Jamf Nation Community

Well, one way you could do it would be to create a launcher of sorts for the app in Self Service that would open it in a root context. This can be kind of dangerous though, since the app and anything it writes or does on the OS may have superuser privileges. There may be a way to get it to run with regular admin privileges, perhaps with an Applescript or something. I do know the following run from Self Service would open the app with the user as root.
Example:

/Applications/TextEdit.app/Contents/MacOS/TextEdit &

Just put that (with the full path to the MAMP executable of course) in the Run command field.

Again though, this presents a real security issue, so I would think hard about whether you really want to do this. In theory at least, the MAMP app opened in this way may be able to save or write into otherwise System protected locations, potentially even clobbering important files. I haven't really tested that , so I'm only guessing. Maybe the OS sandboxes individual functions enough that the save and open operations won't really have those elevated rights. As always, test, test and test!

Maybe someone will chime in with a way to only give the app regular 'ol admin rights instead of root.

As an aside, I dislike apps that aren't able to function without full admin rights. For some applications I completely understand it (Composer for example) For others, it just seems like poor coding on the developers part.

Edit: And as I was writing that up, andrew posted the same suggestion way before I did.

Mike, Andrew I totally agree with you reguarding this kind of apps. But as we have quite some developers that need this kind of apps we need to look into this.

Is it the admin group they need to be a part of, or do they simply need to be part of the developer group? I know with XCode the user just needs to be part of the developer group. Would that work?

On second thought, i strongly do not recommend opening the app as root. I just did a quick test with my "TextEdit" command above and see that the save and open dialogs direct to the root user home directory by default, which makes sense since its opening as root. Although the user could always navigate to their own home folder, in the sidebar it lists all the root accounts folders, such as "Desktop, Documents, Downloads, etc" NOT a good idea if you ask me.

Edit: And on third thought, I just took a peek at the MAMP app on its github site, since I'd never seen it before, and it looks to me from the description and screenshots that its used only for adjusting various web server configuration files and starting/stopping services like MySQL and Apache, etc. If that's the case and it doesn't do anything like creating or editing files with open/save type dialogs, its probably safe to open as root using the above method. I'd still test it out thoroughly though.

right, it will essentially run in the root users context, so use their plists, etc.

if you weren't concerned with that and just needed admin rights for the app for some reason, you could always do this with the self service app:

su <admin user - not root>
open /path/to/app.app &

root doesnt require a password to switch to a different user context, and switching to a regular ol/ admin will give you what you want, short of accessing the user's own home directory by default of course. And any preferences or anything will be saved to whatever admin user you choose to use, not the user that launches the app from self service.

An alternative is to provide your developers virtual machines using Parallels, VMware or VirtualBox. This keeps them sandboxed but allows them to still be administrators within that sandbox.

Of course, practicality depends on what your developers need as far as networking goes.

How about enabling commandline access to MAMP using these methods:

http://bumpslide.com/blog/2007/06/23/command-line-mamp/

And run it on a remote machine. This will allow you to grant access based on username to the remote machine without compromising the security of the users computer. Then you can grant access to the PHPMyAdmin port to give them administrative ability for MySQL

Thanks a lot for your reply.
I will have a look into some of this solutions and let you know how we might end up with.