groob
commented
10 years ago Closed groob closed 10 years ago
groob
commented
10 years ago 
dayglojesus
commented
10 years ago @groob in your original patch, you implemented this feature by changing the group from:
macauthdb { 'system.device.dvd.setregion.initial':
ensure => present,
allow_root => false,
auth_class => user,
auth_type => right,
authenticate_user => true,
comment => 'Used by the DVD player to set the region code the first time. Note that changing the region code after it has been set requires a different right (system.device.dvd.setregion.change).',
group => 'admin',
session_owner => false,
shared => true,
timeout => 2147483647,
tries => 10000,
}To:
macauthdb { 'system.device.dvd.setregion.initial':
ensure => present,
allow_root => false,
auth_class => user,
auth_type => right,
authenticate_user => true,
comment => 'Used by the DVD player to set the region code the first time. Note that changing the region code after it has been set requires a different right (system.device.dvd.setregion.change).',
group => 'everyone',
session_owner => false,
shared => true,
timeout => 2147483647,
tries => 10000,
}Did you confirm that this change functions as prescribed?
dayglojesus
commented
10 years ago @groob Any word on this?
groob
commented
10 years ago I don't have access to a dvd drive. I will test this when I'm back at work on monday..
dayglojesus
commented
10 years ago @groob any word on this?
groob
commented
10 years ago After some testing today, it seems that changing auth_class from user to allow is the correct setting.
the contents of the system.device.dvd.setregion.initial key however changes, even if you use /usr/bin/security to change the auth_class.
default:
~ ❯❯❯ /usr/bin/security authorizationdb read system.device.dvd.setregion.initial
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>allow-root</key>
<false/>
<key>authenticate-user</key>
<true/>
<key>class</key>
<string>user</string>
<key>comment</key>
<string>Used by the DVD player to set the region code the first time. Note that changing the region code after it has been set requires a different right (system.device.dvd.setregion.change).</string>
<key>created</key>
<real>426431187.82539898</real>
<key>group</key>
<string>admin</string>
<key>modified</key>
<real>429897440.55124199</real>
<key>session-owner</key>
<false/>
<key>shared</key>
<true/>
<key>timeout</key>
<integer>2147483647</integer>
<key>tries</key>
<integer>10000</integer>
<key>version</key>
<integer>0</integer>
</dict>
</plist>class = allow:
~ ❯❯❯ /usr/bin/security authorizationdb read system.device.dvd.setregion.initial
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>class</key>
<string>allow</string>
<key>comment</key>
<string>Used by the DVD player to set the region code the first time. Note that changing the region code after it has been set requires a different right (system.device.dvd.setregion.change).</string>
<key>created</key>
<real>426431187.82539898</real>
<key>modified</key>
<real>429897689.53668702</real>
<key>version</key>
<integer>0</integer>
</dict>
</plist>@groob Actually, I went back and found a machine that had no DVD region settings and ran your original code -- it worked! Changing the group from admin to everyone is much simpler to manage in a manifest, so I am going to implement it that way. In any case, thanks again for your report. I will have a new version of the module available soon.