10 Replies Latest reply: Oct 4, 2013 8:36 AM by the macmedic
BenHudson Level 1 Level 1 (5 points)

In Lion 10.7 and Mountain Lion 10.8 - an administrator password is now required to create a DMG disk image, duplicating a drive or folder via Disk Utility.

 

I've confirmed via Apple Care that this is an implemented security feature after Snow Leopard 10.6 (tested on 10.6.8: requires no admin privelages for new disk image from volume / folder). As such, other third party apps (EG: free DMG Maker from the Mac App Store) also require an administrator password, as they too rely on HDIUtil, which now needs an admin password.

 

So: how would a standard Mac user (running 10.7 / 10.8) create a disk image to backup an external drive or SD Card? I know Final Cut Pro X can create an Archive of an SD Card (much through the same means, but doesn't need admin credentials). Anyone else know of an App or work-around? (Other than baking in an Admin password into a basic scripted GUI or using FCPX?)


OS X Mountain Lion (10.8)
  • Scotch_Brawth Level 3 Level 3 (820 points)

    Try Carbon Copy Cloner.  It has a trial period, and can back-up directly to a new disk image.

  • andyBall_uk Level 7 Level 7 (20,495 points)

    That's odd, and hopefully others may chime in - but using 10.6.8 and a standard user here, I never need an admin name/pass unless an item in the source is not owned by the user. The same seems to apply in 10.8.4.

     

    In either OS - if even one (visible or not) file is not owned by the user - then an admin name/pass is requested. CCC asked for it in any case.

  • BenHudson Level 1 Level 1 (5 points)

    Thanks to you both for the assistance, but I'm yet to find any way of duplicating external media (drives or SD Cards etc) to a DMG without requiring administator privelages. It isn't related to source file or folder permissions, as the SD Cards are FAT32 (or derivatives) with full read/write access under a standard account to all enlosed contents (I could also use Finder's 'Ignore ownership on this volume' on a different drive format and get the same results).

     

    No application or process I've tried so far bypasses the need for an admin password, including Bombich's seminal Carbon Copy Cloner (as it also relies on Apple's underlying OS X frameworks and terminal commands, which in turn require administrator privelages). Having tested this with Disk Utility previously under 10.6.8 Snow Leopard, I can create a new disk image from any external volume without the need (or request) for administrator access. Apple Care have confirmed this change was deliberately engineered into Lion & Mountain Lion; apparently at low level via HDIUtil & AuthOpen (causing the same issue with third party apps).

     

    Anyone have any ideas, processes or applications which can achieve this essential (and previously simple) backup task?

     

    I can only see two options at this point:

     

    1. Remove standard accounts and let the Mac users have (temporary) administrator access, using Faronics Deep Freeze (like Apple Retail Stores do) - or:

    2. Develop an Application myself to call DiskUtil & HDIUtil terminal commands and handle the administrator password request (overkill and a security flaw; defeating the object of Apple's 10.7 & 10.8 Disk Utility security feature that caused this mess in the first place!)

  • andyBall_uk Level 7 Level 7 (20,495 points)

    >>but I'm yet to find any way of duplicating external media (drives or SD Cards etc) to a DMG without requiring administator privelages

    >>I could also use Finder's 'Ignore ownership on this volume' on a different drive format and get the same results

     

    That's not my experience, so long as all files are owned by the user, or 'Ignore ownership on this volume' is checked.

     

    I've tested in both 10.8.4 and 10.6.8, as admin & standard users, and creating a new image from a folder owned by system required an admin name & pass in each case. Ignoring ownership allowed the creation without a name/pass. Using hdiutil in 10.6.8 was the same.

     

    Anyway, although nothing's changed between 10.6 & 8 here, it evidently has for you - Does compressing the folder work as expected, without need for a name/pass ? (it does here, albeit a larger file than a compressed dmg)

  • amfarrell Level 1 Level 1 (0 points)

    To get around this issue, the group name needs to be changed to 'everyone' in the sys.openfile section of /etc/authorization. You will still need to authenticate, but you do not need to have admin credentials:

     

