How to allow non-admin mac user to use App Store

How to allow non-admin mac user to use App Store

There are times you may need to provide a non-admin user access to purchase and install apps from the Mac App Store.  However, out of the box – the Mac Operating System does not allow this due to that user not having full permission.  When a user installs an app – it installs to the /Applications folder which requires administrative rights. In a situation where giving admin rights to that user isn’t feasible – there is a work around.

I have a non-admin user named “Tom Foolery”. I would like him to stay a standard user – but have access to purchase and install from the App Store.  Here is what I do:

Add Non-Admin User to _appstore Group

  1. Log in to the computer as a user with Administrative Rights
  2. Open up your command line by clicking the Spotlight   located in the top right of your Mac screen to search for the Terminal command line.
  3. Type in “Terminal” and then click on the Terminal app. 
    Once opens  you are now ready to type commands to add the non-admin user to the _appstore group.
  4. Type the following command:
    sudo dscl . -append /Groups/_appstore GroupMembership tomfoolery

    You will need to replace “tomfoolery” with your username. Don’t know what username you should use. Use the following command to list the users on your OS.

    sudo dscl . -list /Users

    Be sure to copy the username exactly as listed and insert it into the dscl command.

  5. Now login as the non-admin user and enjoy your access to the App Store!

Keep In Mind

When a user installs an app from the App Store – the App Store is actually controlling the installation and setting the permissions.  Meaning – an app installed by a non-admin user is going to be installed in the /Applications folder as user System and group Wheel.  What this means is that they will not be able to delete the app after they install it because they won’t have permission.

3 thoughts on “How to allow non-admin mac user to use App Store

  1. Hey thanks for this, I wrote a quick script that would list the current users (admins or not) and add them to the _applestore. I use dseditgroup as I find that it works a lot better.

    # generate a user list of all users with UID greater than 500
    userList=$(/usr/bin/dscl . list /Users UniqueID | /usr/bin/awk ‘$2 > 500 { print $1 }’)
    # now loop
    for u in ${userList} ; do
    /usr/sbin/dseditgroup -o edit -a ${u} -t user _appstore
    echo $u
    echo “Adding Current Users to appstore group”
    exit 0

  2. Thank you so much for this. We have been looking for an easy way to allow our users to install apps without admin credentials. We were able to substitute the username with a domain group (DOMAIN\GROUP), so now all of our faculty and staff will be able to install apps without us having to add each user.

    Thanks again.

  3. What about successive installs of revisions to the App? If the user cannot delete the app, can the App Store delete the preexisting app, which would have to occur before any new version is pre-installed?

Leave a Reply

Your email address will not be published. Required fields are marked *