OSX: 管理认证数据库(Authorization Database)

2022-06-30 15:42:01

在10.9之前，管理员为了达到管理系统级的用户管理，比如打印机权限, 普通用户管理System Prefereces等等选项，需要编辑/etc/authorization，它实际上是符合plist格式的XML文件。到了10.9之后，这个文件不见了，你会发现只存在一个叫authorization.deprecated的文件, 从文件名可以看出，它不再被使用了。

实际上的改动是，它的元文件被移动到了/System/Library/Security/文件夹下面了，而securityd系统进程，根据元文件会生成一个运行时文件叫/var/db/auth.db的SQLite3格式的文件，securityd使用这个auth.db文件进行系统的认证。这样，原来对/etc/authorization修改的程序／脚本不再适用于10.9。所以，需要适用/usr/bin/security命令来进行变更了。

其实Apple早在10.5的时候就已经引进了Security命令，但是因为缺乏文档和实际使用原驱动-可以使用原来证明成功而简单直观的方法，所以没有被广泛地使用。到了10.9，应该使用和熟悉它了。

基本的使用：

security authorizationdb read system.preferences.energysaver

它显示energysaver的用户权限配置。重点在于其中的一个值：

<key>group</key>
<string>admin</string>

这个说明只有admin组的用户才可以变动，使用下面的python程序可以改变之（源于Graham Gillbert）：

#!/usr/bin/env python

import subprocess
import sys
import plistlib

# Group System Preferences should be opened to
group = ‘everyone‘

command = [‘/usr/bin/security‘, ‘authorizationdb‘, ‘read‘, ‘system.preferences.energysaver‘]

task = subprocess.Popen(command, stdout=subprocess.PIPE, stderr=subprocess.PIPE)
(out, err) = task.communicate()
formatted = plistlib.readPlistFromString(out)

# If the group doesn‘t match, we‘re going to correct it.
if formatted[‘group‘] != group:
    #input_plist = {}
    formatted[‘group‘] = group
    # Convert back to plist
    input_plist = plistlib.writePlistToString(formatted)
    # Write the plist back to the authorizationdb
    command = [‘/usr/bin/security‘, ‘authorizationdb‘, ‘write‘, ‘system.preferences.energysaver‘]
    task = subprocess.Popen(command, stdin=subprocess.PIPE, stdout=subprocess.PIPE, stderr=subprocess.PIPE)
    (out, err) = task.communicate(input=input_plist)

或者如果你有自己的Plist的多行XML格式的配置文件运行类似下面的命令，这个命令恢复system.preferences.energysaver到10.8.5的默认值：

