L9 administration on OS X

classic Classic list List threaded Threaded
10 messages Options
Reply | Threaded
Open this post in threaded view
|

L9 administration on OS X

Jussi Hirvi-2
I just dropped a file to LassoStartup. It was not easy, because the user
perms are tight:

$ pwd
/Library/Application Support/LassoSoft/Lasso Instance Manager/instances

$ ls -l
drwx------  11 _lasso  _lasso  374 14 Lok 19:33 default

$ sudo ls -l default/
Password:
drwxr-xr-x   2 _lasso  _lasso    68 12 Lok 16:19 JDBCDrivers
-rw-r--r--   1 _lasso  _lasso   247 14 Lok 19:33 JDBCLog.txt
drwxr-xr-x   2 _lasso  _lasso    68 12 Lok 16:19 JavaLibraries
drwxr-xr-x   3 _lasso  _lasso   102 12 Lok 16:19 LassoApps
drwxr-xr-x   2 _lasso  _lasso    68 12 Lok 16:19 LassoModules
dr-x------   3 _lasso  _lasso   102 14 Lok 19:32 LassoStartup
drwx------  11 _lasso  _lasso   374 14 Lok 19:36 SQLiteDBs
-rw-r-----   1 _lasso  _lasso  1015 14 Lok 19:33 lasso.out.txt
srwxrwxrwx   1 _lasso  _lasso     0 14 Lok 19:33 lasso.proxy.sock

I could not cd to LassoStartup even with sudo. I only could ls (with
sudo), put the path together that way, and then mv the file there. Is
there a better way? This may be OS X:s limitation, as it is to my
knowledge not possible to be root.

- Jussi
#############################################################
This message is sent to you because you are subscribed to
  the mailing list Lasso
[hidden email]
To unsubscribe, E-mail to: <[hidden email]>
Send administrative queries to  <[hidden email]>
Reply | Threaded
Open this post in threaded view
|

Re: L9 administration on OS X

Kyle Jessup-2

On Oct 14, 2011, at 3:44 PM, Jussi Hirvi wrote:

> I just dropped a file to LassoStartup. It was not easy, because the user perms are tight:
>
> $ pwd
> /Library/Application Support/LassoSoft/Lasso Instance Manager/instances
>
> $ ls -l
> drwx------  11 _lasso  _lasso  374 14 Lok 19:33 default
>
> $ sudo ls -l default/
> Password:
> drwxr-xr-x   2 _lasso  _lasso    68 12 Lok 16:19 JDBCDrivers
> -rw-r--r--   1 _lasso  _lasso   247 14 Lok 19:33 JDBCLog.txt
> drwxr-xr-x   2 _lasso  _lasso    68 12 Lok 16:19 JavaLibraries
> drwxr-xr-x   3 _lasso  _lasso   102 12 Lok 16:19 LassoApps
> drwxr-xr-x   2 _lasso  _lasso    68 12 Lok 16:19 LassoModules
> dr-x------   3 _lasso  _lasso   102 14 Lok 19:32 LassoStartup
> drwx------  11 _lasso  _lasso   374 14 Lok 19:36 SQLiteDBs
> -rw-r-----   1 _lasso  _lasso  1015 14 Lok 19:33 lasso.out.txt
> srwxrwxrwx   1 _lasso  _lasso     0 14 Lok 19:33 lasso.proxy.sock
>
> I could not cd to LassoStartup even with sudo. I only could ls (with sudo), put the path together that way, and then mv the file there. Is there a better way? This may be OS X:s limitation, as it is to my knowledge not possible to be root.

You add an instance which runs as your user for easiest access (great for development).
But otherwise, yes you need permission to move files into that directory. You can be root on OS X.

-Kyle

> - Jussi
#############################################################
This message is sent to you because you are subscribed to
  the mailing list Lasso
[hidden email]
To unsubscribe, E-mail to: <[hidden email]>
Send administrative queries to  <[hidden email]>
Reply | Threaded
Open this post in threaded view
|

Re: L9 administration on OS X

Jussi Hirvi-2
On 14.10.2011 22.52, Kyle Jessup wrote:
> You add an instance which runs as your user for easiest access (great
> for development).

