As we talked about at the beginning of the chapter, Mac OS X is a true multiuser operating system. In Mac OS X, you have complete control over who can do what. Much of local system security is common sense coupled with a reasonable amount of watchfulness. Because implementing a local security policy is easier than maintaining network security, that's where we'll start. Let's take a look at a series of steps you can take to minimize the risks to your system. Create Only "Normal" UsersAs we discussed earlier, two types of user accounts can be created in the User Control panel: normal users and admin users. The only difference when setting up accounts is the presence of a check box that reads Allow User to Administer This Computer. Many systems that I've visited have had all the users set to be administrators. When asked why, the owners replied that they wanted everyone to be able to use the computer to its fullest. An understandable sentiment, but the implications of using this setting are enormous . A user who has this check box set can
Although it's unlikely that administrators could completely destroy the system (they aren't able to delete the System folder and files), they can make life difficult for others even if they don't mean to. To add or remove administrative access from an existing user, follow these steps:
If your computer has only a few accounts for people you know, this security precaution is probably the only one you need. However, if you want your system to be a bit more impenetrable, keep reading. Disable Hints and NamesIt's obvious that Apple wanted to create a system that would be friendly and accessible for any level of user. In doing so, it made it easier for uninvited users to try to log in by guessing your password. There are two options to consider if you plan to place your computer in a public area without strict monitoring:
Both of these risky features are disabled from the Login Preferences panel. To shut off both features, follow these steps:
|