Permissions/Allow users to access only certain apps?

Discussion in 'Mac Help/Tips' started by cleo, Sep 1, 2002.

  1. cleo macrumors 65816

    cleo

    Joined:
    Jan 21, 2002
    Location:
    Tampa Bay Area, FL, USA
    #1
    Here's the situation: my brother has been caught one too many times looking at porn (of a rather unpleasant variety) and now trading nude pics, etc. He's only 16, so my parents are understandably concerned. They want to disconnect him from the internet altogether, but he insists he needs access to download music (for doing dj stuff).

    Would it be possible to create a user for him on the family iMac and somehow restricts his permissions so that he can use Limewire (or whatever it is people use nowadays) but not IE, etc? Or is there another solution? Please help... this is quite stressful on the family. :(
     
  2. evildead macrumors 65816

    evildead

    Joined:
    Jun 18, 2001
    Location:
    WestCost, USA
    #2
    yes

    Do you have OS 10.2? I dont remember if you can do it in 10.1 or not. Log in as an admin user and go to the system prefrences. Click on Accounts. You can create a new user for him if he doesnt have one. Then pick that account and click on the capabilities button. There is a check box that says "use only these applications" check that and then you can go in and pick out only the apps that he can use. You may want to log in with his account first and get everything the way you want it... things like the DOC and then restrict him onces its all set up. You can restrict as much as you want. Probably the more the better. Dont let him have the abillity to chage his own password. As an admin you can do it... or as root you can log in and get access to all of his files.

    I was going to tell you how to do it with the terminal and some UNIX commands... but this is much easyer.


    Also... beware about what file Sharring apps he uses... many of them are not just for MP3's They host prono as well... and some of it is the really nasty kind. I stopped using HotLine a few years ago becuase there was more porn than good files.

    you may also want to mess with the permissions so everything but his home diectory, read only to his user account. that way he can only save files to one place it will be easy for you to search his files for things that he shouldnt have. How much UNIX does he know. There are ways for him to hid files from veiw... but I'm guessing that is not the case. Not too many 16 year olds are UNIX heads.


    -evildead
     
  3. Mr. Anderson Moderator emeritus

    Mr. Anderson

    Joined:
    Nov 1, 2001
    Location:
    VA
    #3
    Re: yes

    hidden files are easy to find if you're an admin - but never under estimate the ability of a 16 year old to come up with creative solutions - does the machine have a cd burner or zip drive? He could store stuff there too?

    And is he a member of macrumors? That could get weird....

    D
     
  4. evildead macrumors 65816

    evildead

    Joined:
    Jun 18, 2001
    Location:
    WestCost, USA
    #4
    CD-R

    You can even bolck his abaaility to burn CD's ... with Toast... or the Apple built in one....


    The zip drive is another problem. You can give all the zips in the house password.. but he could just go out and get more.

    I know when I was 16....no amount of Parental contole would has stopped me from doing anything I wanted.... but I am geek... There a lots of UNIX tools you can use to monitor the system very colosely... but its just porn... not goverment wepon blue prints.

    its a matter of how much time you want to spend on Administration and how much he knows how to elude administration.

    -evildead
     
  5. cleo thread starter macrumors 65816

    cleo

    Joined:
    Jan 21, 2002
    Location:
    Tampa Bay Area, FL, USA
    #5
    No, he's not a Mac person at all, and as I type he's pitching a fit about having to use the Mac instead of his PC, so it might not even happen. This is frickin' ridiculous. He's such an idiot, my mom even found email he sent giving out our home phone number to some guy who supposedly runs a modeling agency... ugh. I can't believe he could be so stupid. I'm personally in favor of completely cutting him off from the net and making him buy cd's instead of downloading stuff... this is creepy. Updates later.

    And thanks for the help. If we wind up putting him on the Mac, your tips will be *very* useful.
     
  6. bombensington macrumors regular

    Joined:
    Aug 24, 2002
    #6
    Re: Permissions/Allow users to access only certain apps?

    i guess you would know best about the situation and what kind of stuff he is into, but seriously, you can get so much porn from limewire, etc.

    even better, its free. and there is some really nasty stuff there. really nasty.

    i must agree with dukestreet (even though im not a guy) - if he wants it bad enough, he will figure something out. he could probably just go to the library - not a lot of them censor stuff there.
     
  7. rainman::|:| macrumors 603

    rainman::|:|

    Joined:
    Feb 2, 2002
    Location:
    iowa
    #7
    This (kinda) brings up a question i had myself-- can one change the ownership of a program (on the fly, perhaps) so that it's owned by Root and can't be quit by the normal user? does that make any sense?

    good luck on the brother thing... i agree, he'll find a way around you, but ah well...

    ;)
    pnw
     
  8. mc68k macrumors 68000

    mc68k

    Joined:
    Apr 16, 2002
    #8
    I know there are processes that start up w/the system before login. These are probably automated somehow. These cannot be quit by the normal user.

    At the GUI level, after login, to open an app in that account, the account holder has to have read and execution privledges for the Application to ever get launched. And if they can luanch it, then they can quit it.

    So basically if you:
    Code:
    sudo chown -Rf root:nobody /Applications/App.app
    sudo chmod 770 -Rf /Applications/App.app
    Neither root nor the account holder can launch the app within the account. So basically it's either you can launch a GUI app, or you can't. There's no in-between.

    The root level processes that can't be quit are account independent and non-GUI in nature.
     
  9. dricci macrumors 6502a

    Joined:
    Dec 15, 2001
    #9
    There's only one solution that'll work in the long run, and it doesn't involve the terminal: Parental supervision and involvment. The best way to go about that can only be figured out within the family.
     

Share This Page