Submit Hint Search The Forums LinksStatsPollsHeadlinesRSS
14,000 hints and counting!


Click here to return to the '10.4: A fix for users disappearing from the login window' hint
The following comments are owned by whoever posted them. This site is not responsible for what they say.
10.4: A fix for users disappearing from the login window
Authored by: magnamous on Jul 29, '05 06:42:40PM
The problem with this solution is that there could be other terminal applications installed (X windows xterm for instance) and there are even widgets which can access the shell. On the other hand, if people can login to a desktop, there is nothing which can prevent them from running any executable for which they have permissions, even if there is no shell. And remember, there were shells for Macintosh OS 9 including macperl and MacX which would not use the *NIX account preferences in Net Info.
The possibility of other terminal programs is one of the reasons I liked the way I did it. Are you saying that if I were to install a widget that accesses the shell or another terminal-capable program (like PathFinder), it'd just use whatever shell it wants, regardless of what I've set the shell to in NetInfo? If that's the case, do you know any method of globally disallowing shell access for a particular user (by that I mean the sort of one-step method I tried with /usr/bin/false, which was intended to completely cut off the user's access to the shell environment)?

I liked your bicycle analogy, by the way, but I'm not doing anything mission-critical. The machine I'm using is an old Pismo PowerBook - I just want to secure it enough to make it un-worthwhile for the casual mischief-maker. I have a hardware firewall, a router, I use OS X's software firewall, I have ssh turned off, etc. From what I've been led to understand, if a determined hacker has physical access to the machine, it's almost impossible to completely secure the machine and prevent him from getting whatever it is he wants. I'm just trying not to make it easy.

[ Reply to This | # ]

10.4: A fix for users disappearing from the login window
Authored by: vonleigh on Jul 30, '05 02:25:38AM

Personally I think you're playing with fire. If you have everything in System Preferences > Sharing turned off, changing the shell of those accounts is not really making you any safer. If you want more security, put more interesting (longer, alpha-numeric, upper-lower case, symbol) passwords on those accounts.

-v



[ Reply to This | # ]