0

How can I create a user on macos who has nearly all permissions of admin user, but is not able to stop a binary whitelisting/blacklisting system (https://github.com/google/santa) from execution nor is able to delete its relevant files? So on the bottom line it's an admin who can't stop the application controll app itself.

Should this user be able to user permissions? Yes

Should this user be able to edit their own permissions? No

Should this user be able to create new users? No

Should this user be able to create new, unrestricted admin users? No

Should this user be able to create setuid 0 binaries? No

Should this user be able to edit the whitelist? No

Madamadam
  • 117

0 Answers0