Category Archives: General

Authorization File Change Log (of sorts) & Archive

I’ve been playing with VMWare Fusion Snapshots and OS builds and have compiled a repository of original etc/authorization files incase you mess yours up.  Authorization File Archive.

And the correct permissions are: permissions

A few have asked if these posts are still valid for 10.8.x & I’d like to confirm Yes they are.  I decided to go back and look at each & compare them to find the changes throughout the OS builds in the etc/authorization files.

10.7.2 to 10.7.3  Just some new strings added in to support multiple new languages.

.

10.7.3 to 10.7.4 – A couple of new Keys were added, brief description below:

<key>com.apple.Safari.show-passwords</key> (Probably allows you to set who can see passwords in Safari)

<string>This right is used by Safari to show passwords </string>

<key>com.apple.library-repair</key>  (Probably allows you to set who can repair libraries)

<string>__APPNAME__ is trying to repair your photo library.</string>

<key>com.apple.security.assessment.update</key> (Not too sure)

<string>Modify Settings</string>

 

10.7.4 to 10.7.5 – No Changes

 

10.7.5 to 10.8 – Lots of Changes, Notes below.

<key>com.apple.AOSNotification.FindMyMac.modify</key> (To investigate) 

<key>com.apple.DiskManagement.internal.</key>

<string>Used by diskmanagementd to allow access to its privileged functions</string> (To investigate) 

<key>com.apple.SoftwareUpdate.modify-settings</key>  appears to be exactly the same as <key>system.preferences.softwareupdate</key>  but new rule of   <string>root-or-entitled-admin-or-app-specific-admin</string>  (app-specific-admin seems to be new as well)

<key>com.apple.lldb.LaunchUsingXPC</key> (This replaced a Podcast Producer key, to investigate)

<key>com.apple.opendirectoryd.linkidentity</key> (To investigate) 

<key>system.install.apple-config-data</key> (To investigate) 

<key>system.preferences.nvram</key> (To investigate) 

<key>system.services.directory.configure</key> (Is now a USER rule)

—-

New Keys (abbreviated)

<key>system.services.systemconfiguration.network</key> (Appears the same, To investigate) 

<string>For making change to network configuration via System Configuration.</string>

<key>system.volume.</key> (Not sure about this lot of volume related keys) 

<string>system.volume.(external|internal|removable).(adopt|encode|mount|rename|unmount)</string>

<key>system.volume.external.</key>

<string>system.volume.(external|internal|removable).(adopt|encode|mount|rename|unmount)</string>

<key>system.volume.external.adopt</key>

<key>system.volume.removable.</key>

<key>system.volume.removable.adopt</key>

<key>app-specific-admin</key> (New Rule type, To investigate) 

<dict>

<key>class</key>

<string>user</string>

<key>group</key>

<string>admin</string>

</dict>

 

10.8 to 10.8.1 – No Changes

 

10.8.1 to 10.8.2 - Some Changes.

<key>system.login.console</key>

<dict>

<key>class</key>

<string>evaluate-mechanisms</string>

<key>comment</key>

<string>Login mechanism based rule.  Not for general use, yet.</string>

<key>mechanisms</key>

<array>

<string>builtin:policy-banner</string>

<string>loginwindow:login</string>

<string>builtin:login-begin</string> (NEW, not sure of use)

 &

<string>builtin:login-success</string> (NEW, not sure of use)

 

———  Updated : 22 July 2013  ———-

 

10.8.2 to 10.8.4 - A few new entries

 

<key>com.apple.container-repair</key>  (Described as: __APPNAME__ needs to repair your Library to run applications)

<dict>
<key>class</key>
<string>user</string>

 

A couple of New Wifi Strings that look very useful

<key>com.apple.wifi</key>
<dict>
<key>class</key>
<string>rule</string>
<key>comment</key>
<string>For restricting WiFi control</string>
<key>k-of-n</key>
<integer>1</integer>
<key>rule</key>
<array>
<string>is-admin</string>
<string>is-root</string>
<string>default</string>
</array>
</dict>
<key>com.apple.wireless-diagnostics</key>
<dict>
<key>allow-root</key>
<true/>
<key>class</key>
<string>user</string>
<key>comment</key>
<string>Used by the WirelessDiagnosticsSupport framework to restrict XPC services provided by the wdhelper daemon</string>
<key>group</key>
<string>admin</string>
<key>shared</key>
<false/>
</dict>

Advertisements

Mac OS X Related Notes of a Mac Sys Admin

Hi All

Often I investigate things, try to solve a problem and never remember the finer details.  From now on I’m going to post them here for myself and everyone else.  Hopefully some of the info will be useful to others.