Mac - Gatekeeper

Aus Wikizone
Version vom 10. April 2019, 10:55 Uhr von 37.49.72.8 (Diskussion) (→‎Create a rule for the application)
(Unterschied) ← Nächstältere Version | Aktuelle Version (Unterschied) | Nächstjüngere Version → (Unterschied)
Wechseln zu: Navigation, Suche

Der Mac OSX Gatekeeper soll bei neueren Macs dafür sorgen, dass nur sichere Software auf dem Mac landet. Wenn nicht signierte Software installiert wird, muss man diese separat in den Einstellungen genehmigen. Einige Einstellungen kann man aber nur über die Konsole machen.

Links[Bearbeiten]

https://support.apple.com/de-de/HT202491
https://apple.stackexchange.com/questions/289071/how-do-i-reset-all-gatekeeper-rules
https://www.cnet.com/news/how-to-manage-os-x-gatekeeper-from-the-command-line/

Snippets[Bearbeiten]

Enabling and disabling Gatekeeper[Bearbeiten]

Gatekeeper status in the OS X TerminalGatekeeper status in the OS X Terminal This system has Gatekeeper enabled (click for larger view). Screenshot by Topher Kessler/CNET

While the easiest way to enable or disable Gatekeeper is through the system preferences, you can also do so from the OS X Terminal with the following commands: 

spctl --master-enable
spctl --master-disable

In addition to enabling or disabling, you can check whether Gatekeeper is running using the status option with this command: 

spctl --status

Determine if an application is allowed[Bearbeiten]

With Gatekeeper enabled, you can have the system check a specific application package to see whether it has privileges to run. To do so, simply type "spctl -a" in the Terminal followed by a single space, and then drag the application of choice to the Terminal window to complete the full path to the program package so it looks like the following: 

spctl -a /Path/To/program.app

The program can be an application bundle, a shell script, or any other executable file. When you execute this command on the targeted file, Gatekeeper will assess the file's eligibility to run and output the results to you.

Adding a rule to allow an application[Bearbeiten]

Gatekeeper authentication dialog boxGatekeeper authentication dialog box When you add an application to a Gatekeeper rule, the system will require authentication and warn you with this dialog box (click for larger view). Screenshot by Topher Kessler/CNET

If you find one of your installed applications is not allowed to run by Gatekeeper, then you can manually add a rule to allow it to run. This is a two-step process where you first need to create a rule to which you assign one or more applications, and followed by enabling this group in Gatekeeper.

Create a rule for the application[Bearbeiten]

In the following command, we are adding a program (specified by the program path) to the rule called "MyLabel." You can name the rule anything you wish, and as mentioned above you can complete the program's full path by dragging it to the Terminal window. 

spctl --add --label "MyLabel" /Path/To/program

Think of the label as a group to which you are adding the application, so you can repeat the above command and specify a different program to assign it to the same rule label (or use a different label if you choose). Note that this step will require you to either run the command as administrator or provide your administrator password in the authentication dialog that pops up. Without this step, malicious programs could add their own rules to Gatekeeper and then run without restriction.

Enable or disable the rule[Bearbeiten]

The next step is to enable the rule so the programs represented in it can run, which can be done by using the following commands: 

spctl --enable --label "MyLabel"
spctl --disable --label "MyLabel"

Listing and deleting rules[Bearbeiten]

Gatekeeper rule member applications listGatekeeper rule member applications list In this case the programs MacPyMOL and Calibre are member applications governed by the "MyLabel" rule (click for larger view). Screenshot by Topher Kessler/CNET

With rules created for different applications, you can enable or disable them accordingly, but the "spctl" command also has options for managing them. To see a list of all the rules on the system, simply run the following command in the Terminal. 

spctl --list

In the output for this list, you will see your custom labels among built-in rules like the "Developer ID" and "Mac App Store" labels. Optionally, you can list just the entries for a specific label by the following command: 

spctl --list --label "MyLabel"

You can delete any unwanted Gatekeeper rules by issuing the command option to remove them: 

spctl --remove --label "MyLabel"

The options covered here are basic approaches to managing application execution with Gatekeeper enabled, and can be used to set up groups of programs to enable or disable on a specific system. However, the spctl command has a number of additional options for prioritizing rules, and determining details such as whether or not a package can be installed, or if a program can install other files on the system.

Managing rules in this manner will not interfere with Gatekeeper's functions, but unless you know exactly what you are doing, be sure to not remove or edit any of the built-in rules that Apple supplies with Gatekeeper. These include the aforementioned "Developer ID" and "Mac App Store" labels, so provided that you only create and modify custom rules in Gatekeeper, then you should be good to go.

Abgerufen von „https://wiki.stephanschlegel.de/index.php?title=Mac_-_Gatekeeper&oldid=23789