Submit Hint Search The Forums LinksStatsPollsHeadlinesRSS
14,000 hints and counting!


Click here to return to the 'But it's supposed to be multiuser!' hint
The following comments are owned by whoever posted them. This site is not responsible for what they say.
But it's supposed to be multiuser!
Authored by: derrickbass on Jun 05, '04 03:21:30PM
The company I work for explicitly discourages anyone from using Fast User Switching on their desktop for exactly these reasons, and while I don't mind having it turned on at home where it's just me, my wife, and the cat, I agree that it's a good policy to forbid it at work.
That's really amusing to me, considering the origins of UNIX (of which OS X is a descendent). I mean, the whole idea was to try and provide a secure environment where multiple people could work on the same machine without interfering with each other. In fact, it wasn't until about 10 years ago that were a substantial number of companies that could afford to implement such a policy as you describe for their UNIX machines! Until then, there was a mainframe or workstation serving many (sometimes hundreds or even thousands) of users who had dumb terminals. Cheap UNIX boxes are pretty new inventions.

Anyway, you are correct that there are a few covert channels through which to snoop on other users. In addition, local privilege escalation security vulnerabilities sometimes pop up. But really, as long as you only let truly trusted (and careful) users have administrator privileges, I think the sorts of additional threats presented by having multiple users on the same machine are pretty minimal. (You should make sure the default UMASK is set so that new folders & files are not readable by others.)

[ Reply to This | # ]

But it's supposed to be multiuser!
Authored by: osxpounder on Jun 09, '04 02:33:12PM

You wrote, " (You should make sure the default UMASK is set so that new folders & files are not readable by others.)". I'm too much a *nix newbie to know how to do that, or what side effects that might produce. Would anyone please explain how to do it, and offer any warnings or advice about it?

---
--
osxpounder



[ Reply to This | # ]