    <key>sys.openfile.</key>
            <dict>
                <key>class</key>
                <string>user</string>
                <key>comment</key>
                <string>See authopen(1) for information on the use of this right.</string>
                <key>default-button</key>
                <dict>
                    <key>ar</key>
                    <string>فتح</string>
                    <key>ca</key>
                    <string>Obrir</string>
                    <key>cs</key>
                    <string>Otevřít</string>
                    <key>da</key>
                    <string>Åben</string>
                    <key>de</key>
                    <string>Öffnen</string>
                    <key>el</key>
                    <string>Άνοιγμα</string>
                    <key>en</key>
                    <string>Open</string>
                    <key>es</key>
                    <string>Abrir</string>
                    <key>fi</key>
                    <string>Avaa</string>
                    <key>fr</key>
                    <string>Ouvrir</string>
                    <key>he</key>
                    <string>פתח</string>
                    <key>hr</key>
                    <string>Otvori</string>
                    <key>hu</key>
                    <string>Megnyitás</string>
                    <key>it</key>
                    <string>Apri</string>
                    <key>ja</key>
                    <string>開く</string>
                    <key>ko</key>
                    <string>열기</string>
                    <key>nb</key>
                    <string>Åpne</string>
                    <key>nl</key>
                    <string>Open</string>
                    <key>pl</key>
                    <string>Otwórz</string>
                    <key>pt</key>
                    <string>Abrir</string>
                    <key>pt-PT</key>
                    <string>Abrir</string>
                    <key>ro</key>
                    <string>Deschide</string>
                    <key>ru</key>
                    <string>Открыть</string>
                    <key>sk</key>
                    <string>Otvoriť</string>
                    <key>sv</key>
                    <string>Öppna</string>
                    <key>th</key>
                    <string>เปิด</string>
                    <key>tr</key>
                    <string>Aç</string>
                    <key>uk</key>
                    <string>Відкрити</string>
                    <key>zh-Hans</key>
                    <string>打开</string>
                    <key>zh-Hant</key>
                    <string>打開</string>
                </dict>
                <key>default-prompt</key>
                <dict>
                    <key>ar</key>
                    <string>يحاول __APPNAME__ فتح الملف الذي تم اختياره.</string>
                    <key>ca</key>
                    <string>__APPNAME__ està intentant obrir l’arxiu seleccionat.</string>
                    <key>cs</key>
                    <string>__APPNAME__ se pokouší otevřít vybraný soubor.</string>
                    <key>da</key>
                    <string>__APPNAME__ forsøger at åbne det valgte arkiv.</string>
                    <key>de</key>
                    <string>__APPNAME__ versucht, die gewählte Datei zu öffnen.</string>
                    <key>el</key>
                    <string>Η εφαρμογή __APPNAME__ προσπαθεί να ανοίξει το επιλεγμένο αρχείο.</string>
                    <key>en</key>
                    <string>__APPNAME__ is trying to open the chosen file.</string>
                    <key>es</key>
                    <string>__APPNAME__ está intentando abrir el archivo seleccionado.</string>
                    <key>fi</key>
                    <string>__APPNAME__ yrittää avata valittua tiedostoa.</string>
                    <key>fr</key>
                    <string>__APPNAME__ essaye d'ouvrir le fichier sélectionné.</string>
                    <key>he</key>
                    <string>״ __APPNAME__״ מבקש לפתוח את הקובץ הנבחר.</string>
                    <key>hr</key>
                    <string>__APPNAME__ pokušava otvoriti odabranu datoteku.</string>
                    <key>hu</key>
                    <string>A(z) __APPNAME__ megpróbálja megnyitni a kiválasztott fájlt.</string>
                    <key>it</key>
                    <string>__APPNAME__ sta cercando di aprire il documento prescelto.</string>
                    <key>ja</key>
                    <string>__APPNAME__ は、選択中のファイルを開こうとしています。</string>
                    <key>ko</key>
                    <string>__APPNAME__이(가) 선택된 파일을 열려고 합니다.</string>
                    <key>nb</key>
                    <string>__APPNAME__ prøver å åpne den valgte filen.</string>
                    <key>nl</key>
                    <string>__APPNAME__ probeert het gekozen bestand te openen.</string>
                    <key>pl</key>
                    <string>__APPNAME__ próbuje otworzyć wybrany plik.</string>
                    <key>pt</key>
                    <string>__APPNAME__ está tentando abrir o arquivo escolhido.</string>
                    <key>pt-PT</key>
                    <string>O __APPNAME__ está a tentar abrir o ficheiro escolhido.</string>
                    <key>ro</key>
                    <string>__APPNAME__ încearcă să deschidă fișierul ales.</string>
                    <key>ru</key>
                    <string>Программа «__APPNAME__» пытается открыть новый файл.</string>
                    <key>sk</key>
                    <string>__APPNAME__ sa pokúša otvoriť vybraný súbor.</string>
                    <key>sv</key>
                    <string>__APPNAME__ försöker öppna den valda filen.</string>
                    <key>th</key>
                    <string>__APPNAME__ กำลังพยายามเปิดไฟล์ที่เลือก</string>
                    <key>tr</key>
                    <string>__APPNAME__, seçilen dosyayı açmaya çalışıyor.</string>
                    <key>uk</key>
                    <string>Програма «__APPNAME__» намагається відкрити вибраний файл.</string>
                    <key>zh-Hans</key>
                    <string>“__APPNAME__”正试图打开所选文件。</string>
                    <key>zh-Hant</key>
                    <string>“__APPNAME__”正在嘗試打開所選檔案。</string>
                </dict>
                <key>group</key>
                <string>everyone</string>
                <key>shared</key>
                <false/>
                <key>timeout</key>
                <integer>300</integer>
    
  • brainburst Level 1 Level 1 (10 points)

    This is for local files and folders NOT for Disks commonly used for video. You can make disk images from folders on the cards but you CAN'T make images of the entire volume.

  • amfarrell Level 1 Level 1 (0 points)

    This solution was because our Cinema program students needed to make images of the SD card volume. So it has been tested and it works. An authentication window will still pop up, but the logged in user can authenticate successfully.

  • amfarrell Level 1 Level 1 (0 points)

    I edited the file and deployed it using ARD or as a policy using JAMF Casper Suite. The Casper package includes a script to move the original file to file.old then moves the new file  (with correct permissions) into the /etc folder.

  • the macmedic Level 1 Level 1 (0 points)

    amferrel is the man; give this dude some props and mark this thread solved!!