Need help with guest accounts
in [Mac Systems]
|
Prev: iPad
Next: Credit card jam, was: Black Screen of Death
From: Daniel Cohen on 1 Feb 2010 10:08 Kathy Morgan <kmorgan(a)spamcop.net> wrote: > That's not a problem; there will only be three accounts on the machine: > the administrator account and the two guest accounts--I'm the > administrator and won't have a drop box. I think the default on any account is to have a drop box (inside the Public folder). However, I would be surprised if you could not remove it, or make it non-writable. -- <http://www.decohen.com> Send e-mail to the Reply-To address. Mail to the From address is never read.
From: John McWilliams on 1 Feb 2010 11:18 Kathy Morgan wrote: > nospam <nospam(a)nospam.invalid> wrote: > >> In article <1jd6ucg.10msab9b4cevzN%kmorgan(a)spamcop.net>, Kathy Morgan >> <kmorgan(a)spamcop.net> wrote: >> >>> Now we're right back where I started with this. The built-in guest >>> account is perfect for the adult users. What I really want is to be >>> able to duplicate it and restrict Internet access for a child guest >>> account. >> ok, that would need more than just the basic guest account. you could >> have a separate protected child account and manually reset things >> yourself every night or whatever is appropriate. > > Yes, if I'm not able to duplicate the Guest account and then further > restrict the duplicate for child use, that's probably what I'll > do--although if I can figure out a way to automate it that will be even > better. Why not reserve the Guest account for the kiddies, as it's wiped each time, and the Guest 2 account for the perverts, I mean, adults who may leave undesirable links in their history? -- John McWilliams
From: =?ISO-8859-1?Q?Kir=E1ly?= on 1 Feb 2010 14:27 John McWilliams <jpmcw(a)comcast.net> wrote: > Why not reserve the Guest account for the kiddies, as it's wiped each > time, and the Guest 2 account for the perverts, I mean, adults who may > leave undesirable links in their history? She wants the Guest account to have no internet access. I don't know if that's possible to configure for the built-in Guest account. Related topic: The OP mentioned that she doesn't want Guest users to be able to add items to shared areas. These commands will block the Guest account from adding items to /Users/Shared and to user foo's Drop Box: sudo chmod +a "guest deny add_file,add_subdirectory" /Users/Shared sudo chmod +a "guest deny add_file,add_subdirectory" ~foo/Public/Drop\ Box I think that other users' Drop Boxes, and /Users/Shared, are the only default places that the Guest user can write to outside of the Guest home folder. -- K. Lang may your lum reek.
From: Daniel Cohen on 2 Feb 2010 09:05 Kathy Morgan <kmorgan(a)spamcop.net> wrote: > > Yes, if I'm not able to duplicate the Guest account and then further > restrict the duplicate for child use, that's probably what I'll > do--although if I can figure out a way to automate it that will be even > better. I think I can work out the way to do what you want. I'm not knowledgable enough in Unix to write a script you could rely on, but these suggestions should give you an idea. Step 1. A shell script. use the find command to find all files in the new account's Home directory with modification date less than (say) 7 days ago but not in the user's Library. Pipe this as a list of items. Use a foreach command to apply rm to each item in the list. It would probably be a good idea to remove the browser history as well, so that a person did not inadvertently look at a previous person's links, which might be to inappropriate items. Step 2. The trouble with a shell script is that it leaves the Terminal open after the script has run. I think there is a way to deal with that by creating a .command file (from the Terminal). Another way is to wrap the shell script in an Applescript as do shell script scriptname.sh quit application "Terminal" and save this as an application. Step 3. Put the shell script and the Applescript application into the Applications folder. This will prevent the user deleting them. You could even make the filenames begin with a period so that they were invisible in normal use. Step 4. Add the Applescript application to the user's login items. Comments. I didn't want files in the Library to be removed as some preferences get a changed modification date at each login. So this approach would be fine for dealing with normal or stupid people. It isn't safe against a malicious person. I have some thought about that, but there would still be loopholes. -- <http://www.decohen.com> Send e-mail to the Reply-To address. Mail to the From address is never read.
From: Kathy Morgan on 2 Feb 2010 16:30
Kir�ly <me(a)home.spamsucks.ca> wrote: > John McWilliams <jpmcw(a)comcast.net> wrote: > > Why not reserve the Guest account for the kiddies, as it's wiped each > > time, and the Guest 2 account for the perverts, I mean, adults who may > > leave undesirable links in their history? > > She wants the Guest account to have no internet access. I don't know if > that's possible to configure for the built-in Guest account. What I really want is two Guest accounts, one of which doesn't have Internet access, but I'm beginning to think it's not possible to have two Guest accounts with regular SL. If that's the case, I can used a standard managed account for the child with no Internet access and the Guest account for adults. > Related topic: The OP mentioned that she doesn't want Guest users to be > able to add items to shared areas. These commands will block the Guest > account from adding items to /Users/Shared and to user foo's Drop Box: > > sudo chmod +a "guest deny add_file,add_subdirectory" /Users/Shared > sudo chmod +a "guest deny add_file,add_subdirectory" ~foo/Public/Drop\ > Box Thank you for that. I like it and plan to use it. -- Kathy |