On macOS, if a non-admin user has rights to edit /etc/hosts, Local.app still throws an admin authorization prompt. Is Local.app accessing any other files/directories/settings that require admin elevation? or is this a matter of Local.app not checking whether or not /etc/hosts is writable before asking for admin authorization?
Editing permissions on /etc/hosts isn’t my first choice. Is there any plan for a PrivilegedHelperTool? It would go a long way toward simplifying deployment.
Replication
Testing steps:
set permissions /etc/hosts to allow a standard user has R/W access …
Create a new site in Local.app with a user that’s in the staff group.
Receive admin elevation prompt: “Local wants to make changes.”
Cancel the prompt as Administrator rights are not needed for this user to edit /etc/hosts.
Receive error about not being able update hosts file.
Editing the hosts file is only one part of what Local is doing at that point. Other things that Local does that require admin authorization are basically starting the various processes for the individual WordPress sites (nginx, php, etc) as well as starting the Local router (the thing listening on Port 80 and translates human-readable domains into the actual port of the WordPress site).
I haven’t tried making my hosts file less secure, but I think you’re right that Local isn’t testing if the hosts file is writable first.
I’m not understanding why you need to edit the permissions on that file?
If you don’t want Local to edit the hosts file for you when creating a site, another option would be to use Local’s “Router Mode” feature which allows you to choose between using localhost or a human readable site-domain (something like example.local) to access the WordPress site. You can change this setting by navigating to the “Preferences > Advanced > Router Mode” page.
Sorry for the slow reply here. A PrivledgedHelperTool is a mechanism in macOS that allows a non privileged user to interact with an application that’s been authorized to perform privileged tasks (like edit /etc/hosts). I great example I the PrivlegedHelperTool in SAP’s Privileges.app allows a non-admin user to ad themselves to the admin group.
With a PrivledgedHelperTool Local.app can be allowed to interact with it’s PrivledgedHelperTool to have the tool perform the privileged tasks. Meaning that once installed and authorized, Local.app no longer needs administrative access to update /etc/hosts.And a user doesn’t need admin credentials just to use the app.
