Submit Hint Search The Forums LinksStatsPollsHeadlinesRSS
14,000 hints and counting!

10.4: How to secure screen savers across users System 10.4
I use the well-known screen saver Ciao to automaticly take my computer to the login window without logging out the users (via fast user switching) after a designated time period. I do this not so much because of the supposed security concerns, but because in my household, everyone knows each other's password (and quickly discovers it if I change it), and this way it's just as easy to login to one's own account as it is to use the one that was last being used.

Anyway, the problems with this set up are:
  1. There isn't any easy way to set up a default behavoir for Ciao.
  2. Anyone can change their screensaver, and hence ruin the whole thing.
I was lucky enough to sumble upon this blog post about securing screen savers, and pass it on to macosxhints with a few tweaks and additions.

So here is what you need to do. Changing the default behavoir of the screen saver is pretty straightforward. Make sure Ciao is installed for all users, and then modify /System -> Library -> Frameworks -> ScreenSaver.framework -> Versions -> A -> Resources -> EngineDefaults.plist to match the following:
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist SYSTEM "file://localhost/System/Library/DTDs/PropertyList.dtd">
<plist version="0.9">
<dict>
       <key>askForPassword</key>
       <integer>0</integer>
       <key>hotCorners</key>
       <array>
              <array>
                     <string>0</string>
                     <string>0</string>
                     <string>1</string>
                     <string>1</string>
              </array>
       </array>
       <key>idleTime</key>
       <integer>300</integer>
       <key>moduleName</key>
       <string>Ciao</string>
       <key>modulePath</key>
       <string>/Library/Screen Savers/Ciao.saver</string>
</dict>
</plist>
This sets Ciao as the default saver, sets the timer interval to five minutes (300 seconds), makes both bottom corners activate the saver, and turns off ask for password (since it would be redudant to do so). Now we need to set these options in stone.

Navigate to /System -> Library -> PreferencePanes -> DesktopScreenEffectsPref.prefPane -> Contents -> Resources in the Tterminal. Once there, type sudo chmod 750 ScreenEffects.prefPane/. That gives the owner read, write, and execute permissions, and the group read and execute permissions. Make sure to change the owner to your administrator account. The permissions should now read:
drwxr-x---    3 admin_user  wheel    102 Mar 20  2005 ScreenEffects.prefPane 
Now you are set to go. You should be able to open and change things in the Desktop & Screen Saver pane as normal in the admin account, but trying to do so in any other account will go nowhere. It won't even crash the System Prefs app, it will just sit there until you click something else or quit. Nice.

One caveat: users cannot change their Desktop either due to the combination (in 10.4) of the Desktop and Screen Saver pref pane. This may or may not be a good thing, depending on your set-up. For me, it works. Perhaps you can reclaim this functionality by installing Panther's Desktop pref pane (in that case, you could simply remove the Desktop & Screen Saver prefpane, and modify things via the plist). Anyone?

[robg adds: This hint changes the ownership and permissions of a system-level file. I expect that if you were to run Repair Permissions in Disk Utility, this "problems" would be "fixed." It may also get reset after system updates, so you'd have to keep an eye on it.]
    •    
  • Currently 1.78 / 5
  You rated: 5 / 5 (9 votes cast)
 
[19,518 views]  

10.4: How to secure screen savers across users | 4 comments | Create New Account
Click here to return to the '10.4: How to secure screen savers across users' hint
The following comments are owned by whoever posted them. This site is not responsible for what they say.
10.4: How to secure screen savers across users
Authored by: rfitz on Jun 02, '06 07:58:11AM
LogOutScreenSaver is another application that can bring you back to the loginwindow. It has a lot more features than Ciao.
For more information visit http://www.fitzwaterinc.com.

[ Reply to This | # ]
Bad Passwords
Authored by: dbs on Jun 02, '06 08:21:16AM

If people in your household are really using as easy-to-guess passwords you might consider trying to teach them to do a better job now rather than waiting for some account to get hacked in the future. Even putting two simple words together with a number between them will be much stronger. (I.e., if it's a child who uses a pet's name suggest that they put the pets name and a number and some other name together -- not a great password, but still easy to remember and much harder to guess.)

Of course this doesn't solve the screensaver issue, but getting people into the habit of choosing good passwords is important these days.

Oh -- and remember to never use the same password across multiple accounts! We've had several systems hacked because of shared passwords.



[ Reply to This | # ]
Bad Passwords
Authored by: whenders0n on Jun 10, '06 04:33:28PM

This is a household computer man. Everyone knows each other's password because they tell it to one another and are too lazy to log out of whatever account they are using. Not the most secure solition, sure, but security isn't really an issue at our house (probably where you work it is).



[ Reply to This | # ]
10.4: How to secure screen savers across users
Authored by: gneagle on Jun 02, '06 09:30:03AM
If you want to secure the ScreenEffects prefs pane, but still allow access to the Desktop prefs, you can do this:

sudo chown root:admin /System/Library/PreferencePanes/DesktopScreenEffectsPref.prefPane
sudo chmod 750 /System/Library/PreferencePanes/DesktopScreenEffectsPref.prefPane

This prevents non-admin users from accessing either Desktop or ScreenEffects prefs. (and visually removes it from the System Preferences app for non-admins) Now to restore access to Desktop prefs (all on one line):

sudo cp -R /System/Library/PreferencePanes/DesktopScreenEffectsPref.prefPane/Contents/Resources/DesktopPictures.prefPane /Library/PreferencePanes

This copies the Desktop prefs pane to /Library/Preferences. It will now show up in System Preferences under the "Other" category.

[ Reply to This | # ]