Re: [Fed-Talk] Another BSM related question
Re: [Fed-Talk] Another BSM related question
- Subject: Re: [Fed-Talk] Another BSM related question
- From: "Shawn A. Geddis" <email@hidden>
- Date: Tue, 18 Aug 2009 09:41:12 -0400
On Aug 18, 2009, at 9:31 AM, Marty Boegner wrote:
I'm getting truncated output from BSM recently on some of my OS X
10.5.6 systems, and I'm not sure what has changed to prompt this.
The output from praaudit on one of the binary log files consists
almost exclusively of tokens similar to this:
header,83,1,SecSrvr Auth Engine,0,Mon Aug 17 00:00:09 2009, + 392
msec
subject,root,root,wheel,root,wheel,2160,0,0,0.0.0.0.0
text,system.burn
return,success,0
trailer,83
[I had to print the sample token shown above and retype it since the
systems in question has no internet access. Transcription errors may
have occurred.]
I have no idea what system.burn is, and Google is no help since it
interprets "system.burn" as "system burn" even with double quotes or
a backslash-escaped dot. I ran the following find command to no
avail as well:
find / -name system.burn -print
Does anyone know what system.burn is?
M a r t y
Mary,
"system.burn" is just one of the many "Rights" that are defined in /
etc/authorization which a User/Admin must acquire before performing
the corresponding action. Anytime you see an authentication dialog,
you can click on the disclosure triangle and see what right is
required for performing that action.
In this case, to burn a cd/dvd requires the acquisition of the
corresponding "Right" of "system.burn" defined in the Authorization
database (which right now is the /etc/authorization - XML flat file).
The snippet of the default from the file for this is:
<key>system.burn</key>
<dict>
<key>class</key>
<string>allow</string>
<key>comment</key>
<string>For burning media.</string>
</dict>
- Shawn
_____________________________________________________
Shawn Geddis - Security Consulting Engineer - Apple Enterprise
Attachment:
smime.p7s
Description: S/MIME cryptographic signature
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Fed-talk mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden