We know that not all users have knowledge and interest in technical matters, and that was the whole point of Steve Jobs: to facilitate the day-to-day life of people making complex technologies become functional and simple to use. Apple products skillfully implement solutions that increase the level of system security and therefore the user's safety. However, there are security issues that directly involve the handling of the tool, and these good practices are presented in this article series.
Layers of security minimizes the risk of system vulnerability, whether generated by external attack or lack of knowledge in handling the tool. The Apple development team works to minimize these problems, however, for cultural reasons and by different levels of users and needs, Apple does not completely restrict the permissions of the administrator user of OS X, although in my opinion many times this attitude may be the best solution - depending on the scenario.
A good example is the restrictions on iOS, which, being a consumer equipment with a focus on day-to-day owner, there are restrictions on access and management tool, making it a secure and free of malware (except in cases where the user chooses to jailbreak ). Nobody wants to have difficulties in his cell at the time of an emergency, or be surprised to see that your list of contacts leaked device.
In OS X, restrictions are controlled by the level of privilege that a user has on an object (file or directory). Each system user has a folder called Home , where they are stored files and information (profile) related to the user who owns the folder. The default path for storing folders of users is / Users . The ~ (tilde) represents the full path of the folder Home user logged in at the moment, let's assume my user name is John and I am logged in, ~ then represent the path/ Users / john / .
By default the root folder of the Home has read permission for all of the system (and all other groups). This permission exists for some sub-directories can perform their functions:
~ / Public - Used to share files between local users and network share (group and everyone: read-only);
~ / Public / Drop Box - Used to receive files posted by users and local network share (group and all: write-only);
~ / Sites - Used to store files that are published through the Web Sharing, Lion in this directory will be created to enable the service.
Other folders - such as ~ / Documents , ~ / Library , ~ / Desktop , etc. - are restricted to the owner of the folder Home up to him and grant access to others.
The problem occurs when some users, for lack of knowledge, save files, whether confidential or not, the root folder of your Home . And how does it by default has read permission, all local users of the system can view and copy the files previously unprotected.
We know that all users created in the system participate in a group called "staff" and that the services ( daemons ) File Sharing and Web Sharing are not within this group.
Thus, if you do not want to use the functionality of the directory ~ / Public and~ / Public / Drop Box for local users (an alternative would be the directory / Users / Shared), it is recommended to remove the privileges of the group "staff" . And if you do not use the Service and File Sharing Web Sharing, it is recommended to remove the privileges of all other (everyone ).
In Terminal type:
A
chmod g-rx ~
... To remove the permissions of the group staff .
A
chmod o-rx ~
... To remove all other permissions.
A
chmod go + rx ~
If you want to return ... with default permissions.
· · ·
Well folks, remember: Never save files in the root folder of the Home .
0 comments:
Post a Comment