Submit Hint Search The Forums LinksStatsPollsHeadlinesRSS
14,000 hints and counting!


Click here to return to the 'OS X is not truly multi-user secure...' hint
The following comments are owned by whoever posted them. This site is not responsible for what they say.
OS X is not truly multi-user secure...
Authored by: robg on Nov 07, '02 01:07:30PM
Rebooting in single user mode has been covered here as a standalone hint before (try this search to find 15 articles that discuss single user mode, including recovering a lost root password!). It's also documented in Apple's own Knowledge Base articles under a number of topics (disk repair being the one that comes to mind), and is mentioned extensively on other Mac websites and online forums. As such, knowing how to get into single user mode is not a great secret. Nothing was revealed in this hint that was not already public knowledge regarding "getting around" the lack of an Admin password. If Apple wants to make OS X truly secure in a multi-user environment, they need to figure out how to prevent people from booting in single-user mode who do not have permission to do so. Off the top of my head, requiring the Admin password to boot single-user seems like the easiest solution, although I don't know how difficult it would be to implment such a solution. After all, if someone's in an environment with a Systems Admin, they shouldn't ever have a valid reason to use single user mode, right? I draw the line on macosxhints.com at publicizing anything that discusses how to break the law ... but a hint that helps someone get the most out of their system will always be considered fair game, regardless of where they may be using that system. It's up to Apple, not the user, to make sure that the system has the necessary controls in place to prevent undesired actions. -rob.

[ Reply to This | # ]
OS X IS truly multi-user secure...
Authored by: MasterUltan on Nov 07, '02 01:44:17PM

Apple has a utility call Open Firmware Password Protect which allows you to block single-user mode and anything that accesses or alters Open Firmware at boot time. You can find it at their support site by searching for Open Firmware Password Protect.



[ Reply to This | # ]