This repo is archived and the latest tool has been moved to https://github.com/Nikhil0487/privileges-CLI
A CLI tool to switch admin privileges for macOS. This is inspired from SAP's Privileges app.
This repository aims to build a CLI only tool to switch/toggle admin privileges.
This repository's goals are as follows:
- CLI tool should run in user context,
- Privilege operations should happen via XPC Mach service daemon,
- The code should be fully in Swift,
- Use Apple's new Argument Parser library,
Proposed design:
- Build a package with user CLI and XPC daemon,
- Installing the package will start the deamon and install the CLI tool,
- When the CLI is invoked, CLI asks XPC to do appropriate privilege change to the currently logged in user,
- Uninstallation can also be done in user privilege if possible and make XPC to shut down itself
- Add Apple's collaboration framework to XPC daemon and check if its daemon safe,
- In client, add Apple's argument parser Swift package to parse CLI arguments,
- Test the functionality
- Package it in PKG format
- Add security to XPC daemon
- Add toggle option for specified duration to the admin privilege change
Build both XPC helper and privileges CLI tool.
- Copy the com.privilge.helper XCP to /Library/PrivilegeHelper directory,
- Load the XPC daemon plist,
./privilege --user "username" --admin true
- This tool can be extended to other privlege operations while staying as user,
- Some way to restrict only a set of users with some form of authorization (like password, codesign etc.) to be able to use this tool. This will be helpful when this tool is deployed in a managed environment.
Contributions are welcome.