Blog Archives

Authorization File Change Log (of sorts) & Archive

I’ve been playing with VMWare Fusion Snapshots and OS builds and have compiled a repository of original etc/authorization files incase you mess yours up.  Authorization File Archive.

And the correct permissions are: permissions

A few have asked if these posts are still valid for 10.8.x & I’d like to confirm Yes they are.  I decided to go back and look at each & compare them to find the changes throughout the OS builds in the etc/authorization files.

10.7.2 to 10.7.3  Just some new strings added in to support multiple new languages.

.

10.7.3 to 10.7.4 – A couple of new Keys were added, brief description below:

<key>com.apple.Safari.show-passwords</key> (Probably allows you to set who can see passwords in Safari)

<string>This right is used by Safari to show passwords </string>

<key>com.apple.library-repair</key>  (Probably allows you to set who can repair libraries)

<string>__APPNAME__ is trying to repair your photo library.</string>

<key>com.apple.security.assessment.update</key> (Not too sure)

<string>Modify Settings</string>

 

10.7.4 to 10.7.5 – No Changes

 

10.7.5 to 10.8 – Lots of Changes, Notes below.

<key>com.apple.AOSNotification.FindMyMac.modify</key> (To investigate) 

<key>com.apple.DiskManagement.internal.</key>

<string>Used by diskmanagementd to allow access to its privileged functions</string> (To investigate) 

<key>com.apple.SoftwareUpdate.modify-settings</key>  appears to be exactly the same as <key>system.preferences.softwareupdate</key>  but new rule of   <string>root-or-entitled-admin-or-app-specific-admin</string>  (app-specific-admin seems to be new as well)

<key>com.apple.lldb.LaunchUsingXPC</key> (This replaced a Podcast Producer key, to investigate)

<key>com.apple.opendirectoryd.linkidentity</key> (To investigate) 

<key>system.install.apple-config-data</key> (To investigate) 

<key>system.preferences.nvram</key> (To investigate) 

<key>system.services.directory.configure</key> (Is now a USER rule)

—-

New Keys (abbreviated)

<key>system.services.systemconfiguration.network</key> (Appears the same, To investigate) 

<string>For making change to network configuration via System Configuration.</string>

<key>system.volume.</key> (Not sure about this lot of volume related keys) 

<string>system.volume.(external|internal|removable).(adopt|encode|mount|rename|unmount)</string>

<key>system.volume.external.</key>

<string>system.volume.(external|internal|removable).(adopt|encode|mount|rename|unmount)</string>

<key>system.volume.external.adopt</key>

<key>system.volume.removable.</key>

<key>system.volume.removable.adopt</key>

<key>app-specific-admin</key> (New Rule type, To investigate) 

<dict>

<key>class</key>

<string>user</string>

<key>group</key>

<string>admin</string>

</dict>

 

10.8 to 10.8.1 – No Changes

 

10.8.1 to 10.8.2 - Some Changes.

<key>system.login.console</key>

<dict>

<key>class</key>

<string>evaluate-mechanisms</string>

<key>comment</key>

<string>Login mechanism based rule.  Not for general use, yet.</string>

<key>mechanisms</key>

<array>

<string>builtin:policy-banner</string>

<string>loginwindow:login</string>

<string>builtin:login-begin</string> (NEW, not sure of use)

 &

<string>builtin:login-success</string> (NEW, not sure of use)

 

———  Updated : 22 July 2013  ———-

 

10.8.2 to 10.8.4 - A few new entries

 

<key>com.apple.container-repair</key>  (Described as: __APPNAME__ needs to repair your Library to run applications)

<dict>
<key>class</key>
<string>user</string>

 

A couple of New Wifi Strings that look very useful

<key>com.apple.wifi</key>
<dict>
<key>class</key>
<string>rule</string>
<key>comment</key>
<string>For restricting WiFi control</string>
<key>k-of-n</key>
<integer>1</integer>
<key>rule</key>
<array>
<string>is-admin</string>
<string>is-root</string>
<string>default</string>
</array>
</dict>
<key>com.apple.wireless-diagnostics</key>
<dict>
<key>allow-root</key>
<true/>
<key>class</key>
<string>user</string>
<key>comment</key>
<string>Used by the WirelessDiagnosticsSupport framework to restrict XPC services provided by the wdhelper daemon</string>
<key>group</key>
<string>admin</string>
<key>shared</key>
<false/>
</dict>