sudo security authorizationdb write system.preferences.energysaver <<EOF
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>allow-root</key>
<true/>
<key>class</key>
<string>user</string>
<key>comment</key>
<string>Checked by the Admin framework when making changes to the Energy Saver preference pane.</string>
<key>default-button</key>
<dict>
<key>ar</key>
<string>??? ?????</string>
<key>ca</key>
<string>Desbloquejar</string>
<key>cs</key>
<string>Odemknout</string>
<key>da</key>
<string>L?s op</string>
<key>de</key>
<string>Entsperren</string>
<key>el</key>
<string>Ξεκλε?δωμα</string>
<key>en</key>
<string>Unlock</string>
<key>es</key>
<string>Desbloquear</string>
<key>fi</key>
<string>Avaa</string>
<key>fr</key>
<string>Déverrouiller</string>
<key>he</key>
<string>???/? ?? ??????</string>
<key>hr</key>
<string>Otklju?aj</string>
<key>hu</key>
<string>Feloldás</string>
<key>it</key>
<string>Sblocca</string>
<key>ja</key>
<string>ロック解除</string>
<key>ko</key>
<string>?? ??</string>
<key>nb</key>
<string>L?s opp</string>
<key>nl</key>
<string>Ontgrendel</string>
<key>pl</key>
<string>Odblokuj</string>
<key>pt</key>
<string>Desbloquear</string>
<key>pt-PT</key>
<string>Desproteger</string>
<key>ro</key>
<string>Deblocheaz?</string>
<key>ru</key>
<string>Снять защиту</string>
<key>sk</key>
<string>Odomknú?</string>
<key>sv</key>
<string>L?s upp</string>
<key>th</key>
<string>???????</string>
<key>tr</key>
<string>Kilidi A?</string>
<key>uk</key>
<string>В?д?мкнути</string>
<key>zh-Hans</key>
<string>解锁</string>
<key>zh-Hant</key>
<string>解鎖</string>
</dict>
<key>default-prompt</key>
<dict>
<key>ar</key>
<string>_????? __APPNAME__ ??? ??? ??????? ???? ??????.</string>
<key>ca</key>
<string>__APPNAME__ està intentant desbloquejar el tauler de preferències Economitzador.</string>
<key>cs</key>
<string>__APPNAME__ se pokou?í odemknout p?edvolby úspora energie.</string>
<key>da</key>
<string>__APPNAME__ pr?ver at l?se vinduet Energibesparelse op.</string>
<key>de</key>
<string>__APPNAME__ versucht, die Systemeinstellung ?Energie sparen“ zu entsperren.</string>
<key>el</key>
<string>Η εφαρμογ? __APPNAME__ προσπαθε? να ξεκλειδ?σει τι? προτιμ?σει? εξοικον?μηση? εν?ργεια?.</string>
<key>en</key>
<string>__APPNAME__ is trying to unlock the Energy Saver preferences.</string>
<key>es</key>
<string>__APPNAME__ está intentando desbloquear el panel de preferencias Economizador.</string>
<key>fi</key>
<string>__APPNAME__ yritt?? avata Energians??st?j?-asetuksia.</string>
<key>fr</key>
<string>__APPNAME__ essaie de déverrouiller les préférences économiseur d’énergie.</string>
<key>he</key>
<string>? __APPNAME__? ???? ???? ?? ?????? ?? ?????? ?????? ????????.</string>
<key>hr</key>
<string>__APPNAME__ poku?ava otklju?ati postavke ?tednja energije.</string>
<key>hu</key>
<string>A(z) __APPNAME__ megpróbálja feloldani az Energiatakarékos mód beállításait.</string>
<key>it</key>
<string>__APPNAME__ sta tentando di sbloccare le preferenze di Risparmio di energia.</string>
<key>ja</key>
<string>__APPNAME__ が“省エネルギー”環境設定のロックを解除しようとしています。</string>
<key>ko</key>
<string>__APPNAME__?(?) ??? ?? ????? ?? ????? ???.</string>
<key>nb</key>
<string>__APPNAME__ pr?ver ? l?se opp Str?msparing-valgpanelet.</string>
<key>nl</key>
<string>__APPNAME__ probeert het voorkeurenpaneel ‘Energiestand‘ te ontgrendelen.</string>
<key>pl</key>
<string>__APPNAME__ próbuje odblokowa? preferencje oszcz?dzania energii.</string>
<key>pt</key>
<string>__APPNAME__ está tentando desbloquear as preferências Economizador de Energia.</string>
<key>pt-PT</key>
<string>__APPNAME__ está a tentar desproteger as preferências de Poupan?a de Energia.</string>
<key>ro</key>
<string>__APPNAME__ ?ncearc? s? deblocheze preferin?ele Economizor.</string>
<key>ru</key>
<string>Программа ?__APPNAME__? пытается снять защиту с настроек панели ?Экономия энергии?.</string>
<key>sk</key>
<string>__APPNAME__ sa pokú?a odomknú? nastavenia ?etri?a energie.</string>
<key>sv</key>
<string>__APPNAME__ f?rs?ker l?sa upp inst?llningarna f?r Str?msparare.</string>
<key>th</key>
<string>__APPNAME__ ??????????????????????????????????????????????????</string>
<key>tr</key>
<string>__APPNAME__, Enerji Tasarrufu tercihlerinin kilidini a?maya ?al???yor.</string>
<key>uk</key>
<string>Програма ?__APPNAME__? намага?ться в?д?мкнути параметри Збереження енерг??.</string>
<key>zh-Hans</key>
<string>“__APPNAME__”正试图解锁“节能器”偏好设置。</string>
<key>zh-Hant</key>
<string>“__APPNAME__”正在嘗試解鎖“能源節約器”偏好設定。</string>
</dict>
<key>group</key>
<string>admin</string>
<key>shared</key>
<false/>
</dict>
</plist>
EOF

