From what I've gathered from the (rather old) documentation and sample projects on Authorization Plugins, I understand that those can be used to extend the macOS authorization services with custom (and possibly quite complex) requirements for privilege management.
During my testing, I found it to be technically possible to allow a normal (non-admin) user to perform some actions that they normally couldn't by leveraging plugin mechanisms. For instance, if I alter the class of system.preferences.network
from user
to evaluate-mechanisms
I can make it so my custom plugin decides which user is actually able to make modifications to the system through the Network settings pane.
However, I've noticed that if I leave the actual authentication to the built-in authentication mechanism and perform my validations after that, the user will face a rather odd message:
Clearly, even though this seems to work like I'd expected it to, there's something strange going on here.
So my question is, what can I actually achieve with authorization plugins in terms of managing system privileges, and what should I use it for? Are there any alternatives I could consider? And if so, could they offer me the flexibility that implementing my own custom logic as a plugin does?
I'm not sure what the best practices and recommendations are in terms of both security and usability regarding these plugins, and would very much appreciate some pointers in the right direction.