|
|
re: bypassing admin challenges?
"Some people can't install Interarchy because their network admin won't give them the admin password for their machine. "
Um. I really don't advocate censorship, but it'd sure be nice to see more responsibility taken in information dissemination. Is "how to dupe your company's tech support" really the way Mac OS X Hints should be headed? This is, effectively, a tutorial on how to break into a system you don't own. I speak as a systems administrator. Part of my job is to give and not give admin/root access to our staff. When the attitude of the original post becomes prevalent and widespread enough, systems will have to be more and more inaccessible to the people trying to use them just to maintain some semblance of administrative control and oversight. That's why there are admins. If you don't have admin/root at work, you don't need it and shouldn't try for it. Discussion welcome. Sorry for ranting. --j!m
re: bypassing admin challenges?
I agree 100%. It seems to me this is not a direction this site wants to be going. As a fellow admin I can assure you that the last thing I want is a building full of folks who single user boot every time they feel they need to do my job for me. Although let me also mention that Norton Antivirus is a requirement here. Since the geniuses at Symantec designed it in a way that requires the Admin password, we have no choice but to make every user an Admin. Unless we want to visit every Mac, every time LiveUpdate wants to install an update.
OS X is not truly multi-user secure...
Rebooting in single user mode has been covered here as a standalone hint before (try this search to find 15 articles that discuss single user mode, including recovering a lost root password!). It's also documented in Apple's own Knowledge Base articles under a number of topics (disk repair being the one that comes to mind), and is mentioned extensively on other Mac websites and online forums. As such, knowing how to get into single user mode is not a great secret. Nothing was revealed in this hint that was not already public knowledge regarding "getting around" the lack of an Admin password.
If Apple wants to make OS X truly secure in a multi-user environment, they need to figure out how to prevent people from booting in single-user mode who do not have permission to do so. Off the top of my head, requiring the Admin password to boot single-user seems like the easiest solution, although I don't know how difficult it would be to implment such a solution. After all, if someone's in an environment with a Systems Admin, they shouldn't ever have a valid reason to use single user mode, right?
I draw the line on macosxhints.com at publicizing anything that discusses how to break the law ... but a hint that helps someone get the most out of their system will always be considered fair game, regardless of where they may be using that system. It's up to Apple, not the user, to make sure that the system has the necessary controls in place to prevent undesired actions.
-rob.
OS X IS truly multi-user secure...
Apple has a utility call Open Firmware Password Protect which allows you to block single-user mode and anything that accesses or alters Open Firmware at boot time. You can find it at their support site by searching for Open Firmware Password Protect. |
SearchFrom our Sponsor...Latest Mountain Lion HintsWhat's New:HintsNo new hintsComments last 2 daysNo new commentsLinks last 2 weeksNo recent new linksWhat's New in the Forums?
Hints by TopicNews from Macworld
From Our Sponsors |
|
Copyright © 2014 IDG Consumer & SMB (Privacy Policy) Contact Us All trademarks and copyrights on this page are owned by their respective owners. |
Visit other IDG sites: |
|
|
|
Created this page in 0.08 seconds |
|