How to Allow Non-Administrators to Run On-Demand Events

You may want to provide non-administrator colleagues with the ability to trigger on-demand events. This can be particularly useful where an event is used to perform back ups or run a script requiring elevated privileges. Let's look at how to ease this security requirement.

Power Manager lets you create on-demand events. These are events that can be manually triggered at any time. On-demand events appear in Power Manager’s status menu bar.

Power Manager’s on-demand events appear in the status menu bar

Update: This recipe applies to Power Manager 4.1.6 and earlier. See Triggering On-Demand Events for Non-Administrators for the latest recipe.

By default, Power Manager’s on-demand events can only be triggered by administrator users. Triggering an on-demand event requires administrator rights, or for an administrator to provide their security credentials - name and password.

You may want to provide non-administrator colleagues with the ability to trigger on-demand events. This can be particularly useful where an event is used to perform back ups or run a script requiring elevated privileges.

Let’s look at how to ease this security requirement.

Power Manager’s local security works with Mac OS X’s authorisation rights store. This store of authorisation rights is located at /etc/authorization and, as a general rule, this file is best left alone. The file contains the authorisation rights for your Mac and editing mistakes can leave your Mac needing expert assistance to restore.

To help you safely edit Power Manager’s authorisation rights we created a command line tool called pmrights. pmrights is included as standard with Power Manager.

pmrights provides a safe means of editing Power Manager’s section of /etc/authorization. With pmrights you can install, alter, and remove the rights needed by Power Manager. You still need to be careful, and be an administrator, but pmrights helps to ensure you avoid damaging this critical file.

Triggering an on-demand event requires the right ondemand.perform. By default, this right is provided only to administrators.

For non-administrators to trigger an on-demand event, they will need the ondemand.perform right. We need to tell pmrights to change the ondemand.perform right from administrator to universal. The following steps walk through this process.

How to Change the Authorisation Right

  1. Launch the Terminal.app utility:

    Applications > Utilities > Terminal.app

    Apple’s Terminal.app

  2. In Terminal.app, type the following command on a single line:

    "/Library/Application Support/Power Manager/Tools/pmrights" set universal ondemand.perform
    

    You can also copy and paste this line to avoid making mistakes.

    Type the command as one line into Terminal.app

  3. Press the Return key on your keyboard.

  4. Confirm you are an administrator.

    Confirm you are an administrator

    The right has been updated successfully

The change has been made. Non-administrator users using your Mac will now be able to trigger Power Manager’s on-demand events.

To learn more about pmrights, including how to list all the available rights, see the pmrights manual page.