If you work in a corporate environment and have a Mac as your work machine, chances are that your IT department installed SAP’s clever Privileges app to limit the use of admin rights. Privileges essentially adds your current user to the admin group for a limited amount of time so that you can obtain elevated privileges whenever needed but do not overuse them. Convenient as Privileges may be, however, I sometimes get annoyed by having to use the GUI over and over to get admin privileges multiple times a day. Thankfully, the installation of the GUI app also comes with the PrivilegesCLI command line application.
Using the Privileges GUI to get temporary admin rights
Using the Privileges GUI app is very simple. We simply start the app and click on a button to get admin rights.
Getting temporary admin rights from the command line using PrivilegesCLI
Now, the command line interface (CLI) for Privileges is a bit hidden and—to make matters worse—seemingly undocumented. If you know what to look for, it’s easy to find, however.
$ locate PrivilegesCLI
/Applications/Utilities/Privileges.app/Contents/Resources/PrivilegesCLI(Unsurprisingly, the CLI is bundled with the GUI app.) If we render the help screen, we can see that—just like its GUI counterpart—, PrivilegesCLI is also a very simple and straightforward program.
$ /Applications/Utilities/Privileges.app/Contents/Resources/PrivilegesCLI --help
Usage: PrivilegesCLI <arg>
Arguments: --add Adds the current user to the admin group
--remove Removes the current user from the admin group
--status Displays the current user's privilegesThere are only three subcommands to
- add admin rights to the current user,
- remove them from the current user, and to
- get the status of the admin rights for the current user.
Most users will probably only ever use the --add subcommand, that gives admin rights.
$ /Applications/Utilities/Privileges.app/Contents/Resources/PrivilegesCLI --add
User main has now admin rightsIn some cases, it may, however, also be useful to remove admin rights from the current user or to get their admin rights status. So, it’s good to know that PrivilegesCLI can also do that.
Getting admin rights and executing with sudo in one command
The main advantage of using the command line interface is, of course, that we do not have to click buttons and may moreover integrate the command with other commands. If we wanted to we could, for example, write a combined command that adds the current user to the admin user group and executes a given command with sudo. Let’s call it please:
export PRIVILEGES_CLI_LOCATION=/Applications/Utilities/Privileges.app/Contents/Resources/PrivilegesCLI
function please() {
${PRIVILEGES_CLI_LOCATION} --add &> /dev/null
sudo $@
}So, if you, for example, want to edit /etc/hosts with vi you simply write
please vi /etc/hoststhen enter the admin user password and you are good to go. 