Different password for the hosts file?

Discussion in 'Mac Apps and Mac App Store' started by dotcomlarry, Mar 4, 2005.

  1. dotcomlarry macrumors regular

    Joined:
    Jul 16, 2002
    Location:
    Akron, PA
    #1
    Hi all... I'm trying to block some domains from being accessed on my laptop that don't need to be.... only problem is, certain people can edit the /etc/hosts file just fine by punching in the password.... Is there a way to assign it a different password just for that file? I don't want to create new users (in fact, it's not an option... don't ask) or change my existing password (it's used by others). Any way to do this? Ideally i would only assign a new password to JUST the hosts file, but I'm not sure if this is possible (not much of a *nix geek).

    Thanks for any help in advance
     
  2. yellow Moderator emeritus

    yellow

    Joined:
    Oct 21, 2003
    Location:
    Portland, OR
    #2
    No, you cannot do this.

    My suggestion.. create a new account that is NOT an admin account for the others that are using your PB. Since they are not part of the admin group, they are not in /etc/sudoers and cannot edit /etc/hosts.
     
  3. dotcomlarry thread starter macrumors regular

    Joined:
    Jul 16, 2002
    Location:
    Akron, PA
    #3
    from looking at some of the documentation of the sudoers file, it would *seem* as tho i could edit the %admin group (which includes my account) to be able to do everything *but* edit the /etc/hosts file... that way they couldn't sudo the hosts file. Or.. am I wrong?
     
  4. yellow Moderator emeritus

    yellow

    Joined:
    Oct 21, 2003
    Location:
    Portland, OR
    #4
    Have you looked at the sudoers man page? It's not easy to configure..

    And you'd have to create another account to edit /etc/hosts, or edit /etc/sudoers to allow you to do it, which these people you're trying to 'secure' can also do..

    Plus, I believe /etc/sudoers is only checked in the CLI, if someone tries to edit the file from inside the GUI from an admin account, they shouldn't be stopped.

    I still think creating a non-admin account for them would be the best (easiest) solution.
     

Share This Page