|
|
But it's supposed to be multiuser!
The company I work for explicitly discourages anyone from using Fast User Switching on their desktop for exactly these reasons, and while I don't mind having it turned on at home where it's just me, my wife, and the cat, I agree that it's a good policy to forbid it at work.That's really amusing to me, considering the origins of UNIX (of which OS X is a descendent). I mean, the whole idea was to try and provide a secure environment where multiple people could work on the same machine without interfering with each other. In fact, it wasn't until about 10 years ago that were a substantial number of companies that could afford to implement such a policy as you describe for their UNIX machines! Until then, there was a mainframe or workstation serving many (sometimes hundreds or even thousands) of users who had dumb terminals. Cheap UNIX boxes are pretty new inventions. Anyway, you are correct that there are a few covert channels through which to snoop on other users. In addition, local privilege escalation security vulnerabilities sometimes pop up. But really, as long as you only let truly trusted (and careful) users have administrator privileges, I think the sorts of additional threats presented by having multiple users on the same machine are pretty minimal. (You should make sure the default UMASK is set so that new folders & files are not readable by others.)
But it's supposed to be multiuser!
You wrote, " (You should make sure the default UMASK is set so that new folders & files are not readable by others.)". I'm too much a *nix newbie to know how to do that, or what side effects that might produce. Would anyone please explain how to do it, and offer any warnings or advice about it? |
SearchFrom our Sponsor...Latest Mountain Lion HintsWhat's New:HintsNo new hintsComments last 2 daysNo new commentsLinks last 2 weeksNo recent new linksWhat's New in the Forums?
Hints by TopicNews from Macworld
From Our Sponsors |
|
Copyright © 2014 IDG Consumer & SMB (Privacy Policy) Contact Us All trademarks and copyrights on this page are owned by their respective owners. |
Visit other IDG sites: |
|
|
|
Created this page in 0.09 seconds |
|