-
Type:
Bug
-
Status: Closed
-
Priority:
Normal
-
Resolution: Duplicate
-
Affects Version/s: None
-
Fix Version/s: PUP 6.0.0
-
Component/s: None
-
Labels:
-
Template:customfield_10700 18234
-
Epic Link:
-
Team:Platform OS
-
CS Priority:Reviewed
Update 12/22: Based on comments from Allister and Nigel this should be removed from core types. That may need to wait until Puppet 5 for semver reasons.
In OS X 10.9, `/etc/authorization` has been "deprecated"; as of the GM, the update will move `/etc/authorization` to `/etc/authorization.deprecated`.
There is now `/System/Library/Security/authorization.plist` but it seems to just be the defaults; changing a right with the `security authorizationdb` command doesn't change that file, but instead updates a sqlite db at `/var/db/auth.db`.
I did some quick testing, and just changing `AuthDB` in `puppet/provider/macauthorization/macauthorization.rb` isn't enough because the provider reads the plist to determine current state, but in the 10.9 world the current state is reflected in the `auth.db` file (or the output of `security authorizationdb` commands) so even when a right change is applied, puppet doesn't know.