« Bibi’s says so    |    Douglas Coupland jPod »

Mac Security

Bought a Tripod today, Scott Kelby told me not to get a cheap one, but this was only 50 quid, yet it’s the brand he recommends. So is that good or bad? It’s pretty damn fine actually, it’s light and has a ball head. The legs and that seem stable enough but the the quick-release socket where the camera goes has a tiny tiny amount of give and I’m wondering if it’s enough movement to shake when the shutter goes. Dunno.

I was listening to a mac podcast the other day and they brought up a subject I hadn’t given much thought to. It’s all about security, a boring subject, especially where the mac is concerned because it’s almost a non-issue but there are some surprises.

The Mac has 3 user levels where security is concerned and they are almost impossible to compare to the 2 windows provides so I won’t even bother. The do anything security level is “root” which anyone familiar with unix will know about, if you are logged in as root you can cause huge huge damage such as reformat the hard drive.

Next is admin who can modify most desktop level things without hassle, but can even do root level stuff by giving an application permission to escalate the user level. An admin only needs to give their own password to do this.

The least privileged user is “standard” who can access their own files and that’s about it. But, they can provide an application with admin access by providing the application with an admin’s username and password.

With a fresh installation of Mac OS X, after you have given the welcome sequence a username and password to use the machine with you will be logged in as “admin”, this is the default user-level and all would seem well because the OS hasn’t given you any rhyme or reason to change things. Well, this podcast mentioned that this is really dumb, in fact there is even a flaw with the package installers, they can, if they wanted escalate your user-level to root without even prompting. I’m actually quite shocked at this, if you use your mac day-to-day as a standard user you will have no such risk, it is impossible for an app to escalate to root without you giving it an admin’s login details.

I’ve dropped my account to Standard and I haven’t had any problems or naggles at all so I recommend everyone to do this. The only hassle is that when you do something like drag an app from a DMG to the Applications folder you will need to provide the admin account details. Ack, it’s not bad though, I can live with that quite easily. Also, when you are a standard user threes a gotchya with the terminal you should know about. Standard users don’t have access to sudo, so when you read a tip that says things like do “sudo defaults penis.plist erect = 1″ you will need first to poop “su admin” where admin is the name of the admin account.

This entry was posted on Tuesday, September 26th, 2006 at 8:39 pm and is filed under Technology. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.

Leave a Reply

*
To prove you're a person (not a spam script), type the security word shown in the picture. Click on the picture to hear an audio file of the word.
Click to hear an audio file of the anti-spam word

www.flickr.com
This is a Flickr badge showing public photos from the Basset Griffon Vendéen group pool. Make your own badge here.



Creative Commons License

Hello you!

Email & IM: MRKisThatKid@gmail.com