- Jamf Nation Community
- Products
- Jamf Pro
- Application admin rights
Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
Application admin rights
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 02-13-2013 01:38 PM
Does anyone know if it's possible to give an application elevated access rights? I think it "might" be possible through manipulation of /etc/authorization but i've no clue as to how!
I ask because i'm investigating an issue where we need field techs to be able to colour calibrate screens for any AD user that logs on rather than a specific local user as they have been doing.
7 REPLIES 7
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 02-13-2013 01:42 PM
Open the app as root from Self Service perhaps? The same idea was discussed in another thread regarding MAMP and admin access.
You might be able to do it by editing /etc/authorization, but its not that easy. It would, i think, involve adding additional rules, not just changing one of the existing ones.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 02-13-2013 01:43 PM
Now why didn't I think of that? ;)
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 02-14-2013 07:43 AM
I really should check before posting but I remember there being many issues with allowing caspers root privs to run applications. You can still launch apps from casper, though I think the recommendation was write a script to launch the app using SU to grant admin privileges to the user as opposed to running it as root. If I have a moment to find the thread I'll post it here. It was rather recent.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 02-14-2013 07:45 AM
Don't worry about it. Turns out the easiest way of dealing with this was (in this case only) to put an ACL on /Library/ColorSync/Profiles that allows access to a standard AD user. Adding profiles to that folder was the only admin rights related task, and no longer requires it.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 02-14-2013 07:46 AM
This has been an issue my team has been working on for weeks now, if anyone could find that thread please be sure to repost here.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 02-14-2013 08:55 AM
Here's the thread i was thinking of. It's not as conclusive as I thought but it's going in the proper direction:
https://jamfnation.jamfsoftware.com/discussion.html?id=6508
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 02-14-2013 09:21 AM
That's the thread I was referring to as well, which I was participating in. The main difference I see here is the thread referenced was regarding regular non IT users, while in the case above it seems these would be techs using the app for a specific purpose. But true, same warnings apply about giving apps root privs. Could be disastrous if not used carefully.
Anyway, looks like franton found a better solution with ACL changes.
