Welcome to the MacNN Forums.

If this is your first visit, be sure to check out the FAQ by clicking the link above. You may have to register before you can post: click the register link above to proceed. To start viewing messages, select the forum that you want to visit from the selection below.

You are here: MacNN Forums > Software - Troubleshooting and Discussion > macOS > Modify 10.3 to let standard users change date, time, network settings - Help! (Long)

Modify 10.3 to let standard users change date, time, network settings - Help! (Long)
Thread Tools
Tennberg
Junior Member
Join Date: Apr 2001
Status: Offline
Reply With Quote
Jun 21, 2004, 03:01 PM
 
Hi all,

When I migrated our company's Mac users from 9 to 10.2, I was able to find a hack online that allowed standard users to modify things like date, time, and network locations. This was handy if they were traveling to a new office and needed to create a new location for that office's particular settings. Here is what I did:

I modifed the following section of the file /etc/authorization using pico:

<key>system.preferences</key>
<dict>
<key>group</key>
<string>admin</string>
<key>shared</key>
<true/>
<key>allow-root</key>
<true/>
</dict>

I changed "admin" to "staff" and saved the file. I then performed the following terminal commands:

chmod -R u=rwx,g=r,o=r /System/Library/PreferencePanes/Accounts.prefPane
chmod -R u=rwx,g=r,o=r /System/Library/PreferencePanes/Sharing.prefPane
chmod -R u=rwx,g=r,o=r /System/Library/PreferencePanes/StartupDisk.prefPane

This allowed standard users to modify date/time and network settings, but to be locked out of modifying accounts, sharing, or the startup disk.

------------------

Now, in 10.3, the file /etc/authorization has changed. I found a similar section below:

<key>system.preferences</key>
<dict>
<key>allow-root</key>
<true/>
<key>class</key>
<string>user</string>
<key>comment</key>
<string>This right is checked by the Admin framework when making changes to the system preferences.
Credentials remain valid forever.
An acquired credential is shared amongst all clients.
If the proccess that created the AuthorizationRef has uid = 0 this right will automatically be granted.</string>
<key>group</key>
<string>admin</string>
<key>mechanisms</key>
<array>
<string>builtin:authenticate</string>
</array>
<key>shared</key>
<true/>
</dict>

I changed "admin" to "staff", and saved the file. I then logged in as a regular user and tried to unlock date/time (in 10.2, it was already unlocked). When it asked me to authenticate for a user in group "staff", I entered the standard user's name and password, but was denied access.

Do you know what I might have done wrong? Is there an easier way to do this? The control panels I want regular users to access are mainly date/time and network, and want them to be locked out of things like accounts, startup disk, sharing, etc.

Thanks for any suggestions.
     
   
 
Forum Links
Forum Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Top
Privacy Policy
All times are GMT -4. The time now is 03:21 AM.
All contents of these forums © 1995-2017 MacNN. All rights reserved.
Branding + Design: www.gesamtbild.com
vBulletin v.3.8.8 © 2000-2017, Jelsoft Enterprises Ltd.,