PDA

View Full Version : Editing boot.rc




reddesk
Aug 6, 2013, 04:35 PM
Hello I was recently hired to block single user mode on some teenagers computer as he was removing the parental controls on it. My method of doing this is just inserting a reboot command in boot.rc so when the computer boots into single user mode it just restarts. However I cannot access boot.rc I have tried root user. HELP! Thanks



ElectricSheep
Aug 7, 2013, 02:23 PM
There is no boot.rc or rc.boot script in MacOS X 10.8. Instead, the duties of this script (and the init process from other *nix platforms) has been rolled into launchd.

You may be able to create an /etc/security/rc.audit script and leverage that, but I would suggest an alternative approach: setting an EFI password. This will restrict access to changing the startup mode (single-user, verbose, net-boot) or startup volume unless a correct password is entered.

Mr Rabbit
Aug 7, 2013, 03:15 PM
setting an EFI password. This will restrict access to changing the startup mode (single-user, verbose, net-boot) or startup volume unless a correct password is entered.

I second this approach. The EFI password CAN be bypassed, on older machines you could do some minor things at a hardware level but on newer Macs (mid-2011 and up?) it requires communication with Apple to disable/reset the EFI password. Typically it's "good enough" security to keep teenagers at bay. You can enable this by rebooting into the recovery partition (hold option while powering on, choose recovery) and setting it using the Utilities > Firmware password menu option.