pmd

Name

uk.co.dssw.powermanager.pmd — daemon and authorization rights tool.

Synopsis

uk.co.dssw.powermanager.pmd [-h] [-n unique name] [-m { install list remove repair test } ] [-v] [-x]

Description

pmd is the daemon process for Power Manager.

pmd supports commands for setting up, altering, and removing the required Power Manager authorisation rights.

Authorisation rights are used by Power Manager to enforce which local requests are available to which local users. Authorisation rights provides fine grained control over who can and can not affect Power Manager’s schedule.

pmd must be run as the super user, root. Only root has the ability to alter the authorisation rights store. Other users can view rights and test their own rights, but non-root users can not make alterations.

pmd is used during both installation and removal of Power Manager. pmd is used to set up the rights needed by Power Manager. On removal, pmd is used to remove any previously set up rights.

Authorisation Rights

Power Manager defaults to using two kinds of rights: universal and administrator rights.

Universal rights allow any user to issue the related request. These requests typically provide information but do not change Power Manager’s workings. A universal right might be applied to the scheduler.events request; this would allow any local user to see the events available to Power Manager’s scheduler.

Administrator rights restrict requests to users in the administrator group. These requests typically alter Power Manager’s state by adding or removing events. An administrator right might be applied to the scheduler.remove request; this would restrict who can remove events to administrators. A non-administrator user’s request to scheduler.remove would be refused.

To control which requests map to the administrator and universal authorisation rights, see the authorisation object.

Previous versions of Power Manager used a right for each request. This behaviour was changed after v4.1.6 to bring authorisation management into the daemon process. Legacy rights are automatically removed by the repair and removal command line options.

Additional Rights

Power Manager delegates authorisation to macOS’s security framework. Because of that delegation, you have the ability to fine tune the rights used by Power Manager.

pmd provides a means of altering the authorisation rights store provided by macOS. pmd does not expose the full capabilities of macOS’s authorisation rights implementation. Instead pmd provides enough for all but the most advanced environments.

If you need more control over who can and can not interact with Power Manager, take a look at Apple’s system adminstrator documentation on authorisation rights and in particular editing the file: /etc/authorization (OS X 10.8 and earlier) or /var/db/auth.db (OS X 10.9 and later)

Examples

sudo ./pmd -m install

Add the default rights. If a matching right already exists, the original right is removed and the default is inserted.

sudo ./pmd -m remove

Remove the default rights.

./pmd -m list

Lists the default rights and state. The list is provided in a comma separated format. The columns are name and state of the right.

To help flag potential problems, if the default right and the installed right differ, the row begins with a star.

sudo ./pmd -m repair

Repairs the rights needed by pmd. If a right is missing, the default right is installed. If a legacy right is installed, it is removed.

./pmd -m test

Determine what rights the current user has. Prints a summary of each right and the user’s ability to make the associated request.

Files

Power Manager.app/Contents/Library/LaunchDaemons/uk.co.dssw.powermanager.pmd