Lax Security?

Snyper M

Living in a dorm at college provides many challenges the least of which isn't desktop security. Of course, OSX beckons to be tinkered with by everybody that sees it as I'm one of the few Mac users on campus. Now I have no problem with this however I don't want to have to create accounts for when I'm around and when i'm not around. If iI happen to leave my computer I don't mind if peopel use it to check their mail or play games or what not so a screensaver password isn't what need.

The problem i'm having is the $%#@* preferences panel among other things seems to unlock itself after a while so they can go in and make whatever changes they want. Is this a bug or am I doing something wrong? I don't mind having to type in the password to play with my prefs, It's a lot easier than making a dummy account that has no privelges at all. Which brings me to my next question...

What's the deal with my folders? Is there anyway to password protect them for access? I mean I turned the privelges to a dro pbox for some of my folders so I can still put stuff in but to open em up i need to login as root. This is a bit of a pain. Can I just lock a folder so I can open it with a password?

I'm open to all suggestions on how to secure my computer fomr not so much malicious hackers as much as poeple that are in awe of my Mac but don't know what they're doing.



There is a UNIX way to protect your folders. Go to the directory above the one you want to lock (like if you wanted to lock /Applications/Games you would type "cd /Applications" in the terminal). Once there, type in "chown [your username] [folder name]" (you may need to use sudo if it says operation not permitted). Once you "own" the folder, type in "chmod 700 [folder name]." This sets the permissions to rwx------- which means the owner can read, write, and execute anything in the folder, but nobody else can. If you are logged in under the account that owns that folder, you can still look in it, but if you are in a different account and try to look in there, it will deny you. Try logging in as a user without admin powers and then try to look in your home folder. You will see a bunch of folder icons with a big red circle and a line through it. Nobody but the owner can look into those folders.


I tend to agree with the two replies, but they don't seem to address the questions in the original post... let me see if I can sum up:
The original poster would like to allow other people access to the computer *without* having to log out and in all the time - only one user would ever be logged in, ever. Anyone can play with the account and - hopefully - the rightfull owner wouldn't need to worry about anything getting broken.
The point of having a "locked" folder would be to prevent a random person from getting into something their not supposed to see. The thing is, that concept originated on Macs and Windows machines in which there only ever was one "account" on the machine - one with full access (root, if you will). Single user mahinces needed a way to lock down things, and some solutions arose (and good ones, sometimes). The UNIX world never - to my knowledge - implimented anything like that. Why password protect a folder or file when you can just take away read permissions? Why worry about people changing your preferences when you know they can't write to the file?

The point I'm trying to make is that the Macintosh environment has undergone a *huge* paradim shift... and I don't mean Aqua. We now have a real multi-user OS (not like Win98!), that will allow us to *really* protect settings and files in a completely different and more robust way than before.

Or, to put it another way, you might want to get used to using different account, like the previous replies suggest, you might find its a really good way to do things. In fact, I've gone a step farther before (at least on the Linux boxes I've set up) where I create a number of account for myself (and then put them in the same group). That way, I can have the filesystem and OS protect me from myself *and* help me organize my work. (I had a general account, one for installing software, on for programming and one for "work" related stuff... I haven't set this up on OS X because I decided logging in and out would be annoying, but I might still do it and use su to switch accounts.)
Give it a try, if nothing else, the fact that I can be almost *certain* they can't screw anything up, even if they try, it most reasuring. AND, it take the burden off of me (a little) of trying to figure out everything that I need to lock down.