注意：一定要先执行一次read，今后即便是write错误，也可以使用上面的命令形式来恢复系统默认。

还有一种方法，就是组合read和write以及大家熟悉的命令PlistBuddy，比如：

security authorizationdb read system.preferences > /tmp/system.preferences.plist 
/usr/libexec/PlistBuddy -c "set group everyone" /tmp/system.preferences.plist 
sudo security authorizationdb write system.preferences < /tmp/system.preferences.plist

目前可知的可以用相同的方法设置的系统偏好有(但不止这些)：

设置日期和时间：system.preferences.datetime

打开系统偏好：system.preferences

设置能源：system.preferences.energysaver

设置网络：system.services.systemconfiguration.network

设置打印：system.preferences.printing －这个部分应该使用内置的lpadmin|lpoperator组来管理用户权限，参见OSX: 灵活运用控制打印机的用户组

这个命令应该使用于10.6以后的所有系统。

参考：下面是DssW英国公司公布的非常少见的各个版本的系统管理的用户组的默认设置，可供参考。

Default Rights in Mac OS X

Right	10.6	10.7	10.8	10.9	Comment
(empty)	Yes	Yes	Yes	Yes	Matches otherwise unmatched rights (i.e., is a default).
admin	No	Yes	Yes	Yes
allow	Yes	Yes	Yes	Yes	Allow anyone.
app-specific-admin	No	No	Yes	Yes
appserver-admin	Yes	Yes	Yes	Yes
appserver-user	Yes	Yes	Yes	Yes
authenticate	Yes	Yes	Yes	Yes
authenticate-admin	Yes	Yes	Yes	Yes	Authenticate as an administrator.
authenticate-admin-30	Yes	Yes	Yes	Yes	Like the default rule, but credentials remain valid for only 30 seconds after they‘ve been obtained. An acquired credential is shared by all clients.
authenticate-appstore-30	No	Yes	Yes	Yes
authenticate-developer	Yes	Yes	Yes	Yes	Authenticate as a developer.
authenticate-session-owner	Yes	Yes	Yes	Yes	Authenticate as the session owner.
authenticate-session-owner-or-admin	Yes	Yes	Yes	Yes	Authenticate either as the owner or as an administrator.
authenticate-session-user	Yes	Yes	Yes	Yes	Same as authenticate-session-owner.
com.alf	No	No	No	Yes
com.apple.	Yes	Yes	Yes	Yes
com.apple.AOSNotification.FindMyMac.modify	No	No	Yes	Yes
com.apple.AOSNotification.FindMyMac.remove	No	No	No	Yes
com.apple.CoreRAID.admin	Yes	Yes	Yes	Yes	Used by CoreRAID to allow access to administration functions of RAID devices
com.apple.DiskManagement.	Yes	Yes	Yes	Yes	Used by diskmanagementd to allow access to its privileged functions
com.apple.DiskManagement.internal.	No	No	Yes	Yes	Used by diskmanagementd to allow access to its privileged functions
com.apple.DiskManagement.reserveKEK	No	Yes	Yes	Yes	Used by diskmanagementd to allow use of the reserve KEK.
com.apple.KerberosAgent	No	Yes	Yes	Yes	Used to acquire Kerberos credentials.
com.apple.OpenScripting.additions.send	No	Yes	Yes	Yes	Used to send restricted scripting addition commands to processes that require authorization to handle the events.
com.apple.ReportPanic.fixRight	No	No	No	Yes
com.apple.Safari.parental-controls	Yes	Yes	Yes	Yes	Checked when changing parental controls for Safari.
com.apple.Safari.show-credit-card-numbers	No	No	No	Yes	This right is used by Safari to show credit card numbers.
com.apple.Safari.show-passwords	No	Yes	Yes	Yes	This right is used by Safari to show passwords
com.apple.ServiceManagement.blesshelper	Yes	Yes	Yes	Yes	Used by the ServiceManagement framework to add a privileged helper tool to the system launchd.
com.apple.ServiceManagement.daemons.modify	Yes	Yes	Yes	Yes	Used by the ServiceManagement framework to make changes to the system launchd‘s set of daemons.
com.apple.SoftwareUpdate.modify-settings	No	No	Yes	Yes	Checked by the Admin framework when making changes to the Software Update preference pane.
com.apple.SoftwareUpdate.scan	No	Yes	Yes	Yes	Checked when user is updating software.
com.apple.XType.fontmover.install	No	Yes	Yes	Yes
com.apple.XType.fontmover.remove	No	Yes	Yes	Yes
com.apple.XType.fontmover.restore	No	Yes	Yes	Yes
com.apple.ZFSManager.	Yes	Yes	Yes	Yes	Used by zfsmanager to allow access to destructive zfs functions
