- Jamf Nation Community
- Products
- Jamf Pro
- Re: Allow non admins to change Network preferences...
Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 12-05-2011 04:27 PM
I have a script that has been working for 10.6 that unlocks Network for non admins, but it doesn't seem to work with 10.7. Anyone have any ideas what it takes to make it work in 10.7? Below is my current script I am using for this.
Thanks!
Alan
#!/usr/bin/perl
$plbud = "/usr/libexec/PlistBuddy";
$auth = "/private/etc/authorization";
$sysprefso = `$plbud -c "print :rights:system.preferences:session-owner" $auth`;
if ($sysprefso !~ /true/) {
print"Needs authorization file modified
";
# Set system.preferences settings here
system"$plbud -c "add :rights:system.preferences:session-owner bool true" $auth";
system"$plbud -c "set :rights:system.preferences:session-owner true" $auth";
system"$plbud -c "set :rights:system.preferences:allow-root true" $auth";
system"$plbud -c "set :rights:system.preferences:comment Authenticate either as the owner or as an administrator." $auth";
print"Modified authorization file to allow non-admins to modify network settings
";
}
else {
print"authorization file already modified
";
}Solved! Go to Solution.
1 ACCEPTED SOLUTION
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 12-06-2011 11:52 AM
10.7's authorization file has much more granular control.
The keys that need changing in /etc/authorization are
<key>system.preferences</key>
&
<key>system.preferences.network</key>
Your script probably still works for the top key, but you'll need to extend it to unlock the second.
I wrote some info up here - http://mattsmacblog.wordpress.com/
It's not at the scripting level and I haven't gone into <key> vs <group> based unlocking. You can change <key>system.preferences.network</key> from the <user> class to <rule> to apply the session-owner rule if you want.
Matt
7 REPLIES 7
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 12-06-2011 11:52 AM
10.7's authorization file has much more granular control.
The keys that need changing in /etc/authorization are
<key>system.preferences</key>
&
<key>system.preferences.network</key>
Your script probably still works for the top key, but you'll need to extend it to unlock the second.
I wrote some info up here - http://mattsmacblog.wordpress.com/
It's not at the scripting level and I haven't gone into <key> vs <group> based unlocking. You can change <key>system.preferences.network</key> from the <user> class to <rule> to apply the session-owner rule if you want.
Matt
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 12-06-2011 11:58 AM
Thanks! Here is what I came up with for editing my authorization file.
I add the .plist to the file when copying because I have a couple of defaults write commands that run on the file as well.
#!/bin/bash
#Copy file to tmp location
/bin/cp -pr /etc/authorization /private/tmp/authorization.plist
# Unlock System Preferences for non admins.
/usr/libexec/PlistBuddy -c 'Set :rights:system.preferences:group staff' /private/tmp/authorization.plist
# Unlock Network Settings preference pane
/usr/libexec/PlistBuddy -c 'Set :rights:system.preferences.network:group staff' /private/tmp/authorization.plist
# Unlock Printer Preference pane
/usr/libexec/PlistBuddy -c 'Set :rights:system.preferences.printing:group staff' /private/tmp/authorization.plist
# Unlock time machine preference pane
/usr/libexec/PlistBuddy -c 'Set :rights:system.preferences.timemachine:group staff' /private/tmp/authorization.plist
# Unlock energy saver preference pane
/usr/libexec/PlistBuddy -c 'Set :rights:system.preferences.energysaver:group staff' /private/tmp/authorization.plist
# Move file back to original location
/bin/mv /private/tmp/authorization.plist /etc/authorization
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 03-22-2012 12:22 PM
Thanks for this!
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 09-11-2012 02:49 PM
Imm newbie can you tell me where to put this script to get it to work.
Thank you
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 09-11-2012 02:50 PM
Login script would work.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 10-18-2012 08:47 AM
Will this still work in 10.8 or has the authorization file changed?
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 10-18-2012 10:27 AM
It's pretty much the same, although i found that for unlocking network prefs in ML you have to modify the
system.services.systemconfiguration.network
in addition to what's mentioned above.
E.g.
/usr/libexec/PlistBuddy -c 'Set :rights:system.services.systemconfiguration.network:rule allow' /etc/authorization