You cannot create an Applescript that runs as root, at least not one that a non admin user double clicks to run. Install unapproved applications, remove Configuration Profiles, make changes to various protected locations on the OS (El Capitan's SIP protection not withstanding) While its not the same as giving them full admin rights, the sky is kind of the limit on what they can do with that. If they figure out which local script file the LaunchDaemon is using as its program, they can simply make their own edits to it, and have the LaunchDaemon do their bidding. If not, you may as well be handing over admin rights to some of your more technically savvy users, if you have any. While the above would work, I can tell you that this is pretty dangerous unless you take some precautions to make sure the end users cannot see a) which local file is being changed, b) what the local script or app they run is piping into the script to be run by the LaunchDaemon (a run only Applescript perhaps?) and c) that you make sure after the LaunchDaemon runs the script, it empties the contents of the WatchPath script file. When it sees the change to the file, it will fire the launchd job, and run the script, but with root privileges. The LaunchDaemon can be using the script file itself as its Program to run. app that would pipe the contents of the script or scripts you want them to be able to run, into the file being watched by the LaunchDaemon. You can then create either a local script or. The script file can be something in a normally writable location that the user would have rights to make changes to, such as /Users/Shared/. The only thing I can come up with would be to create and deploy a LaunchDaemon that uses a WatchPath script file. No admin rights, no Self Service to elevate rights, but you want them to be able to run scripts with admin or root privileges? The OS simply doesn't work this way, generally speaking.
0 Comments
Leave a Reply. |
Details
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |