OSX:ユーティリティスクリプト(bash scripts)シリーズ-23-認証データベースの編集

5791 ワード
Security authorization 10.8 10.9 databa plistbudy
詳しくは前編を参照:OSX:認証データベースの管理(Authorization Database)
ここでは、主に使用可能なシステムの好み構成の実例を示します.
#!/bin/bash
## Set the system Authorization Database rights

## allow everyone access to system preferences itself 
security authorizationdb read system.preferences > /tmp/system.preferences.plist 
/usr/libexec/PlistBuddy -c "set group powerusers" /tmp/system.preferences.plist 
sudo security authorizationdb write system.preferences < /tmp/system.preferences.plist 

# Then, for the system.restart options.
security authorizationdb read system.restart > /tmp/system.restart.plist 
/usr/libexec/PlistBuddy -c "set class user" /tmp/system.restart.plist 
/usr/libexec/PlistBuddy -c "add allow-root bool YES" /tmp/system.restart.plist 
/usr/libexec/PlistBuddy -c "add group string everyone" /tmp/system.restart.plist 
/usr/libexec/PlistBuddy -c "set shared bool NO" /tmp/system.restart.plist 
/usr/libexec/PlistBuddy -c "delete mechanisms array" /tmp/system.restart.plist 
sudo security authorizationdb write system.restart < /tmp/system.restart.plist 

# For system.shutdown.
security authorizationdb read system.shutdown > /tmp/system.shutdown.plist 
/usr/libexec/PlistBuddy -c "set class user" /tmp/system.shutdown.plist 
/usr/libexec/PlistBuddy -c "add allow-root bool YES" /tmp/system.shutdown.plist 
/usr/libexec/PlistBuddy -c "add group string everyone" /tmp/system.shutdown.plist 
/usr/libexec/PlistBuddy -c "set shared bool NO" /tmp/system.shutdown.plist 
/usr/libexec/PlistBuddy -c "delete mechanisms array" /tmp/system.shutdown.plist 
sudo security authorizationdb write system.shutdown < /tmp/system.shutdown.plist 

# For adjusting the Time Zone.
##timezone, need to add on 10.5 and later, everyone 
/usr/libexec/PlistBuddy -c "add class string allow" /tmp/system.preferences.dateandtime.changetimezone.plist 
/usr/libexec/PlistBuddy -c "add comment string Timezones" /tmp/system.preferences.dateandtime.changetimezone.plist 
/usr/libexec/PlistBuddy -c "add shared bool YES" /tmp/system.preferences.dateandtime.changetimezone.plist 
sudo security authorizationdb write system.preferences.dateandtime.changetimezone < /tmp/system.preferences.dateandtime.changetimezone.plist 

# For print.operator.
## print operator, everyone 
security authorizationdb read system.print.operator > /tmp/print.operator.plist 
/usr/libexec/PlistBuddy -c "set group everyone" /tmp/print.operator.plist 
sudo security authorizationdb write system.print.operator < /tmp/print.operator.plist 

# For system.preferences.printing.
## printer prefpane, powerusers.  requires additional right 
security authorizationdb read system.preferences.printing > /tmp/system.preferences.printing.plist 
/usr/libexec/PlistBuddy -c "set group powerusers" /tmp/system.preferences.printing.plist 
sudo security authorizationdb write system.preferences.printing < /tmp/system.preferences.printing.plist 

## add group 'powerusers' to 'lpadmin' group 
sudo dseditgroup -o edit -a powerusers -t group lpadmin 

#For system.preferences.softwareupdate.
## software update, everyone, requires additional right 
security authorizationdb read system.preferences.softwareupdate > /tmp/system.preferences.softwareupdate.plist 
/usr/libexec/PlistBuddy -c "set group everyone" /tmp/system.preferences.softwareupdate.plist 
sudo security authorizationdb write system.preferences.softwareupdate < /tmp/system.preferences.softwareupdate.plist 

security authorizationdb read system.install.apple-software > /tmp/system.install.apple-software.plist 
/usr/libexec/PlistBuddy -c "set rule:0 allow" /tmp/system.install.apple-software.plist 
sudo security authorization write system.install.apple-software < /tmp/system.install.apple-software.plist 

security authorizationdb read com.apple.SoftwareUpdate.scan > /tmp/com.apple.SoftwareUpdate.scan.plist 
/usr/libexec/PlistBuddy -c "set rule:0 allow" /tmp/com.apple.SoftwareUpdate.scan.plist 
sudo security authorizationdb write com.apple.SoftwareUpdate.scan < /tmp/com.apple.SoftwareUpdate.scan.plist 

# For system.preferences.network.
## network preferences, powerusers, requires additional right 
security authorizationdb read system.preferences.network > /tmp/system.preferences.network.plist 
/usr/libexec/PlistBuddy -c "set group powerusers" /tmp/system.preferences.network.plist 
sudo security authorizationdb write system.preferences.network < /tmp/system.preferences.network.plist 

security authorizationdb read system.services.systemconfiguration.network > /tmp/system.services.systemconfiguration.network.plist 
/usr/libexec/PlistBuddy -c "set group powerusers" /tmp/system.services.systemconfiguration.network.plist 
sudo security authorizationdb write system.services.systemconfiguration.network < /tmp/system.services.systemconfiguration.network.plist 

# For system.preferences.energysaver
security authorizationdb read system.preferences.energysaver > /tmp/system.preferences.energysaver.plist 
/usr/libexec/PlistBuddy -c "set group powerusers" /tmp/system.preferences.energysaver.plist 
sudo security authorizationdb write system.preferences.energysaver < /tmp/system.preferences.energysaver.plist 

# For system.preferences.timemachine.
## time machine, powerusers 
security authorizationdb read system.preferences.timemachine > /tmp/system.preferences.timemachine.plist 
/usr/libexec/PlistBuddy -c "set group powerusers" /tmp/system.preferences.timemachine.plist 
sudo security authorizationdb write system.preferences.timemachine < /tmp/system.preferences.timemachine.plist
[TIL#20]Javascript-3(Array配列)
dockerのcentosはsshdサービスを開始する方法