Macintosh Security for MacOS X

With the advent of MacOS X, Macintosh owners are learning new skills. We hope to give a little helpful advice here so that the learning is as pleasant as possible. This document will be updated as new information concerning security comes to light.

Networks

Disable the internal modem if you're going to connect on a local LAN.

If it's necessary to use the modem, make sure that it has a default IP, such as using the same one as the IP on the builtin ethernet. Otherwise, the modem may show up as 0.0.0.0 on the local LAN.

Appletalk is disabled by default under MacOS X. If you enable it, and then decide to disable it again, you must restart your computer for that to take effect. While it enables cleanly, appletalk communications do not stop after disabling until the computer is restarted.

The Root Account

You should never have to activate the root account. All system configuration can be done with a local administration account and using sudo.

If you are using MacOS X Server, note that the root account is enabled by default. Still, use sudo, not root, and only when necessary.

The root password is the same as the initial user created upon install.

Never edit any files in the /etc directory. Use the administration tools provided in the System Preferences menus. It should never be necessary to change the files that come standard with your system. Most of these files are for information only, and the system information is actually contained in a database on your system. Changing these files can cause undetermined behavior.

The Admin Account(s)

The Admin account is an account with high privileges. You must use an Admin account to gain access to sudo. The first Admin account created on your machine creates a special relationship with the root account. Be sure that you note the password you use when you create this account, as that password is the one that will be given to root.

The Admin account should probably not be named Admin. We recommend that you use a personal choice here. There are obvious reasons not to use root or other reserved Unix accounts, but it should also not be the account you use to do your common day-to-day work. Discussion below.

The Admin account on your Macintosh contains many elevated privileges. By creating a separate, non-privileged account for your daily use, you prevent the accidental loss of data and efforts. You also reduce the security risk due to a password compromise or trojaned application. The Admin account already protects somewhat from certain risks since it does not have all root privileges, but it has very easy access to those privileges. Once you become accustomed to sudo, you will find it easy to issue a sudo command, forget that sudo is still enabled, and issue another command that you will come to regret. For example, sudo rm *, in the wrong directory, can have very bad results. If you have to log in as the Admin account to do administrative tasks, you will be more likely to be cautious and careful.

The sudo package is designed to let privileged administrators run one or more designated commands with elevated privileges (such as those of root), without requiring a login to the privileged account. Your Macintosh comes with the sudo package, and all users that have Admin rights have equivalent sudo rights. Admin users, by default, can do anything that root can do, but without ever logging in as root. While you are an Admin user, type the following:

sudo -l

This will allow you to see what commands you can execute as root. You should see:

We trust you have received the usual lecture from the local System
Administrator. It usually boils down to these two things:

        #1) Respect the privacy of others.
        #2) Think before you type.

Password:

You may run the following commands on this host:
    (ALL) ALL
    

This means that you can run any command, as root, just with using your password. Please note that when it asks for a password, it means the password on your account. Each Admin account on your machine has a separate password (or should), and this password is what that account user should type when using sudo.

In general, the form for using sudo is: sudo command, where command is one that requires elevated or root privileges. For example, if you wanted to create a new directory at the root level (the "/" directory), you would type: sudo mkdir /mydir, which would create that directory, after first asking for your password. By convention, sudo privileges remain turned on for a preset time, usually five minutes, so that you won't need to keep retyping your password if you are doing a lot of things as sudo. Just remember to be careful.

For further information, use man sudo.

For suggestions on additions, email gurneyh at digitaltrash.org, or me (see below).