Ok, thanks for the tip.

> But otherwise, yes you need permission to move
> files into that directory. You can be root on OS X.

So I see. I never googled this root thing before.

http://support.apple.com/kb/ht1528

- Jussi
#############################################################
This message is sent to you because you are subscribed to
  the mailing list Lasso
[hidden email]
To unsubscribe, E-mail to: <[hidden email]>
Send administrative queries to  <[hidden email]>
Reply | Threaded
Open this post in threaded view
|

Re: L9 administration on OS X

Johan Solve
On Sat, Oct 15, 2011 at 8:53 AM, Jussi Hirvi <[hidden email]> wrote:
> On 14.10.2011 22.52, Kyle Jessup wrote:
>> But otherwise, yes you need permission to move
>> files into that directory. You can be root on OS X.
>
> So I see. I never googled this root thing before.
>
> http://support.apple.com/kb/ht1528

Simply sudo su. No need to enable root user.

--
Mvh
Johan Sölve
____________________________________
Montania System AB
Halmstad   Stockholm
http://www.montania.se

Johan Sölve
Mobil +46 709-51 55 70
[hidden email]

Kristinebergsvägen 17, S-302 41 Halmstad, Sweden
Telefon +46 35-136800 |  Fax +46 35-136801
#############################################################
This message is sent to you because you are subscribed to
  the mailing list Lasso
[hidden email]
To unsubscribe, E-mail to: <[hidden email]>
Send administrative queries to  <[hidden email]>
Reply | Threaded
Open this post in threaded view
|

Re: L9 administration on OS X

Jonathan Guthrie-3
I'd just like to point out that from a security standpoint it's better to start with tighter security and have to consciously relax it if you need to do so, rather than start with inherent insecurity and rely on people remembering to tighten it up if they so wish.

:)

On 2011-10-15, at 5:45 PM, Johan Solve wrote:

> On Sat, Oct 15, 2011 at 8:53 AM, Jussi Hirvi <[hidden email]> wrote:
>> On 14.10.2011 22.52, Kyle Jessup wrote:
>>> But otherwise, yes you need permission to move
>>> files into that directory. You can be root on OS X.
>>
>> So I see. I never googled this root thing before.
>>
>> http://support.apple.com/kb/ht1528
>
> Simply sudo su. No need to enable root user.

Jono

----------------------------
Jonathan Guthrie
[hidden email]
LassoSoft Inc.

#############################################################
This message is sent to you because you are subscribed to
  the mailing list Lasso
[hidden email]
To unsubscribe, E-mail to: <[hidden email]>
Send administrative queries to  <[hidden email]>
Reply | Threaded
Open this post in threaded view
|

Re: L9 administration on OS X

Jussi Hirvi-2
In reply to this post by Johan Solve
Jussi:
>> http://support.apple.com/kb/ht1528

On 16.10.2011 0.45, Johan Solve wrote:
> Simply sudo su. No need to enable root user.


Hei, that really works! I tried "su - root", but that did not work on OS X.

- Jussi
#############################################################
This message is sent to you because you are subscribed to
  the mailing list Lasso
[hidden email]
To unsubscribe, E-mail to: <[hidden email]>
Send administrative queries to  <[hidden email]>
Reply | Threaded
Open this post in threaded view
|

Re: L9 administration on OS X

John May-2
On 10/17/11 3:46 AM, Jussi Hirvi wrote:

> Jussi:
>>> http://support.apple.com/kb/ht1528
>
> On 16.10.2011 0.45, Johan Solve wrote:
>> Simply sudo su. No need to enable root user.
>
>
> Hei, that really works! I tried "su - root", but that did not work on OS X.
>
> - Jussi


As an aside, does anyone know if there is there any way to prevent an
admin user in OS X from being able to change the root password?

