Submit Hint Search The Forums LinksStatsPollsHeadlinesRSS
14,000 hints and counting!


Click here to return to the 'Does this mean every non-admin user...' hint
The following comments are owned by whoever posted them. This site is not responsible for what they say.
Does this mean every non-admin user...
Authored by: hamarkus on May 27, '04 10:37:56AM

Does this mean every non-admin user can give himself sudo status via booting into single user mode?



[ Reply to This | # ]
Does this mean every non-admin user...
Authored by: Cap'n Hector on May 27, '04 10:43:53AM

Yes, it does.



[ Reply to This | # ]
Does this mean every non-admin user...
Authored by: corvus on May 27, '04 11:00:26AM

Of course. You can prevent them from booting into single user mode if you set an open firmware password...

Then they'll just need to open your mac, put your boot disk in another machine, boot to single user mode, do the thing, and put your disk back. :-)

Open Firmware Security info

[ Reply to This | # ]

Cool!!!
Authored by: hamarkus on May 27, '04 02:43:25PM

Sorry, I could not resist.



[ Reply to This | # ]
Does this mean every non-admin user...
Authored by: stetner on May 31, '04 08:42:40AM

Not setting the open firmware password allows ANYONE to become root through a single user startup.

Even with the OF password set, admin users can still do something like edit /etc/rc and gain root access.

In reality, in terms of gaining root access, admin=root on Mac OS X



[ Reply to This | # ]
Does this mean every non-admin user...
Authored by: laardvark on May 27, '04 04:15:57PM

yes and you can also easily enable root during single user mode.

In single user mode, you're already running as root. Just do passwd, and you'll set a password for root and it'll be enabled.

I fixed a sudoers file this way. I enabled root, rebooted, and logged in as root. Then I edited the netinfo settings using NetInfo Manager. For some reason the box had totally lost the admin group!

To make things simple, I added myself specifically to the sudoers file on the box (in case it happened again).

I've written my own "adduser" in python. I haven't gone back and looked at it in awhile, the only thing I was having a problem with was it setting the password for the new user. The password setting code works...just not when it's run right after creating the user.

Pretty sure I didn't do anything about admin users in the script though. I should release it, as it does some things that other online scripts didn't do (like create the http.conf user entries).




[ Reply to This | # ]