Go to content Go to navigation

ZetaWatch Authorization · 2019-10-13 00:16 by Black in

The ZetaWatch helper tool uses the Security framework to authorize users before performing privileged operations. It currently supports the following permissions.

net.the-color-black.ZetaWatch.import
allowed by default, required for importing a pool.
net.the-color-black.ZetaWatch.export
allowed by default, required for exporting a pool.
net.the-color-black.ZetaWatch.mount
allowed by default, required for mounting a dataset.
net.the-color-black.ZetaWatch.unmount
allowed by default, required for unmounting a dataset.
net.the-color-black.ZetaWatch.snapshot
allowed by default, required for creating a snapshot.
net.the-color-black.ZetaWatch.rollback
requires admin authentication by default, required for rolling back a filesystem.
net.the-color-black.ZetaWatch.clone
requires admin authentication by default, required for cloning a filesystem.
net.the-color-black.ZetaWatch.create
requires admin authentication by default, required for creating a new filesystem.
net.the-color-black.ZetaWatch.destroy
requires admin authentication by default, required for destroying a filesystem or snapshot.
net.the-color-black.ZetaWatch.key
allowed by default, required for loading or unloading a key for a dataset. This also includes the ability to auto mount / unmount them.
net.the-color-black.ZetaWatch.scrub
allowed by default, required for starting, stopping or pausing scrubs.

These permissions can be manipulated via the security command line program. To inspect the current dataset creation permissions, and switching it to allow this to all users:

security authorizationdb read net.the-color-black.ZetaWatch.create
security authorizationdb write net.the-color-black.ZetaWatch.create allow

Permissions include allow, deny or authenticate-admin.

More detailed information about this topic can be found in the article apples documentation about AuthorizationServices and Managing the Authorization Database in OS X Mavericks

  Textile help