Clear account policy for a specific user
pwpolicy -a name_of_the_Admin_authenticator -u username -clearaccountpolicies
macOS Support Resources and Information
Clear account policy for a specific user
pwpolicy -a name_of_the_Admin_authenticator -u username -clearaccountpolicies
#!/bin/bash rsync -avz -e ssh /private/var/log/special-folder/ @:/private/var/log/special-folder/
chmod a+x
and save as .sh in: /Library/Scripts/
sudo -s ssh-keygen cat /var/root/.ssh/id_rsa.pub | ssh <admin>@<remote server> 'cat >> ~/.ssh/authorized_keys' exit
Then try it, should be able to login under sudo -s.
Great resource: http://osxdaily.com/2012/05/25/how-to-set-up-a-password-less-ssh-login/
I admin a bunch of Macs, and depend on unlocking user’s screen saver as admin. I’ve always done this editing /etc/pam.d/screensaver
This no longer works. I need to do it via security authorizationdb.
I can do it with this command:
security authorizationdb write system.login.screensaver "authenticate-session-owner-or-admin"
https://discussions.apple.com/thread/7086700?start=0&tstart=0
I am having success with what I found at this URL: https://apple.stackexchange.com/questions/76088/how-do-i-give-a-user-sudo-permissions
To Quote apple.stackexchange.com
Rather than give geoff sudo privileges, consider adding the account to the admin group so that it inherits the admin group sudoer privileges. This would be the more correct way to do things.To add geoff to the admin group you’ll need to run the following as the admin account:
sudo dseditgroup -o edit -a geoff -t user admin
You may also want to consider putting geoff in the wheel group too:sudo dseditgroup -o edit -a geoff -t user wheel
The wheel group is a BSD-ism, where OS X has its roots. In traditional BSD systems the wheel group was used to keep a collection of users who were allowed to become superusers using the su command. It’s not strictly necessary to be in both admin and wheel but anyone setup as as “Administrator” on the machine through the UI for adding a user is in both so it can’t hurt to replicate that setup.To reverse this change, change the -a (add) flag to -d (delete): sudo dseditgroup -o edit -d geoff -t user admin
Apple Directory Service Tools
https://opensource.apple.com/source/DSTools/DSTools-134/
Add a User to Sudoers in Mac OS X
Adding users to the sudoers requires the usage of vi, which can be fairly confusing if you’re not accustomed to it. For the unfamiliar, we’ll outline the exact key command sequences to edit, insert, and save the file in vi, follow the instructions carefully.
1) Launch Terminal and type the following command:
sudo visudo
2) Use the arrow keys to navigate down to the “#User privilege specification” section, it should look like this:
# User privilege specification root ALL=(ALL) ALL %admin ALL=(ALL) ALL
3) Put the cursor on the next empty line below the %admin entry and then press the “A” key to insert text, then type the following on a new line, replacing ‘username’ with the users short name of the account you wish to grant privilege to (hit tab between username and ALL):
username ALL=(ALL) ALL
4) Now hit the “ESC” (escape) key to stop editing the file
5) Hit the : key (colon) and then type “wq” followed by the Return key to save changes and exit vi
Use cat with grep to find the username quickly if you don’t want to scan through the entire file:
cat /etc/sudoers | grep username
cat /etc/sudoers | grep promin
Link taken from this article
http://osxdaily.com/2014/02/06/add-user-sudoers-file-mac/