ZetaWatch Authorization · 2019-10-13 00:16 by Black in ZetaWatch
The ZetaWatch helper tool uses the Security framework to authorize users before performing privileged operations. It currently supports the following permissions.
net.the-color-black.ZetaWatch.import
- allowed by default, required for importing a pool.
net.the-color-black.ZetaWatch.export
- allowed by default, required for exporting a pool.
net.the-color-black.ZetaWatch.mount
- allowed by default, required for mounting a dataset.
net.the-color-black.ZetaWatch.unmount
- allowed by default, required for unmounting a dataset.
net.the-color-black.ZetaWatch.snapshot
- allowed by default, required for creating a snapshot.
net.the-color-black.ZetaWatch.rollback
- requires admin authentication by default, required for rolling back a filesystem.
net.the-color-black.ZetaWatch.clone
- requires admin authentication by default, required for cloning a filesystem.
net.the-color-black.ZetaWatch.create
- requires admin authentication by default, required for creating a new filesystem.
net.the-color-black.ZetaWatch.destroy
- requires admin authentication by default, required for destroying a filesystem or snapshot.
net.the-color-black.ZetaWatch.key
- allowed by default, required for loading or unloading a key for a dataset. This also includes the ability to auto mount / unmount them.
net.the-color-black.ZetaWatch.scrub
- allowed by default, required for starting, stopping or pausing scrubs.
These permissions can be manipulated via the security
command line program. To inspect the current dataset creation permissions, and switching it to allow this to all users:
security authorizationdb read net.the-color-black.ZetaWatch.create security authorizationdb write net.the-color-black.ZetaWatch.create allow
Permissions include allow
, deny
or authenticate-admin
.
More detailed information about this topic can be found in the article apples documentation about AuthorizationServices and Managing the Authorization Database in OS X Mavericks