Name

pmrights — authorisation rights tool.

Description

pmrights is a tool for setting up, altering, and removing Power Manager authorisation rights.

Authorisation rights are used by Power Manager to enforce which local requests are available to which local users. Authorisation rights provides fine grained control over who can and can not affect Power Manager's schedule.

pmrights must be run as the super user, root. Only root has the ability to alter the authorisation rights store. Other users can view rights and test their own rights, but non-root users can not make alterations.

pmrights is used during both installation and removal of Power Manager. pmrights is responsible for setting up the rights needed by Power Manager. On removal, pmrights is responsible for removing any previously set up rights.

Available Rights

There are two kinds of rights: universal and adminstrator rights.

Universal rights allow any user to issue the related request. These requests typically provide information but do not change Power Manager's workings. A universal right might be applied to the scheduler.events request; this would allow any local user to see the events available to Power Manager's scheduler.

Administrator rights restrict requests to users in the administrator group. These requests typically alter Power Manager's state by adding or removing events. An administrator right might be applied to the scheduler.remove request; this would restrict who can remove events to administrators. A non-administrator user's request to scheduler.remove would be refused.

Additional Rights

Power Manager delegates authorisation to Mac OS X's security framework. Because of that delegation, you have the ability to fine tune the rights used by Power Manager.

pmrights is an easy means of altering the authorisation rights store provided by Mac OS X. pmrights does not expose the full capabilities of Mac OS X's authorisation rights implementation. Instead pmrights provides enough for all but the most advanced environments.

If you need more control over who can and can not interact with Power Manager, take a look at Apple's system adminstrator documentation on authorisation rights and in particular editing the file: /etc/authorization

Examples

bash$ sudo ./pmrights install

Add the default rights. If a matching right already exists, the original right is removed and the default is inserted.

bash$ sudo ./pmrights remove

Remove the default rights.

bash$ ./pmrights list

Lists the default rights and state. The list is provided in a comma separated format. The columns are name, default right, and installed right.

To help flag potential problems, if the default right and the installed right differ, the row begins with a star.

bash$ ./pmrights test

Determine what rights the current user has. Prints a summary of each right and the user's ability to make the associated request.

bash$ sudo ./pmrights set universal scheduler.remove

Sets the scheduler.remove right to universal. If no matching right existed, the right is inserted. Any local user can now remove events.

bash$ sudo ./pmrights set administrator scheduler.events

Sets the scheduler.events right to administrator. If no matching right existed, the right is inserted. Only administrators can see the scheduler's events.

Files

Power Manager/Tools/pmrights
Prev  Up  Next
pmnotify.app  Home  pmuli

About Power Manager

Power Manager is a complete energy saving and automation solution for Mac OS X. This guide, Power Manager: Developer, is part of DssW Power Manager.

With Power Manager, you will save time, energy, and money.

Power Manager Guides >
Power Manager: Developer >
API Overview >
Supporting Agents, Daemons, and Utilities >
pmrights

Use and Privacy Policies - support@dssw.co.uk - http://www.dssw.co.uk

Dragon Systems Software Limited, 3rd Floor Suite, 41-43 Broad Street, Hereford, HR4 9AR, United Kingdom

Copyright © 1997 – 2011 Dragon Systems Software Limited (DssW). All rights reserved.