Body
Overview
The Privileges App is a way to elevate to an administrative account on Macintoshes deployed with Jamf Connect / Zero Touch.
Previously, administrator user access for Macintosh users could only be implemented using a separate administrator user account and password. With Privileges, you are now able to use your OSU password to elevate your account to an administrator user. Privileges must be enabled for a user account, please submit a ticket to request this.
This article only applies to Macs that have been installed with the Zero Touch / Jamf Connect deployment process. For older / multi-user installs, you continue to use the second local admin account.
Contents
Installation
On your Macintosh the app will need to be installed for first time use: in Applications, open Self Service, called "Ohio State Application Self Service", and search for "privileges" and install. Note: to see the Privileges app, you must log in (lastname.# & OSU password) to Self Service using the Log In button as below:
Note: Installing Privileges does not activate admin rights, initial ASCTech activation is required, please submit a ticket.
Note: A Joshua Miller login item may appear on the Mac. That is the author of the Privileges app and is expected.
Usage
For security, only elevate to admin when you need to and de-elevate from admin when not needed.
From the Graphical Interface
Click on the Privileges app, it will be green showing you do not have admin rights:
A pop up window will state that you are currently logged in as a standard user, press the Request privileges button to elevate your account to an administrator user. Enter a reason for your request and then your OSU password. (Please note, that this is a request to elevate to administrator, not a direct request to ASCTech.)
The icon will change to unlocked and yellow indicating you are an admin:
Every 30 minutes, Privileges will ask if you still need admin rights.
Command Line / Shell / SSH
Click the Privileges app to elevate and then launch a terminal as admin. Then use the sudo
command to run individual commands as admin.
When you are finished with admin rights use the Privileges remove command, and then type exit
to leave the admin command prompt.
Alternate CLI Commands / Remote SSH
If your non-mobile computer allows incoming SSH, you will not be able to click on the GUI icon.
Instead to elevate to admin type: /Applications/Privileges.app/Contents/Resources/PrivilegesCLI --add
and type your password.
To remove admin rights type: /Applications/Privileges.app/Contents/Resources/PrivilegesCLI --remove
.
When you are finished with admin rights use the Privileges remove command, and then type exit
to leave the admin command prompt.
Add the following to your .zshrc or .bashrc to add convenient aliases:
alias privadd='/Applications/Privileges.app/Contents/Resources/PrivilegesCLI --add'
alias privrem='/Applications/Privileges.app/Contents/Resources/PrivilegesCLI --remove'
alias privstatus='/Applications/Privileges.app/Contents/Resources/PrivilegesCLI --status'
What if you cannot sudo after elevating?
This should work immediately as of 11.2.1. However, if the current shell does not get placed into the admin group. There are two options:
- SSH to the machine again with a new login.
- Type
su -l lastname.#
to create a new shell in the terminal