Submit Hint Search The Forums LinksStatsPollsHeadlinesRSS
14,000 hints and counting!

Click here to return to the 'My objective with macosxhints is...' hint
The following comments are owned by whoever posted them. This site is not responsible for what they say.
My objective with macosxhints is...
Authored by: robg on Nov 11, '02 12:42:52PM

... to publish information about OS X. I don't view my job as trying to decide whether a hint is stupid or smart (I'm too stupid about too many things to make judgements on such things), although I will occasionally comment with my opinion on a given hint.

What I do try to do is to determine which hints others might find interesting and publish them. In addition, I try to verify that every hint published here will, in fact, work as described. Finally, I try not to publish things which are blatantly illegal. So if a hint is interesting, looks like it should work, and its not illegal, then it gets published.

I'll leave the judgement decisions on stupid vs. smart up to the general readership here; I can only imagine failing miserably if I were to try to judge the 'stupidity level' of every submitted hint in addition to trying to decide if it looked interesting or not. But that's what the comment system is for, and I'm glad to see people using it as intended!

And finally, regarding this particular hint, if you actually do this to your system and want to undo it, it's incredibly trivial -- reboot the machine as normal, login, edit the file, remove the reboot code, and then boot into single user mode! This hack hardly makes single user mode inaccessible forever. I'd actually be much more afraid of forgetting my open firmware password than I would be of forgetting how to edit a file, but maybe that's just me.


[ Reply to This | # ]
My objective with macosxhints is...
Authored by: rand on Nov 11, '02 01:53:36PM

open firmware password is not all it's cracked up to be either rob. 10 seconds (at most) is all it takes to fix it so that the machine will boot without requiring you to put the pass in.

i think the moral of this story is : the best security is keeping your powerbook with you, or having your machine in a safe place. even stopping the mac from being booted into single user mode, if someone is in front of the computer, a system cd (9 or X) is all it takes to get into your machine (even with with OF password in place).

[ Reply to This | # ]
To rand...
Authored by: thatch on Nov 11, '02 02:29:55PM

To the first part of your message, yes, but you must have the password to do what you suggest.

To the second part of your message, no, wrong, you cannot boot an open firmware password protected computer with any CD unless you have the password.

[ Reply to This | # ]
To rand...
Authored by: rand on Nov 13, '02 05:02:41PM

thatch, nope, you can disable the password, so that when you boot the machine it does _not_ ask for it anymore. after this you can boot from whatever you wish to boot from (as long as it boots the machine of course:)

i'm not sure if this information is available to non apple (employees/etc) so that was why i didn't post it, but search on apples TIL/KBase and it will tell you how to. if not then it is 'restricted' info. that is where i read about how it is done.

[ Reply to This | # ]
My objective with macosxhints is...
Authored by: aaronfaby on Nov 11, '02 04:11:40PM

Hello Rob,

I certainly understand your point of view, and I respect it. And, I am certainly grateful for the service you provide. However, I'm sure there are many OS X users out there who may try to implement this without fully understanding the ramifications.

There are many cases where this is bad. You are right, you can change this if you boot normally and edit the file. But what if the system won't boot normally? This can be caused by many things. A damaged filesystem, or possibly even a bad startup script (this has happened to me many times). In these situations it is not possible to boot into multi-user mode, and if the user has disabled single-user mode then they can't boot into that either. They could boot into a Mac OS CD, but what if they don't have one handy?

As a long time unix user and system administrator, I cannot think of one single reason why this should be done. However, I can think of many reasons why it shouldn't.


[ Reply to This | # ]
My objective with macosxhints is...
Authored by: babbage on Nov 12, '02 02:12:01AM

Saying that crippling single user mode is an easy change to reverse is like telling someone that it's no big deal to put a first aid kit in your parachute pack, because if you decide later that you'd rather have the parachute in there it's easy enough to repack it.

That is, by the time you're in a situation where you'd care, it's too late.

At first glance, this does look like an interesting suggestion, but the other posters are right: this suggestion is paranoid to a fault, and so only suitable for certain kinds of highly locked down environments where you absolutely cannot have anyone messing with your computer and would rather lose everything on it than let someone break in.

If you're the sort of person that would burn down your own home before allowing a burglar to steal anything in it, then this hint is for you. If you're willing to cut your losses & collect on the insurance instead [or as the case may be, you've backed everything up and can clean up as necessary], then this hint is going to do *way* more harm than good for a lot of people.

Please make that risk clear, Rob.

[ Reply to This | # ]