authbuddy

authbuddy helps you add and remove rights from Mac OS X’s /var/db/auth.db file. authbuddy makes is easy and safe to edit this important file. The /var/db/auth.db file controls who has what rights on Mac OS X.

authbuddy is designed for system administrators but may be used, with care, by any Mac OS X user.

Set and Remove Rights

authbuddy offers an easy way to manage the rights within Mac OS X’s /var/db/auth.db file.

Hand editing /var/db/auth.db or /etc/authorization is risky. Damaging the file can leave your Mac open to abuse and unstable.

authbuddy does not directly edit either /etc/authorization or /var/db/auth.db, but instead goes through Apple’s supported Authorization API.

authbuddy provides a command line interface for setting and removing rights. authbuddy can quickly set two types of right: universal and administrator:

• A universal right can be accessed by any user.
• An administrator right can be accessed only by a confirmed user with administrator credentials.

Customise rights can be set by providing a path to a property list encoded dictionary.

Rights in OS X

A complete list of rights is available on Mac OS X 10.5 and later is available in our authorization rights reference.

Using authbuddy

authbuddy is provided as both a standalone executable and as an Installer package. Once installed the authbuddy binary is available from /usr/local/bin.

Get a Right

A right is fetched using the following format of command. In this case, authbuddy will get the right for uk.co.dssw.powermanager.scheduler.adjust.

bash$ /usr/local/bin/authbuddy get 'uk.co.dssw.powermanager.scheduler.adjust'

Set a Right

A right is set using the following format of command. In this case, authbuddy will insert a universal class of right for uk.co.dssw.powermanager.scheduler.adjust.

bash$ /usr/local/bin/authbuddy set 'uk.co.dssw.powermanager.scheduler.adjust' universal

authbuddy can set administrator and universal rights using built-in values. An external right dictionary can be provided to set customised rights.

Remove a Right

A right is removed using the following format of command. In this case, authbuddy will completely the right for uk.co.dssw.powermanager.scheduler.cancel.

bash$ /usr/local/bin/authbuddy remove 'uk.co.dssw.powermanager.scheduler.cancel'

Notes

Before using authbuddy or changing your authorization file, be sure to have a back up.

When using authbuddy within a shell script, be sure to use sudo to avoid the authentication user interface associated with changing existing rights.

The great majority of Mac OS X users will not need authbuddy, nor will they need to alter their authorization file. authbuddy has been created to help those few that do need this ability.