com.apple.activitymonitor.kill	Yes	Yes	Yes	Yes	Used by Activity Monitor to authorize killing processes not owned by the user.
com.apple.appserver.privilege.admin	Yes	Yes	Yes	Yes	For administrative access to the Application Server management tool.
com.apple.appserver.privilege.user	Yes	Yes	Yes	Yes	For user access to the Application Server management tool.
com.apple.builtin.confirm-access	Yes	Yes	Yes	Yes
com.apple.builtin.confirm-access-password	Yes	Yes	Yes	Yes
com.apple.builtin.generic-new-passphrase	Yes	Yes	Yes	Yes
com.apple.builtin.generic-unlock	Yes	Yes	Yes	Yes
com.apple.container-repair	No	No	Yes	Yes
com.apple.dashboard.advisory.allow	Yes	Yes	Yes	Yes
com.apple.desktopservices	Yes	Yes	Yes	Yes	For privileged file operations from within the Finder.
com.apple.desktopservices.scripted	No	Yes	Yes	Yes	For scripting-initiated privileged file operations from within the Finder.
com.apple.docset.install	Yes	Yes	Yes	Yes	Used by Xcode to restrict access to a daemon it uses to install and update documentation sets.
com.apple.dt.Xcode.LicenseAgreementXPCServiceRights	No	No	No	Yes	Xcode FLE rights
com.apple.dt.Xcode.MoveToTrashRights	No	Yes	No	No
com.apple.familycontrols.loginwindow.override	Yes	No	No	Yes	This right is checked when overriding a parental control restriction
com.apple.familycontrols.override	Yes	No	No	Yes	This right is checked when overriding parental controls from a user account
com.apple.iBooksX.ParentalControl	No	No	No	Yes	Checked when making changes to the Parental Controls for iBooks.
com.apple.library-repair	No	Yes	Yes	Yes
com.apple.lldb.LaunchUsingXPC	No	No	Yes	Yes
com.apple.opendirectoryd.linkidentity	No	No	Yes	Yes
com.apple.pcastagentconfigd.	Yes	Yes	No	No
com.apple.pf.rule	No	No	No	Yes
com.apple.security.assessment.update	No	Yes	Yes	Yes
com.apple.server.admin.streaming	Yes	Yes	Yes	Yes	For making administrative requests to the QuickTime Streaming Server.
com.apple.trust-settings.admin	Yes	Yes	Yes	Yes	For modifying Trust Settings in the Local Admin domain.
com.apple.trust-settings.user	Yes	Yes	Yes	Yes	For modifying per-user Trust Settings.
com.apple.uninstalld.uninstall	No	Yes	Yes	Yes
com.apple.wifi	No	No	No	Yes	For restricting WiFi control
com.apple.wireless-diagnostics	No	No	Yes	Yes	Used by the WirelessDiagnosticsSupport framework to restrict XPC services provided by the wdhelper daemon
com.example.sampleright	No	No	No	Yes
config.add.	Yes	Yes	Yes	Yes	Wildcard right for adding rights. Anyone is allowed to add any (non-wildcard) rights.
config.config.	Yes	Yes	Yes	Yes	Wildcard right for any change to meta-rights for db modification. Not allowed programmatically (just edit this file).
config.modify.	Yes	Yes	Yes	Yes	Wildcard right for modifying rights. Admins are allowed to modify any (non-wildcard) rights. Root does not require authentication.
config.remove.	Yes	Yes	Yes	Yes	Wildcard right for deleting rights. Admins are allowed to delete any (non-wildcard) rights. Root does not require authentication.
config.remove.system.	Yes	Yes	Yes	Yes	Wildcard right for deleting system rights.
default	Yes	Yes	Yes	Yes	Default rule. Credentials remain valid for 5 minutes after they‘ve been obtained. An acquired credential is shared by all clients.
entitled	No	Yes	Yes	Yes
entitled-admin	No	Yes	Yes	Yes
entitled-admin-or-authenticate-admin	No	Yes	Yes	Yes
entitled-appstore	No	Yes	Yes	Yes
entitled-appstore-or-entitled-authenticate-appstore	No	Yes	Yes	Yes
entitled-authenticate-admin	No	Yes	Yes	Yes
entitled-authenticate-appstore	No	Yes	Yes	Yes
entitled-session-owner	No	Yes	Yes	Yes
entitled-session-owner-or-authenticate-session-owner	No	Yes	Yes	Yes
is-admin	Yes	Yes	Yes	Yes	Verify that the user asking for authorization is an administrator.
is-appstore	No	Yes	Yes	Yes
