prevent users from opening .dmg files?

Discussion in 'macOS' started by jakeopolis, Feb 10, 2009.

  1. jakeopolis macrumors member

    Oct 27, 2007
    hi all,

    i'm the admin of a mac lab at my university. users use one specific user account - is there a way to prevent this user from opening .dmg files? people can run apps right from a mounted dmg and i've caught a couple of people trying to download torrents here. though they don't have permission to move an app into the applications folder, they can simply run it off the desktop.

  2. jakeopolis thread starter macrumors member

    Oct 27, 2007
    they're downloading them off the internet though, i can't password them before they exist... for example, someone will come in, download transmission, and then just mount the dmg and run the app from there. i need to stop them from being able to mount dmg files at all.
  3. Mal macrumors 603


    Jan 6, 2002
    I don't know of any way to do that, but you could deny access to Disk Utility and DiskImageMounter (System -> Library -> CoreServices) so that they can't open them at all. That's done via Parental Controls, btw.

  4. ChrisA macrumors G4

    Jan 5, 2006
    Redondo Beach, California
    Where do DMG files get mounted to? Some directory I assume. I'm not at a Mac now, so I can't look. But if that directory did not have write access the user could not mount disks.

    But even then you have not stopped users from runnig any program they want. They could simply bring in the .app bundle, not on a DMG and run the app.

    What you are going to have to do is block the torrent sites. Likely with rules you program into your routers.

    No matter what youdo to the Mac, I could get around it by bringing in a bootable CD and running Linux or BSD on the Mac. Your only workable option is to ban the "bad" IP address with some firewall rules in the router
  5. PlaceofDis macrumors Core

    Jan 6, 2004
    i think disk utility and disk image mounter are what you would be after i do have one other possible suggestion.

    why not install the app in the applications folder - but deny its use via Parental Controls. this prevents them from bringing it in via other sources and prevents any instance of the app from running if i am correct. just a thought that might make things simpler.
  6. jakeopolis thread starter macrumors member

    Oct 27, 2007
    that's a really good suggestion.

    denying access to disk util and image mounter is probably the way to go, i'll give that a shot.

    thanks for the suggestions guys!

Share This Page