![]() ![]() ![]() Listing and deleting rules In this case the programs MacPyMOL and Calibre are member applications governed by the "MyLabel" rule (click for larger view). The next step is to enable the rule so the programs represented in it can run, which can be done by using the following commands: Without this step, malicious programs could add their own rules to Gatekeeper and then run without restriction. Note that this step will require you to either run the command as administrator or provide your administrator password in the authentication dialog that pops up. Think of the label as a group to which you are adding the application, so you can repeat the above command and specify a different program to assign it to the same rule label (or use a different label if you choose). Spctl -add -label "MyLabel" /Path/To/program In the following command, we are adding a program (specified by the program path) to the rule called "MyLabel." You can name the rule anything you wish, and as mentioned above you can complete the program's full path by dragging it to the Terminal window. This is a two-step process where you first need to create a rule to which you assign one or more applications, and followed by enabling this group in Gatekeeper. If you find one of your installed applications is not allowed to run by Gatekeeper, then you can manually add a rule to allow it to run. Adding a rule to allow an application When you add an application to a Gatekeeper rule, the system will require authentication and warn you with this dialog box (click for larger view). When you execute this command on the targeted file, Gatekeeper will assess the file's eligibility to run and output the results to you. The program can be an application bundle, a shell script, or any other executable file. To do so, simply type "spctl -a" in the Terminal followed by a single space, and then drag the application of choice to the Terminal window to complete the full path to the program package so it looks like the following: With Gatekeeper enabled, you can have the system check a specific application package to see whether it has privileges to run. Spctl -status Determine if an application is allowed In addition to enabling or disabling, you can check whether Gatekeeper is running using the status option with this command: While the easiest way to enable or disable Gatekeeper is through the system preferences, you can also do so from the OS X Terminal with the following commands: Enabling and disabling Gatekeeper This system has Gatekeeper enabled (click for larger view). This rule-based approach is how Gatekeeper works, so if you have decided to keep Gatekeeper enabled for security purposes, you can use some fairly simple Terminal commands using the "spctl" utility to manage Gatekeeper, not only to enable or disable it but also to create custom groups of programs and allow or deny them execution rights. In addition, Gatekeeper has another built-in rule called "Developer ID" that will allow programs with valid developer IDs to run. By default Gatekeeper will look for a Mac App Store signature in the program and then has a group rule called "Mac App Store" that allows programs with this feature to run. These restrictions by Gatekeeper are implemented through a group-based rule paradigm. By default Apple provides these three options for setting up Gatekeeper in OS X (click for larger view). With this setup, the system ensures that the program cannot be executed on its own without explicit approval from you. When the restrictions are set, you can still run unapproved programs by right-clicking them and choosing Open from the contextual menu followed by confirming that you would indeed like to execute this file. When setting up GateKeeper in the Security system preferences, you can set it so that only approved applications from the Mac App Store are allowed to run, additionally allow programs from approved developers to run, or you can set no restrictions and allow everything to run. Gatekeeper is a new security measure introduced in OS X Mountain Lion that allows the system to prevent the execution of code that does not meet certain criteria, such as possessing a valid digital signature from Apple's developer community.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |