Manualshelf

Setup guide

ManualsBrandsApple ManualsComputer equipmentMac OS X Panther
61626364656667686970
UNCLASSIFIED
UNCLASSIFIED
49
Chapter 4-
Configuring System Settings
9. Click the lock icon in the lower left corner of the NetInfo Manager window to
re-lock the window.
10. When the Confirm Modification dialog box appears, select Update this
copy.
11. Quit the NetInfo Manager application. Root login is now disabled.
Using sudo
The sudo program allows an administrator to perform command line functions that
require root privileges. To use sudo, bring up a Terminal window and type sudo
followed by the command to be performed with root privileges. For more detailed
information on sudo, enter man sudo in a Terminal window to display its manual
pages.
The system uses a file called /etc/sudoers to determine which users have the
authority to use the sudo program. This file initially contains the root account and
all administrative accounts. The format for entries to this file can be found by
entering man sudoers in a Terminal window; editing this file correctly can be a
complex process.
All administrative functions can be performed from an administrator account, using
sudo when necessary. None of the administrative functions performed through the
graphical interface require root privileges, but some command-line administrative
procedures must be performed as root.
Securing Single-User Boot
On Apple systems running Mac OS X, Open Firmware is the software executed
immediately after the computer is powered on. This boot firmware is analogous to
the BIOS on an x86-based PC. To prevent users from obtaining root access by
booting into single user mode or booting from alternate disks, the Open Firmware
settings should be altered. For desktop systems, the Open Firmware security mode
should be set to command. To configure the Open Firmware settings:
1. Boot the machine while holding command-option-O-F (all four keys at the
same time) to enter the Open Firmware command prompt.
2. At the prompt, enter the command:
password
A prompt will appear requesting a new password.
3. Enter and verify the password to be used as the Open Firmware password.
This password is limited to eight characters. A strong password should be
chosen; in this instance, a machine-generated random password would be a
good choice. This password should be written down, and secured in the same
location as the Master FileVault password. This password will not be needed
except for situations where the system must be booted from an alternate disk,
such as if the boot disk fails or its filesystem is in need of repair.