Read/Modify authorization policy database. Without a rulename write will read a dictionary as a plist from stdin.
Syntax
authorizationdb read right-name
authorizationdb write right-name [allow|deny|rulename]
authorizationdb remove right-name
Read definition of system.privilege.admin right:
security> security authorizationdb read system.privilege.admin > /tmp/aewp-def
Set system.preferences to definition of system.privilege.admin right:
security> security authorizationdb write system.preferences < /tmp/aewp-def
Every change to preferences requires an Admin user to authenticate:
security> security authorizationdb write system.preferences authenticate-admin
“Even in the common affairs of life, in love, friendship, and marriage, how little security have we when we trust our happiness in the hands of others!” ~ William Hazlitt (On Living to One’s-Self)
Local man page: security - Command line help page on your local machine.
security - Administer Keychains, keys, certificates and the Security framework.