2012/pdf/MoreMacManagement.pdf

The bit I think you are missing is:
/usr/libexec/PlistBuddy -c
'Set :rights:system.preferences:group everyone'
/etc/authorization

View solution in original post

4 REPLIES 4

gregneagle
Valued Contributor

See:
http://documentation2.macsysadmin.se/2012/video/Day2Session7.m4v

and/or:
http://documentation2.macsysadmin.se/2012/pdf/MoreMacManagement.pdf

The bit I think you are missing is:
/usr/libexec/PlistBuddy -c
'Set :rights:system.preferences:group everyone'
/etc/authorization

evarona
New Contributor II

I'm going to take a complete stab in the dark here since I have very little experience with the authorization file. I just checked mine (10.8.4) and I don't see an entry in the RULES section for "everyone". I believe it's not just a group name but actually has to be defined in this section. What if instead of everyone, you try "authenticate-session-owner" or "authenticate-session-user"? If that doesn't work, maybe if you define a group rule like this ```
<key>everyone</key> <dict> <key>authenticate-user</key> <false/> <key>class</key> <string>user</string> <key>comment</key> <string>Verify that the user asking for authorization is a part of everyone.</string> <key>group</key> <string>Everyone</string>

I imagine this will translate to something like ```
/usr/libexec/PlistBuddy -c 'Add rules:everyone dict' /etc/authorization
/usr/libexec/PlistBuddy -c 'Add rules:everyone:authenticate-user bool false' /etc/authorization
/usr/libexec/PlistBuddy -c 'Add rules:everyone:class string "user"' /etc/authorization
/usr/libexec/PlistBuddy -c 'Add rules:everyone:comment string "blah blah"' /etc/authorization
/usr/libexec/PlistBuddy -c 'Add rules:everyone:group string "Everyone"' /etc/authorization

PLEASE test this carefully. Like I said, I'm not an authorization expert but I have mucked with it recently enough.

OR it could simply be that you should remove the leading ":" as in my examples. (wouldn't that be a kick in the pants!)

Good luck.

Cotton
New Contributor

Un momento..

mm2270
Legendary Contributor III

@Cotton, you may have already figured this out, but just in case, Its been a while since I mucked with /etc/authorization, but I think what Greg is saying is you have to change the overall group that has rights to some System Preference Panes to the 'everyone' group (in your case) or the right to Energy Saver.prefpane won't get applied. I believe the permissions cascade down. If its not set right at the top level for System Prefs in general, anything you try to set further down isn't going to work. At least thats how I understand it from awhile ago when I was looking at doing something similar.