Last active
February 4, 2026 13:50
-
-
Save macsimom/a571db8c7ac4239352486b5aee6fddd8 to your computer and use it in GitHub Desktop.
Disable admin authentication dialog in macOS for desired settings in eg. System Settings.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| # version 1.0, 2026 simonandersen | |
| #set -x | |
| # Run log stream --predicate 'subsystem = "com.apple.Authorization"' while attempting to | |
| # do whatever operation requires admin authentication to figure out the name of the right | |
| # required. | |
| # | |
| # Battery preferences in System Settings on Tahoe seem to be "system.preferences" | |
| # Installing configuration profiles require "system.privilege.admin" | |
| # | |
| AUTHRIGHT="$1" | |
| function CLEANUP() { | |
| if [[ -e "$WORKFILE" ]] | |
| then | |
| rm "$WORKFILE" | |
| fi | |
| } | |
| trap CLEANUP EXIT | |
| if [[ "$(whoami)" != "root" ]] | |
| then | |
| echo "Must be root" | |
| exit 1 | |
| fi | |
| SUPPORTDIR="/Library/Application Support/toggle_auth_right" | |
| if [[ ! -d "$SUPPORTDIR" ]] | |
| then | |
| mkdir -p "$SUPPORTDIR" || exit 1 | |
| fi | |
| if [[ -z "$AUTHRIGHT" ]] | |
| then | |
| echo "Missing authorization right name" | |
| exit 1 | |
| fi | |
| WORKFILE="$(mktemp)" | |
| security authorizationdb read "$AUTHRIGHT" > "$WORKFILE" 2>/dev/null | |
| if [[ "$(stat -f%z "$WORKFILE")" -eq 0 ]] | |
| then | |
| echo "$AUTHRIGHT not found" | |
| exit 1 | |
| fi | |
| if [[ -e "$SUPPORTDIR/$AUTHRIGHT.original" ]] | |
| then | |
| echo "Attempt to restore original $AUTHRIGHT" | |
| if security authorizationdb write "$AUTHRIGHT" < "$SUPPORTDIR/$AUTHRIGHT.original" | |
| then | |
| echo "Restore success" | |
| echo "Delete $SUPPORTDIR/$AUTHRIGHT.original" | |
| rm "$SUPPORTDIR/$AUTHRIGHT.original" | |
| else | |
| echo "Restore failed" | |
| echo "Failed to overwrite $AUTHRIGHT with contents of \"$SUPPORTDIR/$AUTHRIGHT.original\"" | |
| exit 1 | |
| fi | |
| else | |
| currentsetting="$(/usr/libexec/PlistBuddy -c "Print :authenticate-user" "$WORKFILE")" | |
| if [[ "$currentsetting" == "true" ]] | |
| then | |
| cp "$WORKFILE" "$SUPPORTDIR/$AUTHRIGHT.original" | |
| /usr/libexec/PlistBuddy -c "Set :authenticate-user NO" "$WORKFILE" | |
| /usr/libexec/PlistBuddy -c "Set :group staff" "$WORKFILE" | |
| if security authorizationdb write "$AUTHRIGHT" < "$WORKFILE" 2>/dev/null | |
| then | |
| security authorizationdb read "$AUTHRIGHT" 2>/dev/null | |
| echo "Disabled authentication for $AUTHRIGHT" | |
| else | |
| echo "Could not write changes to $AUTHRIGHT" | |
| rm "$SUPPORTDIR/$AUTHRIGHT.original" | |
| fi | |
| else | |
| echo "User authentication is already not required." | |
| fi | |
| fi | |
| exit 0 |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment