unlocking user’s screen saver as admin

https://apple.stackexchange.com/questions/258055/10-12-sierra-unlock-screensaver-by-admin-via-security-authorizationdb

 

I admin a bunch of Macs, and depend on unlocking user’s screen saver as admin. I’ve always done this editing /etc/pam.d/screensaver

This no longer works. I need to do it via security authorizationdb.

I can do it with this command:

security authorizationdb write system.login.screensaver "authenticate-session-owner-or-admin"


https://discussions.apple.com/thread/7086700?start=0&tstart=0

Add a User to Sudoers in Mac OS X

I am having success with what I found at this URL: https://apple.stackexchange.com/questions/76088/how-do-i-give-a-user-sudo-permissions

To Quote apple.stackexchange.com
Rather than give geoff sudo privileges, consider adding the account to the admin group so that it inherits the admin group sudoer privileges. This would be the more correct way to do things.

To add geoff to the admin group you’ll need to run the following as the admin account:

sudo dseditgroup -o edit -a geoff -t user admin
You may also want to consider putting geoff in the wheel group too:

sudo dseditgroup -o edit -a geoff -t user wheel
The wheel group is a BSD-ism, where OS X has its roots. In traditional BSD systems the wheel group was used to keep a collection of users who were allowed to become superusers using the su command. It’s not strictly necessary to be in both admin and wheel but anyone setup as as “Administrator” on the machine through the UI for adding a user is in both so it can’t hurt to replicate that setup.

To reverse this change, change the -a (add) flag to -d (delete): sudo dseditgroup -o edit -d geoff -t user admin

Apple Directory Service Tools
https://opensource.apple.com/source/DSTools/DSTools-134/

Add a User to Sudoers in Mac OS X
Adding users to the sudoers requires the usage of vi, which can be fairly confusing if you’re not accustomed to it. For the unfamiliar, we’ll outline the exact key command sequences to edit, insert, and save the file in vi, follow the instructions carefully.

1) Launch Terminal and type the following command:

 sudo visudo 

2) Use the arrow keys to navigate down to the “#User privilege specification” section, it should look like this:

 # User privilege specification
root	ALL=(ALL) ALL
%admin	ALL=(ALL) ALL 

3) Put the cursor on the next empty line below the %admin entry and then press the “A” key to insert text, then type the following on a new line, replacing ‘username’ with the users short name of the account you wish to grant privilege to (hit tab between username and ALL):

 username ALL=(ALL) ALL  

4) Now hit the “ESC” (escape) key to stop editing the file

5) Hit the : key (colon) and then type “wq” followed by the Return key to save changes and exit vi

Use cat with grep to find the username quickly if you don’t want to scan through the entire file:
cat /etc/sudoers | grep username

cat /etc/sudoers | grep promin

Link taken from this article
http://osxdaily.com/2014/02/06/add-user-sudoers-file-mac/