详细解释见上一篇:OSX: 管理认证数据库(Authorization Database)
这里主要是贴出可以使用的系统偏好配置的一个真实例子:
#!/bin/bash ## Set the system Authorization Database rights ## allow everyone access to system preferences itself security authorizationdb read system.preferences > /tmp/system.preferences.plist /usr/libexec/PlistBuddy -c "set group powerusers" /tmp/system.preferences.plist sudo security authorizationdb write system.preferences < /tmp/system.preferences.plist # Then, for the system.restart options. security authorizationdb read system.restart > /tmp/system.restart.plist /usr/libexec/PlistBuddy -c "set class user" /tmp/system.restart.plist /usr/libexec/PlistBuddy -c "add allow-root bool YES" /tmp/system.restart.plist /usr/libexec/PlistBuddy -c "add group string everyone" /tmp/system.restart.plist /usr/libexec/PlistBuddy -c "set shared bool NO" /tmp/system.restart.plist /usr/libexec/PlistBuddy -c "delete mechanisms array" /tmp/system.restart.plist sudo security authorizationdb write system.restart < /tmp/system.restart.plist # For system.shutdown. security authorizationdb read system.shutdown > /tmp/system.shutdown.plist /usr/libexec/PlistBuddy -c "set class user" /tmp/system.shutdown.plist /usr/libexec/PlistBuddy -c "add allow-root bool YES" /tmp/system.shutdown.plist /usr/libexec/PlistBuddy -c "add group string everyone" /tmp/system.shutdown.plist /usr/libexec/PlistBuddy -c "set shared bool NO" /tmp/system.shutdown.plist /usr/libexec/PlistBuddy -c "delete mechanisms array" /tmp/system.shutdown.plist sudo security authorizationdb write system.shutdown < /tmp/system.shutdown.plist # For adjusting the Time Zone. ##timezone, need to add on 10.5 and later, everyone /usr/libexec/PlistBuddy -c "add class string allow" /tmp/system.preferences.dateandtime.changetimezone.plist /usr/libexec/PlistBuddy -c "add comment string Timezones" /tmp/system.preferences.dateandtime.changetimezone.plist /usr/libexec/PlistBuddy -c "add shared bool YES" /tmp/system.preferences.dateandtime.changetimezone.plist sudo security authorizationdb write system.preferences.dateandtime.changetimezone < /tmp/system.preferences.dateandtime.changetimezone.plist # For print.operator. ## print operator, everyone security authorizationdb read system.print.operator > /tmp/print.operator.plist /usr/libexec/PlistBuddy -c "set group everyone" /tmp/print.operator.plist sudo security authorizationdb write system.print.operator < /tmp/print.operator.plist # For system.preferences.printing. ## printer prefpane, powerusers. requires additional right security authorizationdb read system.preferences.printing > /tmp/system.preferences.printing.plist /usr/libexec/PlistBuddy -c "set group powerusers" /tmp/system.preferences.printing.plist sudo security authorizationdb write system.preferences.printing < /tmp/system.preferences.printing.plist ## add group ‘powerusers‘ to ‘lpadmin‘ group sudo dseditgroup -o edit -a powerusers -t group lpadmin #For system.preferences.softwareupdate. ## software update, everyone, requires additional right security authorizationdb read system.preferences.softwareupdate > /tmp/system.preferences.softwareupdate.plist /usr/libexec/PlistBuddy -c "set group everyone" /tmp/system.preferences.softwareupdate.plist sudo security authorizationdb write system.preferences.softwareupdate < /tmp/system.preferences.softwareupdate.plist security authorizationdb read system.install.apple-software > /tmp/system.install.apple-software.plist /usr/libexec/PlistBuddy -c "set rule:0 allow" /tmp/system.install.apple-software.plist sudo security authorization write system.install.apple-software < /tmp/system.install.apple-software.plist security authorizationdb read com.apple.SoftwareUpdate.scan > /tmp/com.apple.SoftwareUpdate.scan.plist /usr/libexec/PlistBuddy -c "set rule:0 allow" /tmp/com.apple.SoftwareUpdate.scan.plist sudo security authorizationdb write com.apple.SoftwareUpdate.scan < /tmp/com.apple.SoftwareUpdate.scan.plist # For system.preferences.network. ## network preferences, powerusers, requires additional right security authorizationdb read system.preferences.network > /tmp/system.preferences.network.plist /usr/libexec/PlistBuddy -c "set group powerusers" /tmp/system.preferences.network.plist sudo security authorizationdb write system.preferences.network < /tmp/system.preferences.network.plist security authorizationdb read system.services.systemconfiguration.network > /tmp/system.services.systemconfiguration.network.plist /usr/libexec/PlistBuddy -c "set group powerusers" /tmp/system.services.systemconfiguration.network.plist sudo security authorizationdb write system.services.systemconfiguration.network < /tmp/system.services.systemconfiguration.network.plist # For system.preferences.energysaver security authorizationdb read system.preferences.energysaver > /tmp/system.preferences.energysaver.plist /usr/libexec/PlistBuddy -c "set group powerusers" /tmp/system.preferences.energysaver.plist sudo security authorizationdb write system.preferences.energysaver < /tmp/system.preferences.energysaver.plist # For system.preferences.timemachine. ## time machine, powerusers security authorizationdb read system.preferences.timemachine > /tmp/system.preferences.timemachine.plist /usr/libexec/PlistBuddy -c "set group powerusers" /tmp/system.preferences.timemachine.plist sudo security authorizationdb write system.preferences.timemachine < /tmp/system.preferences.timemachine.plist