MacOS Admin Access

Issue Summary

On macOS, if a non-admin user has rights to edit /etc/hosts, still throws an admin authorization prompt. Is accessing any other files/directories/settings that require admin elevation? or is this a matter of not checking whether or not /etc/hosts is writable before asking for admin authorization?

Editing permissions on /etc/hosts isn’t my first choice. Is there any plan for a PrivilegedHelperTool? It would go a long way toward simplifying deployment.


Testing steps:
set permissions /etc/hosts to allow a standard user has R/W access …

`chown root:staff /etc/hosts`
`chmod 664 /etc/hosts`

Create a new site in with a user that’s in the staff group.
Receive admin elevation prompt: “Local wants to make changes.”
Cancel the prompt as Administrator rights are not needed for this user to edit /etc/hosts.
Receive error about not being able update hosts file.

System Details

  • Which version of Local is being used?

  • What Operating System (OS) and OS version is being used?
    macOS 11.6.1

Editing the hosts file is only one part of what Local is doing at that point. Other things that Local does that require admin authorization are basically starting the various processes for the individual WordPress sites (nginx, php, etc) as well as starting the Local router (the thing listening on Port 80 and translates human-readable domains into the actual port of the WordPress site).

I haven’t tried making my hosts file less secure, but I think you’re right that Local isn’t testing if the hosts file is writable first.

I’m not understanding why you need to edit the permissions on that file?

If you don’t want Local to edit the hosts file for you when creating a site, another option would be to use Local’s “Router Mode” feature which allows you to choose between using localhost or a human readable site-domain (something like example.local) to access the WordPress site. You can change this setting by navigating to the “Preferences > Advanced > Router Mode” page.

For more info, see this help doc:

However, even using the localhost router mode, I think you’ll still be prompted for a password when Local is spawning those server processes.

In terms of a PriviledgedHelperTool – can you describe in a little more detail what you mean by this?

Sorry for the slow reply here. A PrivledgedHelperTool is a mechanism in macOS that allows a non privileged user to interact with an application that’s been authorized to perform privileged tasks (like edit /etc/hosts). I great example I the PrivlegedHelperTool in SAP’s allows a non-admin user to ad themselves to the admin group.

With a PrivledgedHelperTool can be allowed to interact with it’s PrivledgedHelperTool to have the tool perform the privileged tasks. Meaning that once installed and authorized, no longer needs administrative access to update /etc/hosts.And a user doesn’t need admin credentials just to use the app.

1 Like

So is it accurate to say that this would mean one more App to be installed on the user’s machine in order to do admin type things?

I just upgraded to Monterey and get this same error message. How do I fix it?

I gave local Full Disk Permission and still get this error.

This topic was automatically closed 90 days after the last reply. New replies are no longer allowed.