Help

Allowing non-admins to grant firewall exceptions

etippett
Contributor II

Posted on ‎06-09-2016 09:15 AM

Does anyone know of a way to allow non-admin users to grant exceptions to the application firewall without entirely opening up the Security preference pane to them? Basically when the OS prompts "Do you want to allow [application] to accept incoming connections", I want my standard users to be able to allow it. By default this requires admin credentials. I don't want them to be able to disable the firewall or access anything else that is by default locked in the Security preference pane.

Thanks,
Eric

0 Kudos
2 REPLIES 2

NoahRJ
Contributor II

Posted on ‎06-09-2016 11:22 AM

You could maybe do something like this?

#!/bin/bash

name="$(/usr/bin/osascript -e 'Tell application "System Events" to display dialog "Please drag the application you wish to add to this text box and press OK" default answer "" with title "Firewall Exception" with text buttons {"OK"} default button 1' -e 'text returned of result')"

/usr/libexec/ApplicationFirewall/socketfilterfw --add "$name"

Load that script into Self Service and have them run it when they need to add an application to the firewall. You should be able to just drag and drop from Finder to the window prompt and it'll add correctly.

0 Kudos

etippett
Contributor II

Posted on ‎06-09-2016 11:30 AM

@NoahRJ Yeah, I'd thought about something like that, but wanted to see if it was possible to modify the security authorization database or use some other method so that they can just use the prompt that's already being displayed by the OS. The other problem is they won't know where to find the app that is causing the issue in order to drag it onto the window...

Thanks,
Eric

0 Kudos