Need help with guest accounts
in [Mac Systems]
|
Prev: iPad
Next: Credit card jam, was: Black Screen of Death
From: Kathy Morgan on 30 Jan 2010 19:08 I want to set up a Mac running Snow Leopard with two accounts that can use any installed applications and create documents but that lose all created documents once the account logs out. They should not be able to install any applications/executables. One of the accounts should not have access to the Internet. It looks to me like the default Guest account plus a second Guest account with additional restrictions would be perfect for my needs, but I can't figure out how to set up a second Guest account. When you set up a new account in the System Preferences, the option of creating another guest account doesn't exist. I tried going into the Finder and duplicating the Guest account there, but even after a restart it doesn't show up in the System Preferences. Is there perhaps some way to create the account from the Terminal? (I don't do Terminal, so I would need very detailed step-by-step, "type exactly this..." type instructions.) Background & explanation: I live in a very small town and our local library has one patron computer. It is an ancient Gateway PC with XP Pro and some special hardware and software controls to ensure that patrons cannot save *anything* to the hard drive. To install new software, an administrator must unlock the hard drive with a physical key and log in as an administrator. To make new software available to other users, the administrator has to remove software controls, add the program to the user profile, reinstall the controls, log out, and physically lock the hard drive again. This computer is about 8 years old and apparently some of the system updates in the past year or so have crippled the user profile controls. I'm no longer able to make any new software available to the patrons. We will soon be replacing the computer. I mostly don't do Windows and I'm not willing to learn how to protect a new Windows 7 computer from patrons, viruses and hackers. I'd much rather we replace the computer with a new Mac, but I need to be able to set up two accounts with permissions crippled such that nothing gets saved or retained when a user logs out. I'm using my own Mac to experiment on; I need to have a proven solution before I can persuade the library board to purchase a Mac rather than Windows. Any suggestions? -- Kathy
From: JF Mezei on 30 Jan 2010 19:44 Kathy Morgan wrote: > I want to set up a Mac running Snow Leopard with two accounts that can > use any installed applications and create documents but that lose all > created documents once the account logs out. I don't have a full answer for you. However, with OS-X server, the WorkGroup Manager lets you create accounts with specific restriuctions. (down to which applications are allowed or not) I assume the functionality would be there in the standard Mac, but you'd need to use plist editor or whatever to make those settings. There are also ways to use ACLs to prevent that user from accessing or modifying files. My gut would tell me that the cleanup should occur at login time. This way, after a power failure, it ensures the next user still gets a clean directory. However, at login time, some files may already be locked.
From: John McWilliams on 30 Jan 2010 19:47 Kathy Morgan wrote: > I want to set up a Mac running Snow Leopard with two accounts that can > use any installed applications and create documents but that lose all > created documents once the account logs out. They should not be able to > install any applications/executables. One of the accounts should not > have access to the Internet. > > It looks to me like the default Guest account plus a second Guest > account with additional restrictions would be perfect for my needs, but > I can't figure out how to set up a second Guest account. When you set > up a new account in the System Preferences, the option of creating > another guest account doesn't exist. I tried going into the Finder and > duplicating the Guest account there, but even after a restart it doesn't > show up in the System Preferences. Is there perhaps some way to create > the account from the Terminal? (I don't do Terminal, so I would need > very detailed step-by-step, "type exactly this..." type instructions.) > > Background & explanation: > > I live in a very small town and our local library has one patron > computer. It is an ancient Gateway PC with XP Pro and some special > hardware and software controls to ensure that patrons cannot save > *anything* to the hard drive. > > To install new software, an administrator must unlock the hard drive > with a physical key and log in as an administrator. To make new > software available to other users, the administrator has to remove > software controls, add the program to the user profile, reinstall the > controls, log out, and physically lock the hard drive again. This > computer is about 8 years old and apparently some of the system updates > in the past year or so have crippled the user profile controls. I'm no > longer able to make any new software available to the patrons. > > We will soon be replacing the computer. I mostly don't do Windows and > I'm not willing to learn how to protect a new Windows 7 computer from > patrons, viruses and hackers. I'd much rather we replace the computer > with a new Mac, but I need to be able to set up two accounts with > permissions crippled such that nothing gets saved or retained when a > user logs out. > > I'm using my own Mac to experiment on; I need to have a proven solution > before I can persuade the library board to purchase a Mac rather than > Windows. > > Any suggestions? Yes. Set up a second account, called Guest 2, obviously without administrative privileges. Then set permissions on the user account to read only. Although I don't see why it's so important that folks not be able to save anything. You can always wipe it every week or so; it's not likely they'll fill up the HD unless they're mischievous. -- john mcwilliams
From: JF Mezei on 30 Jan 2010 20:28 John McWilliams wrote: > read only. Although I don't see why it's so important that folks not be > able to save anything. You can always wipe it every week or so; it's not > likely they'll fill up the HD unless they're mischievous. In an "internet caf�" you really must zap a previous user's activities before you let the next one use the system. And in such a setting, you really must assume you will get mischievious users.
From: Kathy Morgan on 30 Jan 2010 23:49
JF Mezei <jfmezei.spamnot(a)vaxination.ca> wrote: > Kathy Morgan wrote: > > I want to set up a Mac running Snow Leopard with two accounts that can > > use any installed applications and create documents but that lose all > > created documents once the account logs out. > > I don't have a full answer for you. However, with OS-X server, the > WorkGroup Manager lets you create accounts with specific restriuctions. > (down to which applications are allowed or not) What are the differences between OS X Server and just OS X? I've never used or even seen Server. Does a computer with OS X Server pretty much look and feel like regular OS X but has extra functionality, or does it look and feel different? > I assume the functionality would be there in the standard Mac, but you'd > need to use plist editor or whatever to make those settings. > > There are also ways to use ACLs to prevent that user from accessing or > modifying files. What is an ACL? I've used a Mac for years and feel really comfortable on a Mac, but I've always been the sole user and never had to worry about permissions and access, so I'm really a novice at those aspects. -- Kathy |