ZetaWatch Authorization · 2019-10-13 00:16 by Black in ZetaWatch

The ZetaWatch helper tool uses the Security framework to authorize users before performing privileged operations. It currently supports the following permissions.

net.the-color-black.ZetaWatch.import

allowed by default, required for importing a pool.

net.the-color-black.ZetaWatch.export

allowed by default, required for exporting a pool.

net.the-color-black.ZetaWatch.mount

allowed by default, required for mounting a dataset.

net.the-color-black.ZetaWatch.unmount

allowed by default, required for unmounting a dataset.

net.the-color-black.ZetaWatch.snapshot

allowed by default, required for creating a snapshot.

net.the-color-black.ZetaWatch.rollback

requires admin authentication by default, required for rolling back a filesystem.

net.the-color-black.ZetaWatch.clone

requires admin authentication by default, required for cloning a filesystem.

net.the-color-black.ZetaWatch.create

requires admin authentication by default, required for creating a new filesystem.

net.the-color-black.ZetaWatch.destroy

requires admin authentication by default, required for destroying a filesystem or snapshot.

net.the-color-black.ZetaWatch.key

allowed by default, required for loading or unloading a key for a dataset. This also includes the ability to auto mount / unmount them.

net.the-color-black.ZetaWatch.scrub

allowed by default, required for starting, stopping or pausing scrubs.

These permissions can be manipulated via the security command line program. To inspect the current dataset creation permissions, and switching it to allow this to all users:

security authorizationdb read net.the-color-black.ZetaWatch.create
security authorizationdb write net.the-color-black.ZetaWatch.create allow

Permissions include allow, deny or authenticate-admin.

More detailed information about this topic can be found in the article apples documentation about AuthorizationServices and Managing the Authorization Database in OS X Mavericks