macOS Catalina authentication #3107
Comments
|
Thanks - Got it, but... I'm using 1.5.79, and it still doesn't work on Catalina. |
|
First of all: I don't work on Etcher, and I don't have a Mac, so these are largely all guesses.... (but maybe theses guesses will be helpful anyway? 😕 ) From what I've been reading in various Etcher issues, it sounds like MacOS has both "admin accounts" and "non admin accounts"? In versions of MacOS prior to Catalina, Etcher used the "system elevation mechanism" (via @jorangreef 's sudo-prompt ) which then prompts for both a username and password, and people running as a non-admin user would then enter their admin-username and admin-password into the prompt, and Etcher would then gain full access. AFAICT these are all "security restrictions" introduced in MacOS Catalina by Apple, so there's not really anything that Etcher can do to work around them? 🤷♂️ |
|
@lurch - Thanks, this is great feedback. All of your 'guesses' sound correct AFAICT (I'm no expert on macOS security mechanisms beyond the fact that they're a PITA). Good insights for someone that doesn't use a mac! So - a couple of things:
|
|
@seamusdemora we use |
@seamusdemora Like I said in my previous message - I was only guessing, and I've never used MacOS 🍏 🤷♂️ I never claimed any of my guesses were 100% correct 😆 |
|
@zvin - I don't see anything there that helps. If you're familiar with I'm completely ignorant wrt javascript, and I can see nothing that looks like a sudo-able command. I assumed you would use a I'd try adding |
|
@seamusdemora Etcher does not mount anything. It writes disk image to the drive directly. It looks like there is a way to install a privileged helper according to https://www.tweaking4all.com/software/macosx-software/applepi-baker-v2/#WritingtoaDiskSudoAccessvsHelperTool . I'm not sure the privileged helper may be electron. I don't have time to work on this for now. Pull requests are welcome. |
|
@seamusdemora I think the articles you mentioned are only about fine-tuning what permissions @zvin The author of ApplePiBaker has also written about the problems he's been having with Catalina in this forum thread - I've no idea if he ever came up with a solution though? 🤷♂️ |
|
You're probably correct. So many crappy things with Catalina, and I'm tired of fighting them all. I'm putting this issue into a dirty bag labeled "Catalina Crap", and I'll come back to it. |
|
@zvin - Finally got around to reading your last post (March 23). That's interesting, but unfortunately I know nothing about Electron. With respect to the privileged helper, I don't know much about that either, BUT I do know that The post you linked to re apple-pi baker is, for me, very depressing. I say that because Apple's new "security measures" seem designed to benefit Apple - not their customers! The entire business of "helper apps" is horrible and disrespectful. Apple has imagined their customer base is 100% teenaged girls with popcorn for brains, and they are hell-bent on sowing the seeds of their own demise - just as they have done previously... ah! sorry - please excuse the rant... now where was I? Oh yes - Etcher can no longer write to a USB device under macOS Catalina... You said you didn't have time for this now, and I understand that completely. But if you read through the post re Apple-Pi-Baker, you will know that this "helper app" business can only be done by you - the helper app and the app itself must both be "signed" by you. If I were in your place, I would be very tempted to say, "No - I refuse to allow Apple to subjugate me." Personally, and in spite of how much I like Etcher, I hope this is what you do. I say this because I believe that if all 3rd party developers told Apple to GFY, Apple would suffer financially. And it's clear that the best way to get an accountant CEO's attention is to put a hit on revenue. Apple's stockholders will give Tim Cook the same treatment they gave John Sculley (Pepsi-man) years ago. |
Unfortunately I believe those 3rd party developers would probably suffer more financially than Apple would... 😕 |
Sadly, you are probably correct. But broken software doesn't generate much revenue either - and where does it end? |
|
I started etcher yesterday, and during the upgrade, macOS flashed a notice re a new helper app being installed. Alas, this isn't the helper app needed to allow etcher to work for non-admin users on Catalina. |
|
This post was called to my attention. This is a potential solution. |
|
That's a link to a comment by @zvin , who is one of the Etcher developers? 😕 |
|
@lurch : ha ha... well I'm sure he'll appreciate that :) Maybe I'm too anxious... I'm going to go back to |
|
Until this does get fixed, it's probably worth leaving this issue open, rather than closing it? 🙂 |
|
hey guys, sorry if I'm commenting at the wrong issue or if someone else already comments this and I didn't read. But I think this is related to the new permission system. It worked for me when I gave the etcher Full Disk Access. What I have seen in other apps that etcher don't have is a pop-up window explaining this to the user, so I also suggest it (assuming this is the problem/fix, of course).
|
|
[pipex] This issue has attached support thread https://jel.ly.fish/5942fd9e-617b-4d01-a572-ff115a43be88 |
|
I opened this issue, then closed it because I decided to quit using Etcher ('cause didn't work properly on Catalina), then re-opened it at the request of another user. I stopped using Etcher as it didn't seem to be well-supported. I can't tell from this thread whether anything has been fixed or not???? I'm closing the thread (again) because I still get notification of posts here. For those still struggling with Etcher's authentication issue on Catalina, I'd suggest it's time to start a new issue. |
|
[saintaardvark] This issue has attached support thread https://jel.ly.fish/a72c4291-da46-4545-bcf8-d269371a79ed |
|
I don't know when - or how - this happened, but Etcher now works on my macOS Catalina system. The "About" window indicates the version is 1.7.9, but it actually began working (again) some time ago. Posting this to say "Thanks" to the Balena Etcher team :) FWIW: I am prompted to enter a password, but I use my non-admin user password & all works fine. Also, I've just looked, and found this "Removable Volume" permission set for Etcher. Perhaps it's been there all along, but I don't recall seeing it - or setting it ¯_(ツ)_/¯ :
|
|
Hi, @seamusdemora If your mac has touch ID, you can run this command in terminal to use touch ID instead of typing a password: it adds that line on top of your /etc/pam.d/sudo file |
I operate as a NON-ADMIN user on my Macs. Etcher prompted me for a PASSWORD before flashing a USB. I tried entering the ADMIN password first, but it REJECTED that. I then entered my NON-ADMIN password. Etcher did nothing... it just sat there & looked back at me :)
Took the same ISO over to my macOS 10.14.6, Etcher prompts for BOTH username and password, then proceeds to flash correctly.
wtf, o??
Etcher version:
Version 1.5.79 (1.5.79)
Operating system and architecture:
macOS 10.15.3
Model Name: MacBook Pro
Model Identifier: MacBookPro16,1
Processor Name: 8-Core Intel Core i9
Processor Speed: 2.3 GHz
Number of Processors: 1
Total Number of Cores: 8
L2 Cache (per Core): 256 KB
L3 Cache: 16 MB
Hyper-Threading Technology: Enabled
Memory: 64 GB
Image flashed:
linuxmint-19.3-cinnamon-64bit.iso
Do you see any meaningful error information in the DevTools?
NO
The text was updated successfully, but these errors were encountered: