Authorize a non-admin developer in Xcode / Mac OS - xcode

I use a standard user account for my daily tasks on Mac OS. Since upgrading to Snow Leopard I am asked to do the following when a program is run from within Xcode:
"Type the name and password of a user in the 'Developer Tools' group to allow Developer Tools Access to make changes"
While I know the admin username/password, this is annoying (though only required once per login).
The developer tools access is asking for rights to "system.privilege.taskport.debug" from application gdb-i386-apple-darwin.
What is the best way around this?

You need to add your macOS user name to the _developer group. See the posts in this thread for more information. The following command should do the trick:
sudo dscl . append /Groups/_developer GroupMembership <username>

Finally, I was able to get rid of it using DevToolsSecurity -enable on Terminal.
Thanks to #joar_at_work!
FYI: I'm on Xcode 4.3, and pressed the disable button when it launched for the first time, don't ask why, just assume my dog made me do it :)

$ dseditgroup -o edit -u <adminusername> -t user -a <developerusername> _developer

You should add yourself to the Developer Tools group. The general syntax for adding a user to a group in OS X is as follows:
sudo dscl . append /Groups/<group> GroupMembership <username>
I believe the name for the DevTools group is _developer.

Ned Deily's solution works perfectly fine, provided your user is allowed to sudo.
If he's not, you can su to an admin account, then use his dscl . append /Groups/_developer GroupMembership $user, where $user is the username.
However, I mistakenly thought it did not because I wrongly typed in the user's name in the command and it silently fails.
Therefore, after entering this command, you should proof-check it.
This will check if $user is in $group, where the variables represent respectively the user name and the group name.
dsmemberutil checkmembership -U $user -G $group
This command will either print the message user is not a member of the group or user is a member of the group.

Answer suggested by #Stacy Simpson:
We are struggling with the issue described in these threads and none of the resolutions seem to work:
Stop "developer tools access needs to take control of another process for debugging to continue" alert
Authorize a non-admin developer in Xcode / Mac OS
As I'm new to SO, I cannot post in either thread. (The first one is actually closed and I disagree with the localization reasoning...)
Anyway, we created a work-around using AppleScript that folks may be interested in. The script below should be executed asynchronously prior to launching your automated test:
osascript <script name> <password> &
Here is the script:
on run argv
# Delay for 10 seconds as this script runs asynchronously to the automation process and is kicked off first.
delay 10
# Inspect all running processes
tell application "System Events"
set ProcessList to name of every process
# Determine if authentication is being requested
if "SecurityAgent" is in ProcessList then
# Bring this dialogue to the front
tell application "SecurityAgent" to activate
# Enter provided password
keystroke item 1 of argv
keystroke return
end if
end tell
end run
Probably not very secure, but it's the best work-around we've come up with to allow tests to run without requiring user intervention.
Hopefully, I can get enough points to post the answer; or, someone can unprotect this question. Regards.

For me, I found the suggestion in the following thread helped:
Stop "developer tools access needs to take control of another process for debugging to continue" alert
It suggested running the following command in the Terminal application:
sudo /usr/sbin/DevToolsSecurity --enable

Here is a better solution from
Mac OS X wants to use system keychain when compiling the project
Open Keychain Access.
In the top-left corner, unlock the keychain (if it is locked).
Choose the System keychain from the top-left corner.
Find your distribution certificate and click the disclosure triangle.
Double-click ‘Private key’ under your distribution certificate.
In the popup, go to the Access Control tab.
Select ‘Allow all applications to access this item’.
Save the changes.
Close all windows.
Run the application.

I am on Snow Leopard and this one didn't quite work for me. But the following procedure worked:
First added another account with admin privileges by ticking "Allow user to administer this computer" under Accounts, for example an account with username test
Logged into the test account
Launched Xcode, compiled and ran my iPhone project. All ok, no errors were thrown related to permissions
Logged out of the test account
Logged in with the another account having admin privileges
Took away the admin priviliges from the test account by removing the tick from "Allow user to administer this computer" under Accounts
Logged back into the test account
Deleted the iPhone project directory and again checked out from the repository (in my case svn)
Launched Xcode, compiled and ran the project. I didn't get any errors and the App ran well in the iPhone Simulator.

After you run:
sudo dscl . append /Groups/_developer GroupMembership <username>
per the answer above, you may still get prompted to enter in your own password:
We need authorization from an admin user to run the debugger.
This will only happen once per login session.
What it really means is any _developer groupmember user so just your non-admin user/password will work here but to get rid of it completely (no prompts after a reboot) you'll also need to run:
sudo DevToolsSecurity -enable
(running it with sudo as an admin user/as root will make it so you can do it remotely without a gui password prompt)

Related

How can I close a specific Xcode project, from the command line, without Applescript?

I'd like to close a specific Xcode project from the command line without closing any other projects (so I can't just use kill). Applescript is problematic in Catalina because of additional permissions needed. Is there any other way to do what I want?
If you want to use the Terminal to control other apps via AppleScript, you must give permission. But this is not difficult, because the system will prompt for the needed permission if you have not given it already.
For example, I just said
$ osascript -e 'tell app "Finder" to close window 1'
and I saw this dialog:
I clicked OK and the window closed, as ordered. No problem. So you'd see something like that for Xcode, you'd grant permission, and that would be that. The permission is recorded in the Security & Privacy pref pane under Automation.
If you prefer to pass thru System Events, the permission is recorded under Accessibility. Note that that is a permission you can grant in advance. But you still need to go thru the dialog so you can give Terminal permission to talk to System Events.
If you deny access in the dialog and you want to be asked again, use tccutil to reset the database. Good discussion here: https://apple.stackexchange.com/questions/384230/how-do-i-reset-screen-recording-permission-on-macos-catalina

How do I fix "Developer tools access needs to take control of another process for debugging to continue." in Xcode?