is-developer	Yes	Yes	Yes	Yes	Verify that the user asking for authorization is a developer.
is-lpadmin	No	Yes	Yes	Yes
is-root	Yes	Yes	Yes	Yes	Verify that the process that created this AuthorizationRef is running as root.
is-session-owner	No	Yes	Yes	Yes	Verify that the requesting process is running as the session owner.
lpadmin	No	Yes	Yes	Yes
on-console	No	Yes	Yes	Yes
root-or-admin-or-authenticate-admin	No	Yes	No	No
root-or-entitled-admin-or-admin	No	Yes	Yes	Yes
root-or-entitled-admin-or-app-specific-admin	No	No	Yes	Yes
root-or-entitled-admin-or-authenticate-admin	No	Yes	Yes	Yes
root-or-lpadmin	No	Yes	Yes	Yes
sys.openfile.	Yes	Yes	Yes	Yes	See authopen(1) for information on the use of this right.
system.	Yes	Yes	Yes	Yes
system.burn	Yes	Yes	Yes	Yes	For burning media.
system.csfde.requestpassword	No	Yes	Yes	Yes	Used by CoreStorage Full Disk Encryption to request the user‘s password.
system.device.dvd.setregion.initial	Yes	Yes	Yes	Yes	Used by the DVD player to set the region code the first time. Note that changing the region code after it has been set requires a different right (system.device.dvd.setregion.change).
system.disk.unlock	No	Yes	Yes	Yes	Do not modify.
system.global-login-items.	Yes	Yes	Yes	Yes
system.hdd.smart	No	Yes	Yes	Yes	For modifying SMART settings.
system.identity.write.	Yes	Yes	Yes	Yes	For creating, changing or deleting local user accounts and groups.
system.identity.write.credential	Yes	Yes	Yes	Yes	Checked when changing authentication credentials (password or certificate) for a local user account.
system.identity.write.self	Yes	Yes	Yes	Yes	Checked when changing authentication credentials (password or certificate) for the current user‘s account.
system.install.admin.user	Yes	No	No	No
system.install.app-store-software	No	Yes	Yes	Yes	Checked when user is installing software from the App Store.
system.install.app-store-software.standard-user	No	No	No	Yes	Checked when user is installing new software.
system.install.apple-config-data	No	No	Yes	Yes
system.install.apple-software	No	Yes	Yes	Yes	Checked when user is installing Apple-provided software.
system.install.apple-software.standard-user	No	No	No	Yes	Checked when user is installing new software.
system.install.iap-software	No	No	No	Yes
system.install.root.admin	Yes	No	No	No
system.install.root.user	Yes	No	No	No
system.install.software	No	Yes	Yes	Yes	Checked when user is installing new software.
system.keychain.create.loginkc	Yes	Yes	Yes	Yes	Used by the Security framework when you add an item to an unconfigured default keychain.
system.keychain.modify	Yes	Yes	Yes	Yes	Used by Keychain Access when editing a system keychain.
system.login.console	Yes	Yes	Yes	Yes	Login mechanism based rule. Not for general use, yet.
system.login.done	Yes	Yes	Yes	Yes
system.login.screensaver	Yes	Yes	Yes	Yes	The owner or any administrator can unlock the screensaver, set rule to "authenticate-session-owner-or-admin" to enable SecurityAgent.
system.login.tty	Yes	Yes	Yes	Yes
system.preferences	Yes	Yes	Yes	Yes	Checked by the Admin framework when making changes to certain System Preferences.
system.preferences.accessibility	Yes	Yes	Yes	Yes	Checked when making changes to the Accessibility Preferences.
system.preferences.accounts	Yes	Yes	Yes	Yes	Checked by the Admin framework when making changes to the Users & Groups preference pane.
system.preferences.datetime	No	Yes	Yes	Yes	Checked by the Admin framework when making changes to the Date & Time preference pane.
system.preferences.energysaver	No	Yes	Yes	Yes	Checked by the Admin framework when making changes to the Energy Saver preference pane.
system.preferences.location	No	Yes	Yes	Yes	For changing the network location from the Apple menu.