        - John

--

-------------------------------------------------------------------
John May : President                   http://www.pointinspace.com/
Point In Space Internet Solutions         800.664.8610 919.338.8198

         Professional FileMaker Pro, MySQL, PHP & Lasso Hosting
           on shared, virtual and hardware dedicated servers

#############################################################
This message is sent to you because you are subscribed to
  the mailing list Lasso
[hidden email]
To unsubscribe, E-mail to: <[hidden email]>
Send administrative queries to  <[hidden email]>
Reply | Threaded
Open this post in threaded view
|

Re: L9 administration on OS X

Brad Lindsay-2
On Oct 17, 2011, at 8:42 AM, John May wrote:

> On 10/17/11 3:46 AM, Jussi Hirvi wrote:
>> Jussi:
>>>> http://support.apple.com/kb/ht1528
>>
>> On 16.10.2011 0.45, Johan Solve wrote:
>>> Simply sudo su. No need to enable root user.
>>
>>
>> Hei, that really works! I tried "su - root", but that did not work on OS X.
>>
>> - Jussi
>
>
> As an aside, does anyone know if there is there any way to prevent an admin user in OS X from being able to change the root password?

Make them a standard user.

Brad

#############################################################
This message is sent to you because you are subscribed to
  the mailing list Lasso
[hidden email]
To unsubscribe, E-mail to: <[hidden email]>
Send administrative queries to  <[hidden email]>
Reply | Threaded
Open this post in threaded view
|

Re: L9 administration on OS X

John May-2
On 10/17/11 8:50 AM, Brad Lindsay wrote:

> On Oct 17, 2011, at 8:42 AM, John May wrote:
>
>> On 10/17/11 3:46 AM, Jussi Hirvi wrote:
>>> Jussi:
>>>>> http://support.apple.com/kb/ht1528
>>>
>>> On 16.10.2011 0.45, Johan Solve wrote:
>>>> Simply sudo su. No need to enable root user.
>>>
>>>
>>> Hei, that really works! I tried "su - root", but that did not
>>> work on OS X.
>>>
>>> - Jussi
>>
>>
>> As an aside, does anyone know if there is there any way to prevent
>> an admin user in OS X from being able to change the root password?
>
> Make them a standard user.
>
> Brad
>


Well, sure, but then they can't perform other admin tasks.

So, back to the original question - is there any way to prevent an admin
user in OS X from being able to change the root password?

        - John

--

-------------------------------------------------------------------
John May : President                   http://www.pointinspace.com/
Point In Space Internet Solutions         800.664.8610 919.338.8198

         Professional FileMaker Pro, MySQL, PHP & Lasso Hosting
           on shared, virtual and hardware dedicated servers

#############################################################
This message is sent to you because you are subscribed to
  the mailing list Lasso
[hidden email]
To unsubscribe, E-mail to: <[hidden email]>
Send administrative queries to  <[hidden email]>
Reply | Threaded
Open this post in threaded view
|

Re: L9 administration on OS X

Brad Lindsay-2
On Oct 17, 2011, at 9:22 AM, John May wrote:

> On 10/17/11 8:50 AM, Brad Lindsay wrote:
>> On Oct 17, 2011, at 8:42 AM, John May wrote:
>>
>>> On 10/17/11 3:46 AM, Jussi Hirvi wrote:
>>>> Jussi:
>>>>>> http://support.apple.com/kb/ht1528
>>>>
>>>> On 16.10.2011 0.45, Johan Solve wrote:
>>>>> Simply sudo su. No need to enable root user.
>>>>
>>>>
>>>> Hei, that really works! I tried "su - root", but that did not
>>>> work on OS X.
>>>>
>>>> - Jussi
>>>
>>>
>>> As an aside, does anyone know if there is there any way to prevent
>>> an admin user in OS X from being able to change the root password?
>>
>> Make them a standard user.
>
> Well, sure, but then they can't perform other admin tasks.
>
> So, back to the original question - is there any way to prevent an admin user in OS X from being able to change the root password?

Then no. An admin user is a user that can run any task as if they were the root user.


Brad

#############################################################
This message is sent to you because you are subscribed to
  the mailing list Lasso
[hidden email]
To unsubscribe, E-mail to: <[hidden email]>
Send administrative queries to  <[hidden email]>