I'm aware that this question has been asked before but their solutions did not solve my problem. Typing "DevToolsSecurity -enable" into console returned "Developer mode is already enabled," but the window keeps popping up. I do not have an admin account on this computer so I cannot type in an admin username or password.
I am running Xcode 10.2.1 with Mojave 10.14.5.
man DevToolsSecurity says:
DevToolsSecurity tool to change the authorization policies, such that a user who is a
member of either the admin group or the _developer group does not need to enter an
additional password to use the Apple-code-signed debugger or performance analysis
tools.
So this tool only helps if you are in the admin or _developer groups.

Reset location permission for app in development

I am building an app in Xcode that uses Core Location. On first run the app asks the user for permission. I want to revoke this permission to trigger the flow anew.
I cannot find my app in the list of apps under Settings / Location Services.
It's odd that your app isn't in Security & Privacy->Location Services. I don't have an answer to that.
If you do uncheck the permission in that pane, though, you won't start the flow anew. Instead you'll be simulating a rejection of permission (user denied the permission request).
The tccutil command line program ought to be able to manipulate those settings. But I tried tccutil reset All on my machine and it didn't affect Location privacy.
It looks like the property list at /var/db/locationd/clients.plist has the authorized applications. So you might be able to edit that file with the plutil command line tool to remove your application. Or just make a copy, edit with Xcode to remove your application, and swap in that copy for testing.
sudo bash
plutil -p /var/db/locationd/clients.plist

Repeated Popup: Xcode wants to access key "com.apple.dt.XcodeDeviceMonitor" in your keychain

Starting in MacOS Sierra, I've started to get this popup periodically from XCode, even after pressing 'Always Allow'.
I've tried deleting the "com.apple.dt.XcodeDeviceMonitor" item in Keychain. This regenerates the key, but doesn't fix the issue.
It's an open discussion topic on the Apple forums, but no one seems to have a solution.
Posting this solution for Xcode 8 because no one else has:
Open Keychain Access.
Search for XcodeDeviceMonitor.
Drag the item to the System Keychain on left.
Enter admin password.
That finally fixes it.
open [keychain access] > type "xcode" in the search area > double click [com.apple.dt.XcodeDeviceMonitor] > click [access control] > select the first option [allow all applications to access this item]
Don't forget to click Save Changes!
hope it helps.
The following worked for me (running macOS 10.12.1 and XCode 7.3).
Note that the problem with other solutions is that they operate on the (temporary) login keychain entry, which is removed when XCode quits, so a solution appears to be to create the entry in the System keychain instead.
I tried using Keychain Access to move the entry from the login to the System keychain but it failed with various obscure errors (e.g. "An error has occurred. Unable to add an item to the current keychain")
Instead, I used the security command to create a new entry in the System keychain that's (almost) identical to the temporary one.
The only difference is the password which I couldn't be bothered to extract (and I'm unsure whether it's important).
Open Terminal, paste and execute the following command (after suitable editing if XCode isn't in the normal location):
sudo security add-generic-password \
-s 'com.apple.dt.XcodeDeviceMonitor' \
-a session-token \
-p anyoldstring \
-T /Applications/Xcode.app \
-T /Applications/Xcode.app/Contents/Developer/Library/Xcode/Tools/XcodeDeviceMonitor \
/Library/Keychains/System.keychain
Disclaimer - my sole objective here was to prevent the annoying alert.
I've no idea whether this will break anything.
You're messing with the System keychain: what could possibly go wrong ?
I reported this to Apple as a bug and after several suggestions the same as some of those mentioned here that didn't work they came back with the following, which has worked:
"Sorry about the trouble. We’ll dig a bit more into this. In the mean time, if you don’t need the iCloud gauge, you can temporarily disable it by doing this:
Go to Terminal.app.
Type this in to enable an User Defaults
defaults write com.apple.dt.Xcode iCloudGaugeDisabled -bool YES
Relaunch Xcode "
This issue has popped up again for me this past fall. I think the issue may stem from the security hole that apple had where the root user account was left un password protected. I reset my password for the root user account (to the same password as it was previously). I didn't notice the relationship at the time, but after reading this support item, I suspected that this could be the issue.
https://support.apple.com/en-us/HT201609
I reset my password for the login keychain (again to the same password) following these steps and the issue has since gone away.
Hope this helps.

Installing PostgreSQL on Windows

I'm in a bit of a mess here. I installed PostgreSQL on my Vista computer a couple of days ago but then when asked to enter the password for the postgre user account I couldn't remember it (allegedly I was asked during setup but I don't remember that).
Anyway, so I uninstalled Pg with the intention of reinstalling it, removed the user account, it's /Users/ directory and it's special privelleges ("Advanced user profile properties") but when I come to install Pg it seems to think the account still exists as when I supply a password during setup it says that it is not the correct password - meaning that the account still exists somewhere.
Is there anyway I can recover this?
Go to Control Panel -> Administrative Tools -> Computer Management. There under "Local Users and Groups" you can see all users created for your system. Remove "postgres" and reinstall PostgreSQL.
Open a command prompt with the administrator rights.
i.e. Right click on command prompt icon -> Run as Administrator
Use the following command to change the password:
!important: CASE and SHOULD BE RUNNING AS ADMINISTRATOR
NET USER postgres <NEW_PASSWORD>
On Vista you can go to Control Panel -> User Accounts -> Manage Another Accounts
then select user postgres, change the password if you forget your last password.

Resources