A CLI tool to switch admin privileges for macOS. This is inspired from SAP's Privileges app https://github.com/SAP/macOS-enterprise-privileges.
This repository contains a CLI only tool to switch/toggle admin privileges.
This repository's goals are as follows:
- CLI tool should run in user context,
- Privilege operations should happen via XPC Mach service daemon,
- The code should be fully in Swift,
- Use Apple's new Argument Parser library,
- Use Apple's swift-log for logging
- XPC in high privilege should be secure. Audit token check from https://github.com/securing/SimpleXPCApp has been implemented.
- Add Apple's collaboration framework to XPC daemon and check if its daemon safe,
- In client, add Apple's argument parser Swift package to parse CLI arguments,
- Test the functionality
- Automated build, install and uninstall
- Add security to XPC daemon
- Toggle for 'n' minutes like in SAP's app.
Build both XPC helper and privileges CLI tool.
- To build the tool: ./build.sh build
- To install the tool: sudo ./build.sh install
- Fot help after installing : privilege --help
- To remove admin privilege for an user: privilege --user Test --admin false
- To get admin rights for an user: privilege --user Test --admin true
- Security check for XPC in file ConnectionVerifier.swift should be replaced with relevant code sign information.
- This tool can be extended to other privlege operations while staying as user,
- Some way to restrict only a set of users with some form of authorization (like password etc.) to be able to use this tool. This will be helpful when this tool is deployed in a managed environment.
Contributions are welcome.