system.preferences.network	No	Yes	Yes	Yes	Checked by the Admin framework when making changes to the Network preference pane.
system.preferences.nvram	No	No	Yes	Yes
system.preferences.parental-controls	Yes	Yes	Yes	Yes	Checked when making changes to the Parental Controls preference pane.
system.preferences.printing	No	Yes	Yes	Yes	Checked by the Admin framework when making changes to the Printing preference pane.
system.preferences.security	Yes	Yes	Yes	Yes	Checked by the Admin framework when making changes to the Security preference pane.
system.preferences.security.remotepair	No	Yes	Yes	Yes	Used by Bezel Services to gate IR remote pairing.
system.preferences.sharing	No	Yes	Yes	Yes	Checked by the Admin framework when making changes to the Sharing preference pane.
system.preferences.softwareupdate	No	Yes	Yes	Yes	Checked by the Admin framework when making changes to the Software Update preference pane.
system.preferences.startupdisk	No	Yes	Yes	Yes	Checked by the Admin framework when making changes to the Startup Disk preference pane.
system.preferences.timemachine	No	Yes	Yes	Yes	Checked by the Admin framework when making changes to the Time Machine preference pane.
system.preferences.version-cue	No	Yes	Yes	Yes	For gating modifications to Adobe Version Cue preferences.
system.print.admin	Yes	Yes	Yes	Yes
system.print.operator	Yes	Yes	Yes	Yes
system.printingmanager	Yes	Yes	Yes	Yes	For printing to locked printers.
system.privilege.admin	Yes	Yes	Yes	Yes	Used by AuthorizationExecuteWithPrivileges(...). AuthorizationExecuteWithPrivileges() is used by programs requesting to run a tool as root (e.g., some installers).
system.privilege.taskport	Yes	Yes	Yes	Yes	Used by task_for_pid(...). Task_for_pid is called by programs requesting full control over another program for things like debugging or performance analysis. This authorization only applies if the requesting and target programs are run by the same user; it will never authorize access to the program of another user. WARNING: administrators are advised not to modify this right.
system.privilege.taskport.debug	Yes	Yes	Yes	Yes	For use by Apple. WARNING: administrators are advised not to modify this right.
system.privilege.taskport.safe	Yes	Yes	Yes	Yes	For use by Apple.
system.restart	Yes	Yes	Yes	Yes	Checked if the foreground console user tries to restart the system while other users are logged in via fast-user switching.
system.services.directory.configure	Yes	Yes	Yes	Yes	For making Directory Services changes.
system.services.systemconfiguration.network	No	No	Yes	Yes	For making change to network configuration via System Configuration.
system.sharepoints.	Yes	Yes	Yes	Yes	Checked when making changes to the Sharepoints.
system.shutdown	Yes	Yes	Yes	Yes	Checked if the foreground console user tries to shut down the system while other users are logged in via fast-user switching.
system.volume.	No	No	Yes	Yes	system.volume.(external\|internal\|removable).(adopt\|encode\|mount\|rename\|unmount)
system.volume.external.	No	No	Yes	Yes	system.volume.(external\|internal\|removable).(adopt\|encode\|mount\|rename\|unmount)
system.volume.external.adopt	No	No	Yes	Yes	system.volume.(external\|internal\|removable).(adopt\|encode\|mount\|rename\|unmount)
system.volume.removable.	No	No	Yes	Yes	system.volume.(external\|internal\|removable).(adopt\|encode\|mount\|rename\|unmount)
system.volume.removable.adopt	No	No	Yes	Yes	system.volume.(external\|internal\|removable).(adopt\|encode\|mount\|rename\|unmount)
use-login-window-ui	No	No	No	Yes	Authenticate either as the owner or as an administrator.

OSX: 管理认证数据库(Authorization Database),布布扣,bubuko.com

OSX: 管理认证数据库(Authorization Database)

码农公寓

相关文章